diff options
author | Samuli Suominen <ssuominen@gentoo.org> | 2012-09-29 17:17:14 +0000 |
---|---|---|
committer | Samuli Suominen <ssuominen@gentoo.org> | 2012-09-29 17:17:14 +0000 |
commit | b9d50e955a928c25eb8c715776007b05defa3973 (patch) | |
tree | d25e3bd77cef9a2ac7231a116fa224c16af7cb98 /dev-libs/glib | |
parent | Remove old versions. (diff) | |
download | gentoo-2-b9d50e955a928c25eb8c715776007b05defa3973.tar.gz gentoo-2-b9d50e955a928c25eb8c715776007b05defa3973.tar.bz2 gentoo-2-b9d50e955a928c25eb8c715776007b05defa3973.zip |
Revision bump to import upstream patch for CVE-2012-3524 wrt #436028
(Portage version: 2.2.0_alpha128/cvs/Linux x86_64)
Diffstat (limited to 'dev-libs/glib')
-rw-r--r-- | dev-libs/glib/ChangeLog | 8 | ||||
-rw-r--r-- | dev-libs/glib/files/glib-2.32.4-CVE-2012-3524.patch | 247 | ||||
-rw-r--r-- | dev-libs/glib/glib-2.32.4-r1.ebuild | 236 |
3 files changed, 490 insertions, 1 deletions
diff --git a/dev-libs/glib/ChangeLog b/dev-libs/glib/ChangeLog index 151fc651e3f2..a1e01f030f03 100644 --- a/dev-libs/glib/ChangeLog +++ b/dev-libs/glib/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for dev-libs/glib # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/dev-libs/glib/ChangeLog,v 1.536 2012/09/28 18:54:44 tetromino Exp $ +# $Header: /var/cvsroot/gentoo-x86/dev-libs/glib/ChangeLog,v 1.537 2012/09/29 17:17:13 ssuominen Exp $ + +*glib-2.32.4-r1 (29 Sep 2012) + + 29 Sep 2012; Samuli Suominen <ssuominen@gentoo.org> +glib-2.32.4-r1.ebuild, + +files/glib-2.32.4-CVE-2012-3524.patch: + Revision bump to import upstream patch for CVE-2012-3524 wrt #436028 28 Sep 2012; Alexandre Rostovtsev <tetromino@gentoo.org> glib-2.34.0.ebuild: Really disable building tests when USE=-test (bug #436508, thanks to Jeff diff --git a/dev-libs/glib/files/glib-2.32.4-CVE-2012-3524.patch b/dev-libs/glib/files/glib-2.32.4-CVE-2012-3524.patch new file mode 100644 index 000000000000..92e6c8125e5b --- /dev/null +++ b/dev-libs/glib/files/glib-2.32.4-CVE-2012-3524.patch @@ -0,0 +1,247 @@ +From 4c2928a54482913cf236bff0e66650a8f47e17ea Mon Sep 17 00:00:00 2001 +From: Colin Walters <walters@verbum.org> +Date: Wed, 22 Aug 2012 18:26:11 +0000 +Subject: CVE-2012-3524: Hardening for being run in a setuid environment + +Some programs attempt to use libglib (or even libgio) when setuid. +For a long time, GTK+ simply aborted if launched in this +configuration, but we never had a real policy for GLib. + +I'm not sure whether we should advertise such support. However, given +that there are real-world programs that do this currently, we can make +them safer with not too much effort. + +Better to fix a problem caused by an interaction between two +components in *both* places if possible. + +This patch adds a private function g_check_setuid() which is used to +first ensure we don't run an external dbus-launch binary if +DBUS_SESSION_BUS_ADDRESS isn't set. + +Second, we also ensure the local VFS is used in this case. The +gdaemonvfs extension point will end up talking to the session bus +which is typically undesirable in a setuid context. + +Implementing g_check_setuid() is interesting - whether or not we're +running in a privilege-escalated path is operating system specific. +Note that GTK+'s code to check euid versus uid worked historically on +Unix, more modern systems have filesystem capabilities and SELinux +domain transitions, neither of which are captured by the uid +comparison. + +On Linux/glibc, the way this works is that the kernel sets an +AT_SECURE flag in the ELF auxiliary vector, and glibc looks for it on +startup. If found, then glibc sets a public-but-undocumented +__libc_enable_secure variable which we can use. Unfortunately, while +it *previously* worked to check this variable, a combination of newer +binutils and RPM break it: +http://www.openwall.com/lists/owl-dev/2012/08/14/1 + +So for now on Linux/glibc, we fall back to the historical Unix version +until we get glibc fixed. + +On some BSD variants, there is a issetugid() function. On other Unix +variants, we fall back to what GTK+ has been doing. + +Reported-By: Sebastian Krahmer <krahmer@suse.de> +Signed-off-by: Colin Walters <walters@verbum.org> +--- +diff --git a/configure.ac b/configure.ac +index 584df1d..67ea1a9 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -583,9 +583,20 @@ AC_TRY_COMPILE([#include <dirent.h>], [DIR *dir;], + # Checks for library functions. + AC_FUNC_VPRINTF + AC_FUNC_ALLOCA +-AC_CHECK_FUNCS(mmap posix_memalign memalign valloc fsync pipe2) ++AC_CHECK_FUNCS(mmap posix_memalign memalign valloc fsync pipe2 issetugid) + AC_CHECK_FUNCS(atexit on_exit timegm gmtime_r) + ++AC_CACHE_CHECK([for __libc_enable_secure], glib_cv_have_libc_enable_secure, ++ [AC_TRY_LINK([#include <unistd.h> ++ extern int __libc_enable_secure;], ++ [return __libc_enable_secure;], ++ glib_cv_have_libc_enable_secure=yes, ++ glib_cv_have_libc_enable_secure=no)]) ++AS_IF([test x$glib_cv_have_libc_enable_secure = xyes], [ ++ AC_DEFINE(HAVE_LIBC_ENABLE_SECURE, 1, ++ [Define if you have the __libc_enable_secure variable (GNU libc, eglibc)]) ++]) ++ + AC_CHECK_SIZEOF(char) + AC_CHECK_SIZEOF(short) + AC_CHECK_SIZEOF(long) +@@ -984,7 +995,7 @@ AC_MSG_RESULT(unsigned $glib_size_type) + + # Check for some functions + AC_CHECK_FUNCS(lstat strerror strsignal memmove vsnprintf stpcpy strcasecmp strncasecmp poll getcwd vasprintf setenv unsetenv getc_unlocked readlink symlink fdwalk memmem) +-AC_CHECK_FUNCS(chown lchmod lchown fchmod fchown link utimes getgrgid getpwuid) ++AC_CHECK_FUNCS(chown lchmod lchown fchmod fchown link utimes getgrgid getpwuid getresuid) + AC_CHECK_FUNCS(getmntent_r setmntent endmntent hasmntopt getfsstat getvfsstat) + # Check for high-resolution sleep functions + AC_CHECK_FUNCS(splice) +diff --git a/gio/gdbusaddress.c b/gio/gdbusaddress.c +index 4aa13b9..96b6343 100644 +--- a/gio/gdbusaddress.c ++++ b/gio/gdbusaddress.c +@@ -37,6 +37,7 @@ + #include "giostream.h" + #include "gasyncresult.h" + #include "gsimpleasyncresult.h" ++#include "glib-private.h" + #include "gdbusprivate.h" + #include "giomodule-priv.h" + #include "gdbusdaemon.h" +@@ -1023,6 +1024,14 @@ get_session_address_dbus_launch (GError **error) + restore_dbus_verbose = FALSE; + old_dbus_verbose = NULL; + ++ /* Don't run binaries as root if we're setuid. */ ++ if (GLIB_PRIVATE_CALL (g_check_setuid) ()) ++ { ++ g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED, ++ _("Cannot spawn a message bus when setuid")); ++ goto out; ++ } ++ + machine_id = _g_dbus_get_machine_id (error); + if (machine_id == NULL) + { +diff --git a/gio/gvfs.c b/gio/gvfs.c +index dda8afb..9afbcec 100644 +--- a/gio/gvfs.c ++++ b/gio/gvfs.c +@@ -23,6 +23,7 @@ + #include "config.h" + #include <string.h> + #include "gvfs.h" ++#include "glib-private.h" + #include "glocalvfs.h" + #include "gresourcefile.h" + #include "giomodule-priv.h" +@@ -191,6 +192,8 @@ g_vfs_parse_name (GVfs *vfs, + GVfs * + g_vfs_get_default (void) + { ++ if (GLIB_PRIVATE_CALL (g_check_setuid) ()) ++ return g_vfs_get_local (); + return _g_io_module_get_default (G_VFS_EXTENSION_POINT_NAME, + "GIO_USE_VFS", + (GIOModuleVerifyFunc)g_vfs_is_active); +diff --git a/glib/genviron.c b/glib/genviron.c +index 59a8bbe..9525cf0 100644 +--- a/glib/genviron.c ++++ b/glib/genviron.c +@@ -40,6 +40,7 @@ + #include <windows.h> + #endif + ++#include "glib-private.h" + #include "gmem.h" + #include "gmessages.h" + #include "gstrfuncs.h" +diff --git a/glib/glib-private.c b/glib/glib-private.c +index 3946e77..3506782 100644 +--- a/glib/glib-private.c ++++ b/glib/glib-private.c +@@ -38,7 +38,9 @@ glib__private__ (void) + g_wakeup_signal, + g_wakeup_acknowledge, + +- g_get_worker_context ++ g_get_worker_context, ++ ++ g_check_setuid + }; + + return &table; +diff --git a/glib/glib-private.h b/glib/glib-private.h +index fde0be8..87da6f3 100644 +--- a/glib/glib-private.h ++++ b/glib/glib-private.h +@@ -25,6 +25,8 @@ + + G_GNUC_INTERNAL + GMainContext * g_get_worker_context (void); ++G_GNUC_INTERNAL ++gboolean g_check_setuid (void); + + #define GLIB_PRIVATE_CALL(symbol) (glib__private__()->symbol) + +@@ -40,6 +42,8 @@ typedef struct { + /* See gmain.c */ + GMainContext * (* g_get_worker_context) (void); + /* Add other private functions here, initialize them in glib-private.c */ ++ ++ gboolean (* g_check_setuid) (void); + } GLibPrivateVTable; + + GLibPrivateVTable *glib__private__ (void); +diff --git a/glib/gutils.c b/glib/gutils.c +index 38b5e44..f8a38d1 100644 +--- a/glib/gutils.c ++++ b/glib/gutils.c +@@ -2409,3 +2409,60 @@ g_get_tmp_dir (void) + } + + #endif ++ ++/* Private API: ++ * ++ * Returns %TRUE if the current process was executed as setuid (or an ++ * equivalent __libc_enable_secure is available). See: ++ * http://osdir.com/ml/linux.lfs.hardened/2007-04/msg00032.html ++ */ ++gboolean ++g_check_setuid (void) ++{ ++ /* TODO: get __libc_enable_secure exported from glibc. ++ * See http://www.openwall.com/lists/owl-dev/2012/08/14/1 ++ */ ++#if 0 && defined(HAVE_LIBC_ENABLE_SECURE) ++ { ++ /* See glibc/include/unistd.h */ ++ extern int __libc_enable_secure; ++ return __libc_enable_secure; ++ } ++#elif defined(HAVE_ISSETUGID) ++ /* BSD: http://www.freebsd.org/cgi/man.cgi?query=issetugid&sektion=2 */ ++ return issetugid (); ++#elif defined(G_OS_UNIX) ++ uid_t ruid, euid, suid; /* Real, effective and saved user ID's */ ++ gid_t rgid, egid, sgid; /* Real, effective and saved group ID's */ ++ ++ static gsize check_setuid_initialised; ++ static gboolean is_setuid; ++ ++ if (g_once_init_enter (&check_setuid_initialised)) ++ { ++#ifdef HAVE_GETRESUID ++ /* These aren't in the header files, so we prototype them here. ++ */ ++ int getresuid(uid_t *ruid, uid_t *euid, uid_t *suid); ++ int getresgid(gid_t *rgid, gid_t *egid, gid_t *sgid); ++ ++ if (getresuid (&ruid, &euid, &suid) != 0 || ++ getresgid (&rgid, &egid, &sgid) != 0) ++#endif /* HAVE_GETRESUID */ ++ { ++ suid = ruid = getuid (); ++ sgid = rgid = getgid (); ++ euid = geteuid (); ++ egid = getegid (); ++ } ++ ++ is_setuid = (ruid != euid || ruid != suid || ++ rgid != egid || rgid != sgid); ++ ++ g_once_init_leave (&check_setuid_initialised, 1); ++ } ++ return is_setuid; ++#else ++ return FALSE; ++#endif ++} +-- +cgit v0.9.0.2 diff --git a/dev-libs/glib/glib-2.32.4-r1.ebuild b/dev-libs/glib/glib-2.32.4-r1.ebuild new file mode 100644 index 000000000000..3f7a0814ba77 --- /dev/null +++ b/dev-libs/glib/glib-2.32.4-r1.ebuild @@ -0,0 +1,236 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/dev-libs/glib/glib-2.32.4-r1.ebuild,v 1.1 2012/09/29 17:17:13 ssuominen Exp $ + +EAPI="4" +PYTHON_DEPEND="utils? 2" +# Avoid runtime dependency on python when USE=test + +inherit autotools gnome.org libtool eutils flag-o-matic gnome2-utils multilib pax-utils python toolchain-funcs virtualx linux-info + +DESCRIPTION="The GLib library of C routines" +HOMEPAGE="http://www.gtk.org/" +SRC_URI="${SRC_URI} + http://dev.gentoo.org/~tetromino/distfiles/glib/${P}-AS_IF-patches.tar.xz + http://pkgconfig.freedesktop.org/releases/pkg-config-0.26.tar.gz" # pkg.m4 for eautoreconf + +LICENSE="LGPL-2+" +SLOT="2" +IUSE="debug doc fam kernel_linux selinux static-libs systemtap test utils xattr" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~x86-linux" + +RDEPEND="virtual/libiconv + virtual/libffi + sys-libs/zlib + || ( + >=dev-libs/elfutils-0.142 + >=dev-libs/libelf-0.8.12 ) + xattr? ( sys-apps/attr ) + fam? ( virtual/fam ) + utils? ( >=dev-util/gdbus-codegen-${PV} )" +DEPEND="${RDEPEND} + >=sys-devel/gettext-0.11 + >=dev-util/gtk-doc-am-1.15 + doc? ( + >=dev-libs/libxslt-1.0 + >=dev-util/gdbus-codegen-${PV} + >=dev-util/gtk-doc-1.15 + ~app-text/docbook-xml-dtd-4.1.2 ) + systemtap? ( >=dev-util/systemtap-1.3 ) + test? ( + sys-devel/gdb + =dev-lang/python-2* + >=dev-util/gdbus-codegen-${PV} + >=sys-apps/dbus-1.2.14 ) + !<dev-util/gtk-doc-1.15-r2" +PDEPEND="x11-misc/shared-mime-info + !<gnome-base/gvfs-1.6.4-r990" +# shared-mime-info needed for gio/xdgmime, bug #409481 +# Earlier versions of gvfs do not work with glib + +pkg_setup() { + # Needed for gio/tests/gdbus-testserver.py + if use test ; then + python_set_active_version 2 + python_pkg_setup + fi + + if use kernel_linux ; then + CONFIG_CHECK="~INOTIFY_USER" + linux-info_pkg_setup + fi +} + +src_prepare() { + epatch "${FILESDIR}"/${P}-CVE-2012-3524.patch + + mv -f "${WORKDIR}"/pkg-config-*/pkg.m4 "${WORKDIR}"/ || die + + # Fix gmodule issues on fbsd; bug #184301 + epatch "${FILESDIR}"/${PN}-2.12.12-fbsd.patch + + # need to build tests if USE=doc for bug #387385 + if ! use test && ! use doc; then + # don't waste time building tests + sed 's/^\(.*\SUBDIRS .*\=.*\)tests\(.*\)$/\1\2/' -i $(find . -name Makefile.am -o -name Makefile.in) || die + else + # Do not try to remove files on live filesystem, upstream bug #619274 + sed 's:^\(.*"/desktop-app-info/delete".*\):/*\1*/:' \ + -i "${S}"/gio/tests/desktop-app-info.c || die "sed failed" + + # Disable tests requiring dev-util/desktop-file-utils when not installed, bug #286629 + if ! has_version dev-util/desktop-file-utils ; then + ewarn "Some tests will be skipped due dev-util/desktop-file-utils not being present on your system," + ewarn "think on installing it to get these tests run." + sed -i -e "/appinfo\/associations/d" gio/tests/appinfo.c || die + sed -i -e "/desktop-app-info\/default/d" gio/tests/desktop-app-info.c || die + sed -i -e "/desktop-app-info\/fallback/d" gio/tests/desktop-app-info.c || die + sed -i -e "/desktop-app-info\/lastused/d" gio/tests/desktop-app-info.c || die + fi + + # Disable tests requiring dbus-python and pygobject; bugs #349236, #377549, #384853 + if ! has_version dev-python/dbus-python || ! has_version 'dev-python/pygobject:2' ; then + ewarn "Some tests will be skipped due to dev-python/dbus-python or dev-python/pygobject:2" + ewarn "not being present on your system, think on installing them to get these tests run." + sed -i -e "/connection\/filter/d" gio/tests/gdbus-connection.c || die + sed -i -e "/connection\/large_message/d" gio/tests/gdbus-connection-slow.c || die + sed -i -e "/gdbus\/proxy/d" gio/tests/gdbus-proxy.c || die + sed -i -e "/gdbus\/proxy-well-known-name/d" gio/tests/gdbus-proxy-well-known-name.c || die + sed -i -e "/gdbus\/introspection-parser/d" gio/tests/gdbus-introspection.c || die + sed -i -e "/g_test_add_func/d" gio/tests/gdbus-threading.c || die + sed -i -e "/gdbus\/method-calls-in-thread/d" gio/tests/gdbus-threading.c || die + # needed to prevent gdbus-threading from asserting + ln -sfn $(type -P true) gio/tests/gdbus-testserver.py + fi + fi + + # gdbus-codegen is a separate package + epatch "${FILESDIR}/${PN}-2.31.x-external-gdbus-codegen.patch" + + # bashcomp goes in /usr/share/bash-completion + epatch "${FILESDIR}/${PN}-2.32.4-bashcomp.patch" + + # AS_IF fixes from 2.33.x, needed for cross-compiling, bug #434770 + epatch ../AS_IF-patches/*.patch + + # disable pyc compiling + use test && python_clean_py-compile_files + + # Needed for the punt-python-check patch, disabling timeout test + # Also needed to prevent croscompile failures, see bug #267603 + # Also needed for the no-gdbus-codegen patch + AT_M4DIR="${WORKDIR}" eautoreconf + + [[ ${CHOST} == *-freebsd* ]] && elibtoolize + + epunt_cxx +} + +src_configure() { + # Avoid circular depend with dev-util/pkgconfig and + # native builds (cross-compiles won't need pkg-config + # in the target ROOT to work here) + if ! tc-is-cross-compiler && ! $(tc-getPKG_CONFIG) --version >& /dev/null; then + if has_version sys-apps/dbus; then + export DBUS1_CFLAGS="-I/usr/include/dbus-1.0 -I/usr/$(get_libdir)/dbus-1.0/include" + export DBUS1_LIBS="-ldbus-1" + fi + export LIBFFI_CFLAGS="-I$(echo /usr/$(get_libdir)/libffi-*/include)" + export LIBFFI_LIBS="-lffi" + fi + + local myconf + + # Building with --disable-debug highly unrecommended. It will build glib in + # an unusable form as it disables some commonly used API. Please do not + # convert this to the use_enable form, as it results in a broken build. + # -- compnerd (3/27/06) + use debug && myconf="--enable-debug" + + # Always use internal libpcre, bug #254659 + econf ${myconf} \ + $(use_enable xattr) \ + $(use_enable doc man) \ + $(use_enable doc gtk-doc) \ + $(use_enable fam) \ + $(use_enable selinux) \ + $(use_enable static-libs static) \ + $(use_enable systemtap dtrace) \ + $(use_enable systemtap systemtap) \ + --with-pcre=internal \ + --with-threads=posix +} + +src_install() { + local f + + # install-exec-hook substitutes ${PYTHON} in glib/gtester-report + emake DESTDIR="${D}" PYTHON="${EPREFIX}/usr/bin/python2" install + + if ! use utils; then + rm "${ED}usr/bin/gtester-report" + fi + + # Do not install charset.alias even if generated, leave it to libiconv + rm -f "${ED}/usr/lib/charset.alias" + + # Don't install gdb python macros, bug 291328 + rm -rf "${ED}/usr/share/gdb/" "${ED}/usr/share/glib-2.0/gdb/" + + dodoc AUTHORS ChangeLog* NEWS* README + + # Completely useless with or without USE static-libs, people need to use + # pkg-config + find "${D}" -name '*.la' -exec rm -f {} + +} + +src_test() { + gnome2_environment_reset + + unset DBUS_SESSION_BUS_ADDRESS + export XDG_CONFIG_DIRS=/etc/xdg + export XDG_DATA_DIRS=/usr/local/share:/usr/share + export G_DBUS_COOKIE_SHA1_KEYRING_DIR="${T}/temp" + unset GSETTINGS_BACKEND # bug 352451 + export LC_TIME=C # bug #411967 + + # Related test is a bit nitpicking + mkdir "$G_DBUS_COOKIE_SHA1_KEYRING_DIR" + chmod 0700 "$G_DBUS_COOKIE_SHA1_KEYRING_DIR" + + # Hardened: gdb needs this, bug #338891 + if host-is-pax ; then + pax-mark -mr "${S}"/tests/.libs/assert-msg-test \ + || die "Hardened adjustment failed" + fi + + # Need X for dbus-launch session X11 initialization + Xemake check +} + +pkg_preinst() { + # Only give the introspection message if: + # * The user has gobject-introspection + # * Has glib already installed + # * Previous version was different from new version + if has_version "dev-libs/gobject-introspection" && ! has_version "=${CATEGORY}/${PF}"; then + ewarn "You must rebuild gobject-introspection so that the installed" + ewarn "typelibs and girs are regenerated for the new APIs in glib" + fi +} + +pkg_postinst() { + # Inform users about possible breakage when updating glib and not dbus-glib, bug #297483 + if has_version dev-libs/dbus-glib; then + ewarn "If you experience a breakage after updating dev-libs/glib try" + ewarn "rebuilding dev-libs/dbus-glib" + fi + + if has_version '<x11-libs/gtk+-3.0.12:3'; then + # To have a clear upgrade path for gtk+-3.0.x users, have to resort to + # a warning instead of a blocker + ewarn + ewarn "Using <gtk+-3.0.12:3 with ${P} results in frequent crashes." + ewarn "You should upgrade to a newer version of gtk+:3 immediately." + fi +} |