diff options
| author |   Mike Frysinger <vapier@gentoo.org> | 2005-09-13 23:56:28 +0000 |
|---|---|---|
| committer | Mike Frysinger <vapier@gentoo.org> | 2005-09-13 23:56:28 +0000 |
| commit | c626a5f380851db60b95419ad4141f0935fb7501 (patch) | |
| tree | 1ec80b8239b9de0c4a354e01d2b32bc2b1f82f9d /sys-apps/util-linux | |
| parent | old (diff) | |
| download | historical-c626a5f380851db60b95419ad4141f0935fb7501.tar.gz historical-c626a5f380851db60b95419ad4141f0935fb7501.tar.bz2 historical-c626a5f380851db60b95419ad4141f0935fb7501.zip | |
Fix small security issue with umount and remount #105805.
Package-Manager: portage-2.0.51.22-r2
Diffstat (limited to 'sys-apps/util-linux')
| -rw-r--r-- | sys-apps/util-linux/ChangeLog | 7 | ||||
| -rw-r--r-- | sys-apps/util-linux/Manifest | 51 | ||||
| -rw-r--r-- | sys-apps/util-linux/files/util-linux-2.12-only-root-can-remount.patch | 11 | ||||
| -rw-r--r-- | sys-apps/util-linux/util-linux-2.12i-r1.ebuild | 5 | ||||
| -rw-r--r-- | sys-apps/util-linux/util-linux-2.12q-r2.ebuild | 47 |
5 files changed, 72 insertions, 49 deletions
diff --git a/sys-apps/util-linux/ChangeLog b/sys-apps/util-linux/ChangeLog index 9d9a76d2e2d5..af5b78990b4e 100644 --- a/sys-apps/util-linux/ChangeLog +++ b/sys-apps/util-linux/ChangeLog @@ -1,6 +1,11 @@ # ChangeLog for sys-apps/util-linux # Copyright 1999-2005 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-apps/util-linux/ChangeLog,v 1.109 2005/09/13 14:09:37 azarah Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-apps/util-linux/ChangeLog,v 1.110 2005/09/13 23:56:28 vapier Exp $ + + 13 Sep 2005; Mike Frysinger <vapier@gentoo.org> + +files/util-linux-2.12-only-root-can-remount.patch, + util-linux-2.12i-r1.ebuild, util-linux-2.12q-r2.ebuild: + Fix small security issue with umount and remount #105805. *util-linux-2.12q-r2 (13 Sep 2005) diff --git a/sys-apps/util-linux/Manifest b/sys-apps/util-linux/Manifest index 19fcf2e4aeea..d5071951f80d 100644 --- a/sys-apps/util-linux/Manifest +++ b/sys-apps/util-linux/Manifest @@ -1,45 +1,44 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 -MD5 af4d9067188d2b9be9ff65f0a2482a1f util-linux-2.12i-r1.ebuild 3846 -MD5 0b33f0ea7ff6a0de1ed36443ab1636c6 ChangeLog 18575 -MD5 3539732064102ec9896b7ae3b90e8e99 util-linux-2.12p-r1.ebuild 4396 -MD5 d6ba8b2f510bf2b52c0ddc096a1bc720 util-linux-2.12q-r2.ebuild 5127 -MD5 9a09f8d531c582e78977dbfd96edc1f2 metadata.xml 164 MD5 40353e338343ed2b6a8f23259c881e49 util-linux-2.12q.ebuild 4785 -MD5 e8c2796a3427138ca8a09a69db357a1f files/util-linux-2.12q-update-mtab-when-moving.patch 1031 +MD5 9a09f8d531c582e78977dbfd96edc1f2 metadata.xml 164 +MD5 5497e9050dc8cde95a0e015edcd59c81 util-linux-2.12i-r1.ebuild 3960 +MD5 7b72b4f6e03a9ff3f8b22d19ab70146e util-linux-2.12q-r2.ebuild 5462 +MD5 8b1e95795afacd2efcb617ab782897b8 ChangeLog 18798 MD5 519d6757067c4ee7c634c8b60f9abeb3 files/util-linux-2.12p-swapon-check-symlinks.patch 864 +MD5 e3697bc8fd6a344e8cba1c7d32e34790 files/util-linux-2.11z-parallel-make.patch 369 +MD5 28b1a8ed38823851eafadacef8ce11ec files/util-linux-2.12q-no-m68k-fdisk.patch 239 +MD5 33ddd96078cf91030b80f73eb70f5371 files/util-linux-2.12i-swapon-check-symlinks.patch 875 +MD5 8d4f1146f0699deb1e6872e1c81293e3 files/util-linux-2.12-selinux.diff.bz2 2558 +MD5 e8c2796a3427138ca8a09a69db357a1f files/util-linux-2.12q-update-mtab-when-moving.patch 1031 MD5 65f42fbf981464410f7d5d84a429e920 files/util-linux-no-kill.patch 642 -MD5 c9c2c92d7bba0652f22b638127c2107e files/util-linux-2.12i-pic.patch 2457 +MD5 a43d2b8c70c5f40a195721dc536abace files/util-linux-2.12-swapon-unistd.patch 289 +MD5 a33ff00c09f558d4273360a581880c23 files/digest-util-linux-2.12q-r2 292 MD5 570b9b148cbb60ec16de30940990ab53 files/util-linux-2.12q-i18n-update.patch 344 MD5 73c0cb6f9aa5fa84e701fc68d0478aac files/util-linux-2.12i-nfsv4.patch 12854 -MD5 7d35ae646b52391076f7a329af8265bc files/util-linux-2.11z-agetty-domainname-option.patch 1810 +MD5 9d4c2454a6506ec913d901830ab06a22 files/util-linux-2.12-only-root-can-remount.patch 294 MD5 4460875a6ebcf24a7ca5b41ed12f9fe5 files/util-linux-2.12-gcloop.patch 3806 -MD5 33ddd96078cf91030b80f73eb70f5371 files/util-linux-2.12i-swapon-check-symlinks.patch 875 +MD5 e2d566b683bb1b9b1c3e127b2bbd258b files/digest-util-linux-2.12q 294 +MD5 bc90959c4718e7dc5d53dcddac1172f5 files/util-linux-2.12q-debian-10cfdisk.patch 1888 MD5 0be8df03dae23c81a0e929e58a4114e0 files/util-linux-2.11z-01-nfsv4.dif 13442 MD5 99fa2ff2cb56217b6971e76e275923f9 files/util-linux-2.12q-more-fake-checks-v2.patch 1176 -MD5 d927611f34139a40f1fc9f4162c61f8a files/util-linux-2.12-kernel-2.6.patch 2964 -MD5 a9bc06c292401d6f2d27e8e4ebf7e6ae files/util-linux-2.12i-fat-LABEL-support.patch 2304 -MD5 8d4f1146f0699deb1e6872e1c81293e3 files/util-linux-2.12-selinux.diff.bz2 2558 -MD5 bc90959c4718e7dc5d53dcddac1172f5 files/util-linux-2.12q-debian-10cfdisk.patch 1888 +MD5 7ce604460c5607e6eb5d894b6c8b2064 files/util-linux-2.12-fat-LABEL-support.patch 11583 +MD5 7d35ae646b52391076f7a329af8265bc files/util-linux-2.11z-agetty-domainname-option.patch 1810 +MD5 c9c2c92d7bba0652f22b638127c2107e files/util-linux-2.12i-pic.patch 2457 MD5 6aa1c240dd789327ea92e36309052950 files/no-symlink-resolve.patch 316 -MD5 28b1a8ed38823851eafadacef8ce11ec files/util-linux-2.12q-no-m68k-fdisk.patch 239 -MD5 d448f3b1b3ea21db4c2c4f303b48c1c8 files/digest-util-linux-2.12p-r1 294 -MD5 a33ff00c09f558d4273360a581880c23 files/digest-util-linux-2.12q-r2 292 +MD5 d20405e12353610b3ef8fbc2e1d57f2a files/crypto-loop.initd 1625 +MD5 61beee95fb4696a6af11ffb84ddb055c files/util-linux-2.12i-ignore-managed.patch 506 +MD5 a9bc06c292401d6f2d27e8e4ebf7e6ae files/util-linux-2.12i-fat-LABEL-support.patch 2304 MD5 18371db840b08f5782e3f8f96c4efe8d files/util-linux-2.11z-pic.patch 3056 -MD5 7ce604460c5607e6eb5d894b6c8b2064 files/util-linux-2.12-fat-LABEL-support.patch 11583 +MD5 d927611f34139a40f1fc9f4162c61f8a files/util-linux-2.12-kernel-2.6.patch 2964 +MD5 0b95e856fd2f375270cf2ec4eaa69c8a files/crypto-loop.confd 505 MD5 b360252f16d707f668b605d7a2abb791 files/util-linux-2.12q-dont-umask.patch 439 MD5 cfa3960fd97ca16c85b0d1b87e6ba226 files/digest-util-linux-2.12i-r1 156 -MD5 61beee95fb4696a6af11ffb84ddb055c files/util-linux-2.12i-ignore-managed.patch 506 -MD5 e2d566b683bb1b9b1c3e127b2bbd258b files/digest-util-linux-2.12q 294 -MD5 a43d2b8c70c5f40a195721dc536abace files/util-linux-2.12-swapon-unistd.patch 289 -MD5 e3697bc8fd6a344e8cba1c7d32e34790 files/util-linux-2.11z-parallel-make.patch 369 -MD5 0b95e856fd2f375270cf2ec4eaa69c8a files/crypto-loop.confd 505 -MD5 d20405e12353610b3ef8fbc2e1d57f2a files/crypto-loop.initd 1625 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) -iD8DBQFDJt351ZcsMnZjRyIRAjyDAJ9WikfX3Z+6oLhtmzAsFZSQ9hu7SwCdFitp -0QdO2/72E8NSwGZj27Zw8VU= -=bbms +iD8DBQFDJ2c9gIKl8Uu19MoRAp9FAJ9VJF3v1D6PR3o2z2pbJZ54gy58cwCeNy46 +p4Tsjisbpa8ACCyrDjb0rAs= +=muRA -----END PGP SIGNATURE----- diff --git a/sys-apps/util-linux/files/util-linux-2.12-only-root-can-remount.patch b/sys-apps/util-linux/files/util-linux-2.12-only-root-can-remount.patch new file mode 100644 index 000000000000..2a1d44cd4883 --- /dev/null +++ b/sys-apps/util-linux/files/util-linux-2.12-only-root-can-remount.patch @@ -0,0 +1,11 @@ +--- util-linux-2.13-pre2/mount/umount.c ++++ util-linux-2.13-pre3/mount/umount.c +@@ -707,7 +707,7 @@ + + if (getuid () != geteuid ()) { + suid = 1; +- if (all || types || nomtab || force) ++ if (all || types || nomtab || force || remount) + die (2, _("umount: only root can do that")); + } + diff --git a/sys-apps/util-linux/util-linux-2.12i-r1.ebuild b/sys-apps/util-linux/util-linux-2.12i-r1.ebuild index 28c3d9a0a2ed..31d3ba2513e2 100644 --- a/sys-apps/util-linux/util-linux-2.12i-r1.ebuild +++ b/sys-apps/util-linux/util-linux-2.12i-r1.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2005 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-apps/util-linux/util-linux-2.12i-r1.ebuild,v 1.16 2005/08/16 22:09:49 vapier Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-apps/util-linux/util-linux-2.12i-r1.ebuild,v 1.17 2005/09/13 23:56:28 vapier Exp $ inherit eutils flag-o-matic toolchain-funcs @@ -42,6 +42,9 @@ src_unpack() { # Fix rare failures with -j4 or higher epatch ${FILESDIR}/${PN}-2.11z-parallel-make.patch + # Disable the -r option for non-root users #105805 + epatch "${FILESDIR}"/${PN}-2.12-only-root-can-remount.patch + # Fix unreadable df output [[ -e /dev/.devfsd ]] && epatch ${FILESDIR}/no-symlink-resolve.patch diff --git a/sys-apps/util-linux/util-linux-2.12q-r2.ebuild b/sys-apps/util-linux/util-linux-2.12q-r2.ebuild index 08e90297de03..ea006f95b880 100644 --- a/sys-apps/util-linux/util-linux-2.12q-r2.ebuild +++ b/sys-apps/util-linux/util-linux-2.12q-r2.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2005 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-apps/util-linux/util-linux-2.12q-r2.ebuild,v 1.1 2005/09/13 14:04:42 azarah Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-apps/util-linux/util-linux-2.12q-r2.ebuild,v 1.2 2005/09/13 23:56:28 vapier Exp $ inherit eutils flag-o-matic toolchain-funcs @@ -39,8 +39,10 @@ src_unpack() { # Old crypt support if use old-crypt ; then - cd ${OLD_CRYPT_P} - epatch ${WORKDIR}/util-linux-${OLD_CRYPT_VER}-cryptoapi-losetup.patch + cd "${OLD_CRYPT_P}" + ewarn "You should update your system as USE=old-crypt" + ewarn "support will be dropped in future versions." + epatch "${WORKDIR}"/util-linux-${OLD_CRYPT_VER}-cryptoapi-losetup.patch fi cd "${S}" @@ -49,50 +51,53 @@ src_unpack() { use crypt && epatch "${WORKDIR}"/loop-AES-v${LOOP_AES_VER}/${P}.diff # Fix rare failures with -j4 or higher - epatch ${FILESDIR}/${PN}-2.11z-parallel-make.patch + epatch "${FILESDIR}"/${PN}-2.11z-parallel-make.patch # Fix -f usage with -a and in general - epatch ${FILESDIR}/${PN}-2.12q-more-fake-checks-v2.patch + epatch "${FILESDIR}"/${PN}-2.12q-more-fake-checks-v2.patch - # Fix mtab updates with `mount --move /foo /bar` - epatch ${FILESDIR}/${PN}-2.12q-update-mtab-when-moving.patch + # Fix mtab updates with `mount --move /foo /bar` #104697 + epatch "${FILESDIR}"/${PN}-2.12q-update-mtab-when-moving.patch + + # Disable the -r option for non-root users #105805 + epatch "${FILESDIR}"/${PN}-2.12-only-root-can-remount.patch # Fix unreadable df output when using devfs ... this check is kind of # a hack, but whatever, the output isnt critical at all :P - [[ -e /dev/.devfsd ]] && epatch ${FILESDIR}/no-symlink-resolve.patch + [[ -e /dev/.devfsd ]] && epatch "${FILESDIR}"/no-symlink-resolve.patch # Add the O option to agetty to display DNS domainname in the issue # file, thanks to Marius Mauch <genone@genone.de>, bug #22275. # # NOTE: Removing this will break future baselayout, so PLEASE # consult with me before doing so. - # - # <azarah@gentoo.org> (17 Jul 2003) - epatch ${FILESDIR}/${PN}-2.11z-agetty-domainname-option.patch + epatch "${FILESDIR}"/${PN}-2.11z-agetty-domainname-option.patch # Fix french translation typo #75693 - epatch ${FILESDIR}/${P}-i18n-update.patch + epatch "${FILESDIR}"/${P}-i18n-update.patch # Add NFS4 support (kernel 2.5/2.6) - epatch ${FILESDIR}/${PN}-2.12i-nfsv4.patch + epatch "${FILESDIR}"/${PN}-2.12i-nfsv4.patch # ignore managed/kudzu options #70873 - epatch ${FILESDIR}/${PN}-2.12i-ignore-managed.patch + epatch "${FILESDIR}"/${PN}-2.12i-ignore-managed.patch # Allow util-linux to be built with -fPIC - epatch ${FILESDIR}/${PN}-2.12i-pic.patch + # XXX: this needs to be punted as the error is in the + # syscall macro which is part of linux-headers + epatch "${FILESDIR}"/${PN}-2.12i-pic.patch # swapon gets confused by symlinks in /dev #69162 - epatch ${FILESDIR}/${PN}-2.12p-swapon-check-symlinks.patch + epatch "${FILESDIR}"/${PN}-2.12p-swapon-check-symlinks.patch # fix simple buffer overflow (from Debian) - epatch ${FILESDIR}/${PN}-2.12q-debian-10cfdisk.patch + epatch "${FILESDIR}"/${PN}-2.12q-debian-10cfdisk.patch # don't build fdisk on m68k - epatch ${FILESDIR}/${PN}-2.12q-no-m68k-fdisk.patch + epatch "${FILESDIR}"/${PN}-2.12q-no-m68k-fdisk.patch # don't force umask to 022 #93671 - epatch ${FILESDIR}/${PN}-2.12q-dont-umask.patch + epatch "${FILESDIR}"/${PN}-2.12q-dont-umask.patch # Enable random features local mconfigs="MCONFIG" @@ -123,7 +128,7 @@ src_compile() { emake CFLAGS="${CFLAGS}" || die "make partx failed" if use old-crypt ; then - cd ${OLD_CRYPT_P} + cd "${OLD_CRYPT_P}" econf || die "old configure failed" emake -C lib || die "old lib failed" emake -C mount losetup mount || die "old make failed" @@ -147,7 +152,7 @@ src_install() { dodoc example.files/* if use old-crypt ; then - cd ${OLD_CRYPT_P}/mount + cd "${OLD_CRYPT_P}"/mount into / newsbin mount mount-old-crypt || die newsbin losetup losetup-old-crypt || die |