| 1 |
commit: 7f59a94c88c938260171d6b5327ea8ae79a032c1 |
| 2 |
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Tue Nov 24 16:25:56 2015 +0000 |
| 4 |
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Tue Nov 24 16:26:09 2015 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7f59a94c |
| 7 |
|
| 8 |
sys-apps/systemd: Backport fix for CVE-2015-7510 |
| 9 |
|
| 10 |
Bug: https://bugs.gentoo.org/566716 |
| 11 |
|
| 12 |
Package-Manager: portage-2.2.25_p7 |
| 13 |
|
| 14 |
sys-apps/systemd/files/CVE-2015-7510.patch | 37 ++++++++++++++++++++++ |
| 15 |
...systemd-226-r1.ebuild => systemd-226-r2.ebuild} | 1 + |
| 16 |
.../{systemd-228.ebuild => systemd-228-r1.ebuild} | 1 + |
| 17 |
3 files changed, 39 insertions(+) |
| 18 |
|
| 19 |
diff --git a/sys-apps/systemd/files/CVE-2015-7510.patch b/sys-apps/systemd/files/CVE-2015-7510.patch |
| 20 |
new file mode 100644 |
| 21 |
index 0000000..088adbb |
| 22 |
--- /dev/null |
| 23 |
+++ b/sys-apps/systemd/files/CVE-2015-7510.patch |
| 24 |
@@ -0,0 +1,37 @@ |
| 25 |
+From cb31827d62066a04b02111df3052949fda4b6888 Mon Sep 17 00:00:00 2001 |
| 26 |
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@××××××.pl> |
| 27 |
+Date: Mon, 23 Nov 2015 13:59:43 -0500 |
| 28 |
+Subject: [PATCH] nss-mymachines: do not allow overlong machine names |
| 29 |
+ |
| 30 |
+https://github.com/systemd/systemd/issues/2002 |
| 31 |
+--- |
| 32 |
+ src/nss-mymachines/nss-mymachines.c | 6 ++++++ |
| 33 |
+ 1 file changed, 6 insertions(+) |
| 34 |
+ |
| 35 |
+diff --git a/src/nss-mymachines/nss-mymachines.c b/src/nss-mymachines/nss-mymachines.c |
| 36 |
+index 969fa96..c98a959 100644 |
| 37 |
+--- a/src/nss-mymachines/nss-mymachines.c |
| 38 |
++++ b/src/nss-mymachines/nss-mymachines.c |
| 39 |
+@@ -416,6 +416,9 @@ enum nss_status _nss_mymachines_getpwnam_r( |
| 40 |
+ if (!e || e == p) |
| 41 |
+ goto not_found; |
| 42 |
+ |
| 43 |
++ if (e - p > HOST_NAME_MAX - 1) /* -1 for the last dash */ |
| 44 |
++ goto not_found; |
| 45 |
++ |
| 46 |
+ r = parse_uid(e + 1, &uid); |
| 47 |
+ if (r < 0) |
| 48 |
+ goto not_found; |
| 49 |
+@@ -573,6 +576,9 @@ enum nss_status _nss_mymachines_getgrnam_r( |
| 50 |
+ if (!e || e == p) |
| 51 |
+ goto not_found; |
| 52 |
+ |
| 53 |
++ if (e - p > HOST_NAME_MAX - 1) /* -1 for the last dash */ |
| 54 |
++ goto not_found; |
| 55 |
++ |
| 56 |
+ r = parse_gid(e + 1, &gid); |
| 57 |
+ if (r < 0) |
| 58 |
+ goto not_found; |
| 59 |
+-- |
| 60 |
+2.6.3 |
| 61 |
+ |
| 62 |
|
| 63 |
diff --git a/sys-apps/systemd/systemd-226-r1.ebuild b/sys-apps/systemd/systemd-226-r2.ebuild |
| 64 |
similarity index 99% |
| 65 |
rename from sys-apps/systemd/systemd-226-r1.ebuild |
| 66 |
rename to sys-apps/systemd/systemd-226-r2.ebuild |
| 67 |
index 9a7bc96..10471ac 100644 |
| 68 |
--- a/sys-apps/systemd/systemd-226-r1.ebuild |
| 69 |
+++ b/sys-apps/systemd/systemd-226-r2.ebuild |
| 70 |
@@ -146,6 +146,7 @@ src_prepare() { |
| 71 |
sed -i -e 's/GROUP="dialout"/GROUP="uucp"/' rules/*.rules || die |
| 72 |
epatch "${FILESDIR}/218-Dont-enable-audit-by-default.patch" |
| 73 |
epatch "${FILESDIR}/226-noclean-tmp.patch" |
| 74 |
+ epatch "${FILESDIR}/CVE-2015-7510.patch" |
| 75 |
epatch_user |
| 76 |
eautoreconf |
| 77 |
} |
| 78 |
|
| 79 |
diff --git a/sys-apps/systemd/systemd-228.ebuild b/sys-apps/systemd/systemd-228-r1.ebuild |
| 80 |
similarity index 99% |
| 81 |
rename from sys-apps/systemd/systemd-228.ebuild |
| 82 |
rename to sys-apps/systemd/systemd-228-r1.ebuild |
| 83 |
index 440c35f..1ca11da 100644 |
| 84 |
--- a/sys-apps/systemd/systemd-228.ebuild |
| 85 |
+++ b/sys-apps/systemd/systemd-228-r1.ebuild |
| 86 |
@@ -146,6 +146,7 @@ src_prepare() { |
| 87 |
sed -i -e 's/GROUP="dialout"/GROUP="uucp"/' rules/*.rules || die |
| 88 |
epatch "${FILESDIR}/218-Dont-enable-audit-by-default.patch" |
| 89 |
epatch "${FILESDIR}/228-noclean-tmp.patch" |
| 90 |
+ epatch "${FILESDIR}/CVE-2015-7510.patch" |
| 91 |
epatch_user |
| 92 |
eautoreconf |
| 93 |
} |
Archives