1 |
commit: 7f59a94c88c938260171d6b5327ea8ae79a032c1 |
2 |
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org> |
3 |
AuthorDate: Tue Nov 24 16:25:56 2015 +0000 |
4 |
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org> |
5 |
CommitDate: Tue Nov 24 16:26:09 2015 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7f59a94c |
7 |
|
8 |
sys-apps/systemd: Backport fix for CVE-2015-7510 |
9 |
|
10 |
Bug: https://bugs.gentoo.org/566716 |
11 |
|
12 |
Package-Manager: portage-2.2.25_p7 |
13 |
|
14 |
sys-apps/systemd/files/CVE-2015-7510.patch | 37 ++++++++++++++++++++++ |
15 |
...systemd-226-r1.ebuild => systemd-226-r2.ebuild} | 1 + |
16 |
.../{systemd-228.ebuild => systemd-228-r1.ebuild} | 1 + |
17 |
3 files changed, 39 insertions(+) |
18 |
|
19 |
diff --git a/sys-apps/systemd/files/CVE-2015-7510.patch b/sys-apps/systemd/files/CVE-2015-7510.patch |
20 |
new file mode 100644 |
21 |
index 0000000..088adbb |
22 |
--- /dev/null |
23 |
+++ b/sys-apps/systemd/files/CVE-2015-7510.patch |
24 |
@@ -0,0 +1,37 @@ |
25 |
+From cb31827d62066a04b02111df3052949fda4b6888 Mon Sep 17 00:00:00 2001 |
26 |
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@××××××.pl> |
27 |
+Date: Mon, 23 Nov 2015 13:59:43 -0500 |
28 |
+Subject: [PATCH] nss-mymachines: do not allow overlong machine names |
29 |
+ |
30 |
+https://github.com/systemd/systemd/issues/2002 |
31 |
+--- |
32 |
+ src/nss-mymachines/nss-mymachines.c | 6 ++++++ |
33 |
+ 1 file changed, 6 insertions(+) |
34 |
+ |
35 |
+diff --git a/src/nss-mymachines/nss-mymachines.c b/src/nss-mymachines/nss-mymachines.c |
36 |
+index 969fa96..c98a959 100644 |
37 |
+--- a/src/nss-mymachines/nss-mymachines.c |
38 |
++++ b/src/nss-mymachines/nss-mymachines.c |
39 |
+@@ -416,6 +416,9 @@ enum nss_status _nss_mymachines_getpwnam_r( |
40 |
+ if (!e || e == p) |
41 |
+ goto not_found; |
42 |
+ |
43 |
++ if (e - p > HOST_NAME_MAX - 1) /* -1 for the last dash */ |
44 |
++ goto not_found; |
45 |
++ |
46 |
+ r = parse_uid(e + 1, &uid); |
47 |
+ if (r < 0) |
48 |
+ goto not_found; |
49 |
+@@ -573,6 +576,9 @@ enum nss_status _nss_mymachines_getgrnam_r( |
50 |
+ if (!e || e == p) |
51 |
+ goto not_found; |
52 |
+ |
53 |
++ if (e - p > HOST_NAME_MAX - 1) /* -1 for the last dash */ |
54 |
++ goto not_found; |
55 |
++ |
56 |
+ r = parse_gid(e + 1, &gid); |
57 |
+ if (r < 0) |
58 |
+ goto not_found; |
59 |
+-- |
60 |
+2.6.3 |
61 |
+ |
62 |
|
63 |
diff --git a/sys-apps/systemd/systemd-226-r1.ebuild b/sys-apps/systemd/systemd-226-r2.ebuild |
64 |
similarity index 99% |
65 |
rename from sys-apps/systemd/systemd-226-r1.ebuild |
66 |
rename to sys-apps/systemd/systemd-226-r2.ebuild |
67 |
index 9a7bc96..10471ac 100644 |
68 |
--- a/sys-apps/systemd/systemd-226-r1.ebuild |
69 |
+++ b/sys-apps/systemd/systemd-226-r2.ebuild |
70 |
@@ -146,6 +146,7 @@ src_prepare() { |
71 |
sed -i -e 's/GROUP="dialout"/GROUP="uucp"/' rules/*.rules || die |
72 |
epatch "${FILESDIR}/218-Dont-enable-audit-by-default.patch" |
73 |
epatch "${FILESDIR}/226-noclean-tmp.patch" |
74 |
+ epatch "${FILESDIR}/CVE-2015-7510.patch" |
75 |
epatch_user |
76 |
eautoreconf |
77 |
} |
78 |
|
79 |
diff --git a/sys-apps/systemd/systemd-228.ebuild b/sys-apps/systemd/systemd-228-r1.ebuild |
80 |
similarity index 99% |
81 |
rename from sys-apps/systemd/systemd-228.ebuild |
82 |
rename to sys-apps/systemd/systemd-228-r1.ebuild |
83 |
index 440c35f..1ca11da 100644 |
84 |
--- a/sys-apps/systemd/systemd-228.ebuild |
85 |
+++ b/sys-apps/systemd/systemd-228-r1.ebuild |
86 |
@@ -146,6 +146,7 @@ src_prepare() { |
87 |
sed -i -e 's/GROUP="dialout"/GROUP="uucp"/' rules/*.rules || die |
88 |
epatch "${FILESDIR}/218-Dont-enable-audit-by-default.patch" |
89 |
epatch "${FILESDIR}/228-noclean-tmp.patch" |
90 |
+ epatch "${FILESDIR}/CVE-2015-7510.patch" |
91 |
epatch_user |
92 |
eautoreconf |
93 |
} |