1 |
commit: afd4c6fd6980ca985387496bfe16588e9a387d1c |
2 |
Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sun Jan 6 15:04:51 2019 +0000 |
4 |
Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org> |
5 |
CommitDate: Sun Jan 6 15:11:40 2019 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=afd4c6fd |
7 |
|
8 |
sys-apps/man-db: Bump to version 2.8.5 |
9 |
|
10 |
Attempt to fix root privilege escalation. |
11 |
|
12 |
Bug: https://bugs.gentoo.org/662438 |
13 |
Closes: https://bugs.gentoo.org/666404 |
14 |
Package-Manager: Portage-2.3.54, Repoman-2.3.12 |
15 |
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org> |
16 |
|
17 |
sys-apps/man-db/Manifest | 1 + |
18 |
sys-apps/man-db/files/man-db.cron-r1 | 11 ++++ |
19 |
sys-apps/man-db/man-db-2.8.5.ebuild | 121 +++++++++++++++++++++++++++++++++++ |
20 |
3 files changed, 133 insertions(+) |
21 |
|
22 |
diff --git a/sys-apps/man-db/Manifest b/sys-apps/man-db/Manifest |
23 |
index 0b3bc1785ef..e4cc0f176a5 100644 |
24 |
--- a/sys-apps/man-db/Manifest |
25 |
+++ b/sys-apps/man-db/Manifest |
26 |
@@ -1,3 +1,4 @@ |
27 |
DIST man-db-2.7.6.1.tar.xz 1541316 BLAKE2B ea3aa7e90ea8af4882bd99d99374cc37d9c0c7f70bb970973eb3f2178aa4323bcdebc7f39f142ec0144dbe55a9f86aba15d9fe281d2662d280b8e6dca9452f24 SHA512 623c5e7f8b7c289908b2c926f8777293b8d39aeceef0d2509d701a8b0bfa81408650f655c8608318221786c751a79ee91124b07993de5298cd7fa6d8bb737301 |
28 |
DIST man-db-2.8.3.tar.xz 1624280 BLAKE2B 6158608a5a6ecd361391a17642a4bbc9275a8a3105a39d6f6c3971aceb275cfb16670c51dfa8f1d7fc0136fc1b5e96e39c88e8c1d91e9a47d7a1351d16623a93 SHA512 35d5dda7a2bda94978d10770d24d4c78b3c62c71a68cfeb400df61b0df289ed17aa8aa223d4ae3ffa094d76df8d9172b878230fd7b0397ce7728b9c8ac0b1745 |
29 |
DIST man-db-2.8.4.tar.xz 1779488 BLAKE2B c5f9b06c4b24e046e4b8fbcf4f43015133d18d875edd79f0aad992d884e83fc28a8c3b7d82ded187293d858dfadae48eb088722c3ffc91eec64b71cdf46750be SHA512 3cc160a5a8a0a4e918f6f6546582d1e5fe9851a13c5bd8dc94e3fcbf4ec28cb3cd1524b1ae30722931c84981fa8ca9ac64c9c4d9544c2d0bea80ac9f39cb5e66 |
30 |
+DIST man-db-2.8.5.tar.xz 1787244 BLAKE2B b908a6fb0187d42f8d1f842063e0afdf1e052244ea727f0aaaf4d658bb8954a216c0555df5511b27246fd12c2a388c44dcfccf243449d25d6e741c5c3466d3be SHA512 8d1524c3b6459c9ac02d969149c18c198cb171bcd6acc493e863a466c01309958ee9f5ac52df4d7d27da29d35cb7c64132732f5b969181ab336500df2e6dad69 |
31 |
|
32 |
diff --git a/sys-apps/man-db/files/man-db.cron-r1 b/sys-apps/man-db/files/man-db.cron-r1 |
33 |
new file mode 100644 |
34 |
index 00000000000..7f7932360cb |
35 |
--- /dev/null |
36 |
+++ b/sys-apps/man-db/files/man-db.cron-r1 |
37 |
@@ -0,0 +1,11 @@ |
38 |
+#!/bin/sh |
39 |
+ |
40 |
+# Use same perms/settings as the ebuild. |
41 |
+cachedir="/var/cache/man" |
42 |
+if [ ! -d "${cachedir}" ]; then |
43 |
+ mkdir -p "${cachedir}" |
44 |
+ chown man:man "${cachedir}" |
45 |
+ chmod 0755 "${cachedir}" |
46 |
+fi |
47 |
+ |
48 |
+exec su man -s /bin/sh -c 'nice mandb --quiet' 2>/dev/null |
49 |
|
50 |
diff --git a/sys-apps/man-db/man-db-2.8.5.ebuild b/sys-apps/man-db/man-db-2.8.5.ebuild |
51 |
new file mode 100644 |
52 |
index 00000000000..c6db5d3398e |
53 |
--- /dev/null |
54 |
+++ b/sys-apps/man-db/man-db-2.8.5.ebuild |
55 |
@@ -0,0 +1,121 @@ |
56 |
+# Copyright 1999-2019 Gentoo Authors |
57 |
+# Distributed under the terms of the GNU General Public License v2 |
58 |
+ |
59 |
+EAPI=6 |
60 |
+ |
61 |
+inherit user eapi7-ver |
62 |
+ |
63 |
+DESCRIPTION="a man replacement that utilizes berkdb instead of flat files" |
64 |
+HOMEPAGE="http://www.nongnu.org/man-db/" |
65 |
+if [[ "${PV}" = 9999* ]] ; then |
66 |
+ inherit git-r3 |
67 |
+ EGIT_REPO_URI="https://git.savannah.gnu.org/git/man-db.git" |
68 |
+else |
69 |
+ SRC_URI="mirror://nongnu/${PN}/${P}.tar.xz" |
70 |
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~x86-linux" |
71 |
+fi |
72 |
+ |
73 |
+LICENSE="GPL-3" |
74 |
+SLOT="0" |
75 |
+IUSE="berkdb +gdbm +manpager nls +seccomp selinux static-libs zlib" |
76 |
+ |
77 |
+CDEPEND=" |
78 |
+ !sys-apps/man |
79 |
+ >=dev-libs/libpipeline-1.5.0 |
80 |
+ sys-apps/groff |
81 |
+ berkdb? ( sys-libs/db:= ) |
82 |
+ gdbm? ( sys-libs/gdbm:= ) |
83 |
+ !berkdb? ( !gdbm? ( sys-libs/gdbm:= ) ) |
84 |
+ seccomp? ( sys-libs/libseccomp ) |
85 |
+ zlib? ( sys-libs/zlib ) |
86 |
+" |
87 |
+DEPEND=" |
88 |
+ ${CDEPEND} |
89 |
+ app-arch/xz-utils |
90 |
+ virtual/pkgconfig |
91 |
+ nls? ( |
92 |
+ >=app-text/po4a-0.45 |
93 |
+ sys-devel/gettext |
94 |
+ ) |
95 |
+" |
96 |
+RDEPEND=" |
97 |
+ ${CDEPEND} |
98 |
+ selinux? ( sec-policy/selinux-mandb ) |
99 |
+" |
100 |
+PDEPEND="manpager? ( app-text/manpager )" |
101 |
+ |
102 |
+pkg_setup() { |
103 |
+ # Create user now as Makefile in src_install does setuid/chown |
104 |
+ enewgroup man 15 |
105 |
+ enewuser man 13 -1 /usr/share/man man |
106 |
+ |
107 |
+ if (use gdbm && use berkdb) || (use !gdbm && use !berkdb) ; then #496150 |
108 |
+ ewarn "Defaulting to USE=gdbm due to ambiguous berkdb/gdbm USE flag settings" |
109 |
+ fi |
110 |
+} |
111 |
+ |
112 |
+src_configure() { |
113 |
+ export ac_cv_lib_z_gzopen=$(usex zlib) |
114 |
+ local myeconfargs=( |
115 |
+ --with-systemdtmpfilesdir="${EPREFIX}"/usr/lib/tmpfiles.d |
116 |
+ --disable-setuid #662438 |
117 |
+ --enable-cache-owner=man |
118 |
+ --with-sections="1 1p 8 2 3 3p 4 5 6 7 9 0p tcl n l p o 1x 2x 3x 4x 5x 6x 7x 8x" |
119 |
+ $(use_enable nls) |
120 |
+ $(use_enable static-libs static) |
121 |
+ $(use_with seccomp libseccomp) |
122 |
+ --with-db=$(usex gdbm gdbm $(usex berkdb db gdbm)) |
123 |
+ ) |
124 |
+ econf "${myeconfargs[@]}" |
125 |
+ |
126 |
+ # Disable color output from groff so that the manpager can add it. #184604 |
127 |
+ sed -i \ |
128 |
+ -e '/^#DEFINE.*\<[nt]roff\>/{s:^#::;s:$: -c:}' \ |
129 |
+ src/man_db.conf || die |
130 |
+} |
131 |
+ |
132 |
+src_install() { |
133 |
+ default |
134 |
+ dodoc docs/{HACKING,TODO} |
135 |
+ find "${ED}" -name "*.la" -delete || die |
136 |
+ |
137 |
+ exeinto /etc/cron.daily |
138 |
+ newexe "${FILESDIR}"/man-db.cron-r1 man-db #289884 |
139 |
+} |
140 |
+ |
141 |
+pkg_preinst() { |
142 |
+ local cachedir="${EROOT}var/cache/man" |
143 |
+ # If the system was already exploited, and the attacker is hiding in the |
144 |
+ # cachedir of the old man-db, let's wipe them out. |
145 |
+ # see bug #602588 comment 18 |
146 |
+ local _replacing_version= |
147 |
+ local _setgid_vuln=0 |
148 |
+ for _replacing_version in ${REPLACING_VERSIONS}; do |
149 |
+ if version_is_at_least '2.7.6.1-r2' "${_replacing_version}"; then |
150 |
+ debug-print "Skipping security bug #602588 ... existing installation (${_replacing_version}) should not be affected!" |
151 |
+ else |
152 |
+ _setgid_vuln=1 |
153 |
+ debug-print "Applying cleanup for security bug #602588" |
154 |
+ fi |
155 |
+ done |
156 |
+ [[ ${_setgid_vuln} -eq 1 ]] && rm -rf "${cachedir}" |
157 |
+ |
158 |
+ # Fall back to recreating the cachedir |
159 |
+ if [[ ! -d ${cachedir} ]] ; then |
160 |
+ mkdir -p "${cachedir}" || die |
161 |
+ chown man:man "${cachedir}" || die |
162 |
+ fi |
163 |
+ |
164 |
+ # Update the whatis cache |
165 |
+ if [[ -f ${cachedir}/whatis ]] ; then |
166 |
+ einfo "Cleaning ${cachedir} from sys-apps/man" |
167 |
+ find "${cachedir}" -type f '!' '(' -name index.bt -o -name index.db ')' -delete |
168 |
+ fi |
169 |
+} |
170 |
+ |
171 |
+pkg_postinst() { |
172 |
+ if [[ $(ver_cut 2 ${REPLACING_VERSIONS}) -lt 7 ]] ; then |
173 |
+ einfo "Rebuilding man-db from scratch with new database format!" |
174 |
+ su man -s /bin/sh -c 'mandb --quiet --create' 2>/dev/null |
175 |
+ fi |
176 |
+} |