[gentoo-commits] repo/gentoo:master commit in: sys-apps/man-db/, sys-apps/man-db/files/ - gentoo-commits

From:	Lars Wendler <polynomial-c@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: sys-apps/man-db/, sys-apps/man-db/files/
Date:	Sun, 06 Jan 2019 15:12:01
Message-Id:	`1546787500.afd4c6fd6980ca985387496bfe16588e9a387d1c.polynomial-c@gentoo`

1

commit:     afd4c6fd6980ca985387496bfe16588e9a387d1c

2

Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>

3

AuthorDate: Sun Jan  6 15:04:51 2019 +0000

4

Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>

5

CommitDate: Sun Jan  6 15:11:40 2019 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=afd4c6fd

7

8

sys-apps/man-db: Bump to version 2.8.5

9

10

Attempt to fix root privilege escalation.

11

12

Bug: https://bugs.gentoo.org/662438

13

Closes: https://bugs.gentoo.org/666404

14

Package-Manager: Portage-2.3.54, Repoman-2.3.12

15

Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

16

17

 sys-apps/man-db/Manifest             |   1 +

18

 sys-apps/man-db/files/man-db.cron-r1 |  11 ++++

19

 sys-apps/man-db/man-db-2.8.5.ebuild  | 121 +++++++++++++++++++++++++++++++++++

20

 3 files changed, 133 insertions(+)

21

22

diff --git a/sys-apps/man-db/Manifest b/sys-apps/man-db/Manifest

23

index 0b3bc1785ef..e4cc0f176a5 100644

24

--- a/sys-apps/man-db/Manifest

25

+++ b/sys-apps/man-db/Manifest

26

@@ -1,3 +1,4 @@

27

 DIST man-db-2.7.6.1.tar.xz 1541316 BLAKE2B ea3aa7e90ea8af4882bd99d99374cc37d9c0c7f70bb970973eb3f2178aa4323bcdebc7f39f142ec0144dbe55a9f86aba15d9fe281d2662d280b8e6dca9452f24 SHA512 623c5e7f8b7c289908b2c926f8777293b8d39aeceef0d2509d701a8b0bfa81408650f655c8608318221786c751a79ee91124b07993de5298cd7fa6d8bb737301

28

 DIST man-db-2.8.3.tar.xz 1624280 BLAKE2B 6158608a5a6ecd361391a17642a4bbc9275a8a3105a39d6f6c3971aceb275cfb16670c51dfa8f1d7fc0136fc1b5e96e39c88e8c1d91e9a47d7a1351d16623a93 SHA512 35d5dda7a2bda94978d10770d24d4c78b3c62c71a68cfeb400df61b0df289ed17aa8aa223d4ae3ffa094d76df8d9172b878230fd7b0397ce7728b9c8ac0b1745

29

 DIST man-db-2.8.4.tar.xz 1779488 BLAKE2B c5f9b06c4b24e046e4b8fbcf4f43015133d18d875edd79f0aad992d884e83fc28a8c3b7d82ded187293d858dfadae48eb088722c3ffc91eec64b71cdf46750be SHA512 3cc160a5a8a0a4e918f6f6546582d1e5fe9851a13c5bd8dc94e3fcbf4ec28cb3cd1524b1ae30722931c84981fa8ca9ac64c9c4d9544c2d0bea80ac9f39cb5e66

30

+DIST man-db-2.8.5.tar.xz 1787244 BLAKE2B b908a6fb0187d42f8d1f842063e0afdf1e052244ea727f0aaaf4d658bb8954a216c0555df5511b27246fd12c2a388c44dcfccf243449d25d6e741c5c3466d3be SHA512 8d1524c3b6459c9ac02d969149c18c198cb171bcd6acc493e863a466c01309958ee9f5ac52df4d7d27da29d35cb7c64132732f5b969181ab336500df2e6dad69

31

32

diff --git a/sys-apps/man-db/files/man-db.cron-r1 b/sys-apps/man-db/files/man-db.cron-r1

33

new file mode 100644

34

index 00000000000..7f7932360cb

35

--- /dev/null

36

+++ b/sys-apps/man-db/files/man-db.cron-r1

37

@@ -0,0 +1,11 @@

38

+#!/bin/sh

39

+

40

+# Use same perms/settings as the ebuild.

41

+cachedir="/var/cache/man"

42

+if [ ! -d "${cachedir}" ]; then

43

+	mkdir -p "${cachedir}"

44

+	chown man:man "${cachedir}"

45

+	chmod 0755 "${cachedir}"

46

+fi

47

+

48

+exec su man -s /bin/sh -c 'nice mandb --quiet' 2>/dev/null

49

50

diff --git a/sys-apps/man-db/man-db-2.8.5.ebuild b/sys-apps/man-db/man-db-2.8.5.ebuild

51

new file mode 100644

52

index 00000000000..c6db5d3398e

53

--- /dev/null

54

+++ b/sys-apps/man-db/man-db-2.8.5.ebuild

55

@@ -0,0 +1,121 @@

56

+# Copyright 1999-2019 Gentoo Authors

57

+# Distributed under the terms of the GNU General Public License v2

58

+

59

+EAPI=6

60

+

61

+inherit user eapi7-ver

62

+

63

+DESCRIPTION="a man replacement that utilizes berkdb instead of flat files"

64

+HOMEPAGE="http://www.nongnu.org/man-db/"

65

+if [[ "${PV}" = 9999* ]] ; then

66

+	inherit git-r3

67

+	EGIT_REPO_URI="https://git.savannah.gnu.org/git/man-db.git"

68

+else

69

+	SRC_URI="mirror://nongnu/${PN}/${P}.tar.xz"

70

+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~x86-linux"

71

+fi

72

+

73

+LICENSE="GPL-3"

74

+SLOT="0"

75

+IUSE="berkdb +gdbm +manpager nls +seccomp selinux static-libs zlib"

76

+

77

+CDEPEND="

78

+	!sys-apps/man

79

+	>=dev-libs/libpipeline-1.5.0

80

+	sys-apps/groff

81

+	berkdb? ( sys-libs/db:= )

82

+	gdbm? ( sys-libs/gdbm:= )

83

+	!berkdb? ( !gdbm? ( sys-libs/gdbm:= ) )

84

+	seccomp? ( sys-libs/libseccomp )

85

+	zlib? ( sys-libs/zlib )

86

+"

87

+DEPEND="

88

+	${CDEPEND}

89

+	app-arch/xz-utils

90

+	virtual/pkgconfig

91

+	nls? (

92

+		>=app-text/po4a-0.45

93

+		sys-devel/gettext

94

+	)

95

+"

96

+RDEPEND="

97

+	${CDEPEND}

98

+	selinux? ( sec-policy/selinux-mandb )

99

+"

100

+PDEPEND="manpager? ( app-text/manpager )"

101

+

102

+pkg_setup() {

103

+	# Create user now as Makefile in src_install does setuid/chown

104

+	enewgroup man 15

105

+	enewuser man 13 -1 /usr/share/man man

106

+

107

+	if (use gdbm && use berkdb) || (use !gdbm && use !berkdb) ; then #496150

108

+		ewarn "Defaulting to USE=gdbm due to ambiguous berkdb/gdbm USE flag settings"

109

+	fi

110

+}

111

+

112

+src_configure() {

113

+	export ac_cv_lib_z_gzopen=$(usex zlib)

114

+	local myeconfargs=(

115

+		--with-systemdtmpfilesdir="${EPREFIX}"/usr/lib/tmpfiles.d

116

+		--disable-setuid #662438

117

+		--enable-cache-owner=man

118

+		--with-sections="1 1p 8 2 3 3p 4 5 6 7 9 0p tcl n l p o 1x 2x 3x 4x 5x 6x 7x 8x"

119

+		$(use_enable nls)

120

+		$(use_enable static-libs static)

121

+		$(use_with seccomp libseccomp)

122

+		--with-db=$(usex gdbm gdbm $(usex berkdb db gdbm))

123

+	)

124

+	econf "${myeconfargs[@]}"

125

+

126

+	# Disable color output from groff so that the manpager can add it. #184604

127

+	sed -i \

128

+		-e '/^#DEFINE.*\<[nt]roff\>/{s:^#::;s:$: -c:}' \

129

+		src/man_db.conf || die

130

+}

131

+

132

+src_install() {

133

+	default

134

+	dodoc docs/{HACKING,TODO}

135

+	find "${ED}" -name "*.la" -delete || die

136

+

137

+	exeinto /etc/cron.daily

138

+	newexe "${FILESDIR}"/man-db.cron-r1 man-db #289884

139

+}

140

+

141

+pkg_preinst() {

142

+	local cachedir="${EROOT}var/cache/man"

143

+	# If the system was already exploited, and the attacker is hiding in the

144

+	# cachedir of the old man-db, let's wipe them out.

145

+	# see bug  #602588 comment 18

146

+	local _replacing_version=

147

+	local _setgid_vuln=0

148

+	for _replacing_version in ${REPLACING_VERSIONS}; do

149

+		if version_is_at_least '2.7.6.1-r2' "${_replacing_version}"; then

150

+			debug-print "Skipping security bug #602588 ... existing installation (${_replacing_version}) should not be affected!"

151

+		else

152

+			_setgid_vuln=1

153

+			debug-print "Applying cleanup for security bug #602588"

154

+		fi

155

+	done

156

+	[[ ${_setgid_vuln} -eq 1 ]] && rm -rf "${cachedir}"

157

+

158

+	# Fall back to recreating the cachedir

159

+	if [[ ! -d ${cachedir} ]] ; then

160

+		mkdir -p "${cachedir}" || die

161

+		chown man:man "${cachedir}" || die

162

+	fi

163

+

164

+	# Update the whatis cache

165

+	if [[ -f ${cachedir}/whatis ]] ; then

166

+		einfo "Cleaning ${cachedir} from sys-apps/man"

167

+		find "${cachedir}" -type f '!' '(' -name index.bt -o -name index.db ')' -delete

168

+	fi

169

+}

170

+

171

+pkg_postinst() {

172

+	if [[ $(ver_cut 2 ${REPLACING_VERSIONS}) -lt 7 ]] ; then

173

+		einfo "Rebuilding man-db from scratch with new database format!"

174

+		su man -s /bin/sh -c 'mandb --quiet --create' 2>/dev/null

175

+	fi

176

+}

1	commit: afd4c6fd6980ca985387496bfe16588e9a387d1c
2	Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
3	AuthorDate: Sun Jan 6 15:04:51 2019 +0000
4	Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
5	CommitDate: Sun Jan 6 15:11:40 2019 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=afd4c6fd
7
8	sys-apps/man-db: Bump to version 2.8.5
9
10	Attempt to fix root privilege escalation.
11
12	Bug: https://bugs.gentoo.org/662438
13	Closes: https://bugs.gentoo.org/666404
14	Package-Manager: Portage-2.3.54, Repoman-2.3.12
15	Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>
16
17	sys-apps/man-db/Manifest \| 1 +
18	sys-apps/man-db/files/man-db.cron-r1 \| 11 ++++
19	sys-apps/man-db/man-db-2.8.5.ebuild \| 121 +++++++++++++++++++++++++++++++++++
20	3 files changed, 133 insertions(+)
21
22	diff --git a/sys-apps/man-db/Manifest b/sys-apps/man-db/Manifest
23	index 0b3bc1785ef..e4cc0f176a5 100644
24	--- a/sys-apps/man-db/Manifest
25	+++ b/sys-apps/man-db/Manifest
26	@@ -1,3 +1,4 @@
27	DIST man-db-2.7.6.1.tar.xz 1541316 BLAKE2B ea3aa7e90ea8af4882bd99d99374cc37d9c0c7f70bb970973eb3f2178aa4323bcdebc7f39f142ec0144dbe55a9f86aba15d9fe281d2662d280b8e6dca9452f24 SHA512 623c5e7f8b7c289908b2c926f8777293b8d39aeceef0d2509d701a8b0bfa81408650f655c8608318221786c751a79ee91124b07993de5298cd7fa6d8bb737301
28	DIST man-db-2.8.3.tar.xz 1624280 BLAKE2B 6158608a5a6ecd361391a17642a4bbc9275a8a3105a39d6f6c3971aceb275cfb16670c51dfa8f1d7fc0136fc1b5e96e39c88e8c1d91e9a47d7a1351d16623a93 SHA512 35d5dda7a2bda94978d10770d24d4c78b3c62c71a68cfeb400df61b0df289ed17aa8aa223d4ae3ffa094d76df8d9172b878230fd7b0397ce7728b9c8ac0b1745
29	DIST man-db-2.8.4.tar.xz 1779488 BLAKE2B c5f9b06c4b24e046e4b8fbcf4f43015133d18d875edd79f0aad992d884e83fc28a8c3b7d82ded187293d858dfadae48eb088722c3ffc91eec64b71cdf46750be SHA512 3cc160a5a8a0a4e918f6f6546582d1e5fe9851a13c5bd8dc94e3fcbf4ec28cb3cd1524b1ae30722931c84981fa8ca9ac64c9c4d9544c2d0bea80ac9f39cb5e66
30	+DIST man-db-2.8.5.tar.xz 1787244 BLAKE2B b908a6fb0187d42f8d1f842063e0afdf1e052244ea727f0aaaf4d658bb8954a216c0555df5511b27246fd12c2a388c44dcfccf243449d25d6e741c5c3466d3be SHA512 8d1524c3b6459c9ac02d969149c18c198cb171bcd6acc493e863a466c01309958ee9f5ac52df4d7d27da29d35cb7c64132732f5b969181ab336500df2e6dad69
31
32	diff --git a/sys-apps/man-db/files/man-db.cron-r1 b/sys-apps/man-db/files/man-db.cron-r1
33	new file mode 100644
34	index 00000000000..7f7932360cb
35	--- /dev/null
36	+++ b/sys-apps/man-db/files/man-db.cron-r1
37	@@ -0,0 +1,11 @@
38	+#!/bin/sh
39	+
40	+# Use same perms/settings as the ebuild.
41	+cachedir="/var/cache/man"
42	+if [ ! -d "${cachedir}" ]; then
43	+ mkdir -p "${cachedir}"
44	+ chown man:man "${cachedir}"
45	+ chmod 0755 "${cachedir}"
46	+fi
47	+
48	+exec su man -s /bin/sh -c 'nice mandb --quiet' 2>/dev/null
49
50	diff --git a/sys-apps/man-db/man-db-2.8.5.ebuild b/sys-apps/man-db/man-db-2.8.5.ebuild
51	new file mode 100644
52	index 00000000000..c6db5d3398e
53	--- /dev/null
54	+++ b/sys-apps/man-db/man-db-2.8.5.ebuild
55	@@ -0,0 +1,121 @@
56	+# Copyright 1999-2019 Gentoo Authors
57	+# Distributed under the terms of the GNU General Public License v2
58	+
59	+EAPI=6
60	+
61	+inherit user eapi7-ver
62	+
63	+DESCRIPTION="a man replacement that utilizes berkdb instead of flat files"
64	+HOMEPAGE="http://www.nongnu.org/man-db/"
65	+if [[ "${PV}" = 9999* ]] ; then
66	+ inherit git-r3
67	+ EGIT_REPO_URI="https://git.savannah.gnu.org/git/man-db.git"
68	+else
69	+ SRC_URI="mirror://nongnu/${PN}/${P}.tar.xz"
70	+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~x86-linux"
71	+fi
72	+
73	+LICENSE="GPL-3"
74	+SLOT="0"
75	+IUSE="berkdb +gdbm +manpager nls +seccomp selinux static-libs zlib"
76	+
77	+CDEPEND="
78	+ !sys-apps/man
79	+ >=dev-libs/libpipeline-1.5.0
80	+ sys-apps/groff
81	+ berkdb? ( sys-libs/db:= )
82	+ gdbm? ( sys-libs/gdbm:= )
83	+ !berkdb? ( !gdbm? ( sys-libs/gdbm:= ) )
84	+ seccomp? ( sys-libs/libseccomp )
85	+ zlib? ( sys-libs/zlib )
86	+"
87	+DEPEND="
88	+ ${CDEPEND}
89	+ app-arch/xz-utils
90	+ virtual/pkgconfig
91	+ nls? (
92	+ >=app-text/po4a-0.45
93	+ sys-devel/gettext
94	+ )
95	+"
96	+RDEPEND="
97	+ ${CDEPEND}
98	+ selinux? ( sec-policy/selinux-mandb )
99	+"
100	+PDEPEND="manpager? ( app-text/manpager )"
101	+
102	+pkg_setup() {
103	+ # Create user now as Makefile in src_install does setuid/chown
104	+ enewgroup man 15
105	+ enewuser man 13 -1 /usr/share/man man
106	+
107	+ if (use gdbm && use berkdb) \|\| (use !gdbm && use !berkdb) ; then #496150
108	+ ewarn "Defaulting to USE=gdbm due to ambiguous berkdb/gdbm USE flag settings"
109	+ fi
110	+}
111	+
112	+src_configure() {
113	+ export ac_cv_lib_z_gzopen=$(usex zlib)
114	+ local myeconfargs=(
115	+ --with-systemdtmpfilesdir="${EPREFIX}"/usr/lib/tmpfiles.d
116	+ --disable-setuid #662438
117	+ --enable-cache-owner=man
118	+ --with-sections="1 1p 8 2 3 3p 4 5 6 7 9 0p tcl n l p o 1x 2x 3x 4x 5x 6x 7x 8x"
119	+ $(use_enable nls)
120	+ $(use_enable static-libs static)
121	+ $(use_with seccomp libseccomp)
122	+ --with-db=$(usex gdbm gdbm $(usex berkdb db gdbm))
123	+ )
124	+ econf "${myeconfargs[@]}"
125	+
126	+ # Disable color output from groff so that the manpager can add it. #184604
127	+ sed -i \
128	+ -e '/^#DEFINE.*\<[nt]roff\>/{s:^#::;s:$: -c:}' \
129	+ src/man_db.conf \|\| die
130	+}
131	+
132	+src_install() {
133	+ default
134	+ dodoc docs/{HACKING,TODO}
135	+ find "${ED}" -name "*.la" -delete \|\| die
136	+
137	+ exeinto /etc/cron.daily
138	+ newexe "${FILESDIR}"/man-db.cron-r1 man-db #289884
139	+}
140	+
141	+pkg_preinst() {
142	+ local cachedir="${EROOT}var/cache/man"
143	+ # If the system was already exploited, and the attacker is hiding in the
144	+ # cachedir of the old man-db, let's wipe them out.
145	+ # see bug #602588 comment 18
146	+ local _replacing_version=
147	+ local _setgid_vuln=0
148	+ for _replacing_version in ${REPLACING_VERSIONS}; do
149	+ if version_is_at_least '2.7.6.1-r2' "${_replacing_version}"; then
150	+ debug-print "Skipping security bug #602588 ... existing installation (${_replacing_version}) should not be affected!"
151	+ else
152	+ _setgid_vuln=1
153	+ debug-print "Applying cleanup for security bug #602588"
154	+ fi
155	+ done
156	+ [[ ${_setgid_vuln} -eq 1 ]] && rm -rf "${cachedir}"
157	+
158	+ # Fall back to recreating the cachedir
159	+ if [[ ! -d ${cachedir} ]] ; then
160	+ mkdir -p "${cachedir}" \|\| die
161	+ chown man:man "${cachedir}" \|\| die
162	+ fi
163	+
164	+ # Update the whatis cache
165	+ if [[ -f ${cachedir}/whatis ]] ; then
166	+ einfo "Cleaning ${cachedir} from sys-apps/man"
167	+ find "${cachedir}" -type f '!' '(' -name index.bt -o -name index.db ')' -delete
168	+ fi
169	+}
170	+
171	+pkg_postinst() {
172	+ if [[ $(ver_cut 2 ${REPLACING_VERSIONS}) -lt 7 ]] ; then
173	+ einfo "Rebuilding man-db from scratch with new database format!"
174	+ su man -s /bin/sh -c 'mandb --quiet --create' 2>/dev/null
175	+ fi
176	+}

Gentoo Archives: gentoo-commits