[gentoo-commits] dev/steev:master commit in: sys-apps/systemd/, sys-apps/systemd/files/ - gentoo-commits

From:	Stephen Klimaszewski <steev@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] dev/steev:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
Date:	Thu, 05 Apr 2012 22:38:34
Message-Id:	`1333665386.1c619374ef208df51c34c55dd0b64ef72b05d718.steev@gentoo`

1

commit:     1c619374ef208df51c34c55dd0b64ef72b05d718

2

Author:     Steev Klimaszewski <steev <AT> gentoo <DOT> org>

3

AuthorDate: Thu Apr  5 22:36:26 2012 +0000

4

Commit:     Stephen Klimaszewski <steev <AT> gentoo <DOT> org>

5

CommitDate: Thu Apr  5 22:36:26 2012 +0000

6

URL:        http://git.overlays.gentoo.org/gitweb/?p=dev/steev.git;a=commit;h=1c619374

7

8

systemd: Add systemd 44

9

10

Add systemd-44 with patch to use NAME_MAX instead of PAGE_SIZE

11

12

Signed-off-by: Steev Klimaszewski <steev <AT> gentoo.org>

13

14

---

15

 sys-apps/systemd/Manifest                          |    8 +

16

 ...l-never-follow-symlinks-in-rm_rf_children.patch |   32 ++++

17

 sys-apps/systemd/files/gentoo-run.conf             |    5 +

18

 sys-apps/systemd/files/journal-use-NAME_MAX.patch  |   44 +++++

19

 .../systemd/files/update-etc-systemd-symlinks.path |    5 +

20

 .../files/update-etc-systemd-symlinks.service      |    6 +

21

 .../systemd/files/update-etc-systemd-symlinks.sh   |   19 +++

22

 sys-apps/systemd/systemd-44.ebuild                 |  167 ++++++++++++++++++++

23

 8 files changed, 286 insertions(+), 0 deletions(-)

24

25

diff --git a/sys-apps/systemd/Manifest b/sys-apps/systemd/Manifest

26

new file mode 100644

27

index 0000000..66bccea

28

--- /dev/null

29

+++ b/sys-apps/systemd/Manifest

30

@@ -0,0 +1,8 @@

31

+AUX 0001-util-never-follow-symlinks-in-rm_rf_children.patch 1262 RMD160 4b328f8d97887b773a95c520595ed2488a0922f7 SHA1 b212485909bae7f625e74809641385915a8bb110 SHA256 4bf6f7d0312f07614d2addece6b48f3301bb85de5f27c8b9729e11b1f4d9e36a

32

+AUX gentoo-run.conf 226 RMD160 3bea7b3d3fe3b3589d8bfdeaf52112ab46a67e82 SHA1 521d0d3ff408905075f42b3b00ccc77da2355c6a SHA256 a23fa3b35b4e9d5f1c41dc77cb5be1cec492eb903a57472df3d93a053db28ca7

33

+AUX journal-use-NAME_MAX.patch 2072 RMD160 bd9b713a2d42c54cf93e69b5793fada57fdebf13 SHA1 a3056c50455f4b23ed7b652bef3680e3a4dafb1d SHA256 763a621f1f459f751377049a8f4b444107d378d59be185413beef585a427f4ea

34

+AUX update-etc-systemd-symlinks.path 119 RMD160 b2512605a2313af9fca6b611a32b66e2c435577a SHA1 70ddad85c6981b9a0a81f1d0f84f4b039951c543 SHA256 4dbbe99fdc4b7922ad6fb4c6f39c975a4b139e04b04a65e3c79650b364fdc02a

35

+AUX update-etc-systemd-symlinks.service 165 RMD160 aab6eb2ff82ae82be72c12682fda2bc62d7b2e51 SHA1 6a766b8ef0a97290431756c8bbabf242447c632e SHA256 77f199392367cefc6d70110b955fb5f2ebafaf21ea8ca355b1863a44f130bf69

36

+AUX update-etc-systemd-symlinks.sh 451 RMD160 94066bbc526f108e2a3a49ad3b8dc52eb1ed4ad7 SHA1 9ad3fa9e5bef1b7d10a54101ddedb299d0f875a7 SHA256 1ed27cf8c2ca5ab862b9d935eec613d1a21ceb4cc363a4bfdac6430387e350df

37

+DIST systemd-44.tar.xz 885636 RMD160 d81f0b72806884628b80af5e261dddf5dbc88025 SHA1 851869f1d991343995a9ca1243616c8bf4edfdad SHA256 7a5aac4b4b8b3a82bf59292f10e43d8f2c2d7039f34e95714f81d8edcb42233c

38

+EBUILD systemd-44.ebuild 5223 RMD160 98f45aefd7efed79740703e347f1a709563cb463 SHA1 133795870b6fa29f55b1bf153d576426a3c31c7b SHA256 ac6f93421966bcc0d9de95000e083eec728a1a496d1a658a97c3eee37da47735

39

40

diff --git a/sys-apps/systemd/files/0001-util-never-follow-symlinks-in-rm_rf_children.patch b/sys-apps/systemd/files/0001-util-never-follow-symlinks-in-rm_rf_children.patch

41

new file mode 100644

42

index 0000000..7ac9251

43

--- /dev/null

44

+++ b/sys-apps/systemd/files/0001-util-never-follow-symlinks-in-rm_rf_children.patch

45

@@ -0,0 +1,32 @@

46

+From 5ebff5337594d690b322078c512eb222d34aaa82 Mon Sep 17 00:00:00 2001

47

+From: Michal Schmidt <mschmidt@××××××.com>

48

+Date: Fri, 2 Mar 2012 10:39:10 +0100

49

+Subject: [PATCH] util: never follow symlinks in rm_rf_children()

50

+

51

+The function checks if the entry is a directory before recursing, but

52

+there is a window between the check and the open, during which the

53

+directory could be replaced with a symlink.

54

+

55

+CVE-2012-1174

56

+https://bugzilla.redhat.com/show_bug.cgi?id=803358

57

+---

58

+ src/util.c |    3 ++-

59

+ 1 file changed, 2 insertions(+), 1 deletion(-)

60

+

61

+diff --git a/src/util.c b/src/util.c

62

+index 20cbc2b..dfc1dc6 100644

63

+--- a/src/util.c

64

++++ b/src/util.c

65

+@@ -3593,7 +3593,8 @@ static int rm_rf_children(int fd, bool only_dirs, bool honour_sticky) {

66

+                 if (is_dir) {

67

+                         int subdir_fd;

68

+

69

+-                        if ((subdir_fd = openat(fd, de->d_name, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC)) < 0) {

70

++                        subdir_fd = openat(fd, de->d_name, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW);

71

++                        if (subdir_fd < 0) {

72

+                                 if (ret == 0 && errno != ENOENT)

73

+                                         ret = -errno;

74

+                                 continue;

75

+--

76

+1.7.9.4

77

+

78

79

diff --git a/sys-apps/systemd/files/gentoo-run.conf b/sys-apps/systemd/files/gentoo-run.conf

80

new file mode 100644

81

index 0000000..5b3bcab

82

--- /dev/null

83

+++ b/sys-apps/systemd/files/gentoo-run.conf

84

@@ -0,0 +1,5 @@

85

+# New OpenRC versions replace /var/lock with a symlink to /run/lock.

86

+# We just create that directory for now, just in case.

87

+# Of course, it's not guaranteed that'll satisfy all relevant packages.

88

+

89

+d /run/lock 0755 root root -

90

91

diff --git a/sys-apps/systemd/files/journal-use-NAME_MAX.patch b/sys-apps/systemd/files/journal-use-NAME_MAX.patch

92

new file mode 100644

93

index 0000000..623bea1

94

--- /dev/null

95

+++ b/sys-apps/systemd/files/journal-use-NAME_MAX.patch

96

@@ -0,0 +1,44 @@

97

+From 7264278fbbdc1dc6c30fedc902d1337594aa6ff6 Mon Sep 17 00:00:00 2001

98

+From: Lennart Poettering <lennart@××××××××××.net>

99

+Date: Wed, 21 Mar 2012 22:47:44 +0000

100

+Subject: journal: PAGE_SIZE is not known on ppc and other archs

101

+

102

+Let's use NAME_MAX, as suggested by Dan Walsh

103

+---

104

+diff --git a/src/journal/journald.c b/src/journal/journald.c

105

+index d27cb60..87390bd 100644

106

+--- a/src/journal/journald.c

107

++++ b/src/journal/journald.c

108

+@@ -29,7 +29,6 @@

109

+ #include <sys/ioctl.h>

110

+ #include <linux/sockios.h>

111

+ #include <sys/statvfs.h>

112

+-#include <sys/user.h>

113

+

114

+ #include <systemd/sd-journal.h>

115

+ #include <systemd/sd-login.h>

116

+@@ -2149,10 +2148,20 @@ static int process_event(Server *s, struct epoll_event *ev) {

117

+                         size_t label_len = 0;

118

+                         union {

119

+                                 struct cmsghdr cmsghdr;

120

++

121

++                                /* We use NAME_MAX space for the

122

++                                 * SELinux label here. The kernel

123

++                                 * currently enforces no limit, but

124

++                                 * according to suggestions from the

125

++                                 * SELinux people this will change and

126

++                                 * it will probably be identical to

127

++                                 * NAME_MAX. For now we use that, but

128

++                                 * this should be updated one day when

129

++                                 * the final limit is known.*/

130

+                                 uint8_t buf[CMSG_SPACE(sizeof(struct ucred)) +

131

+                                             CMSG_SPACE(sizeof(struct timeval)) +

132

+-                                            CMSG_SPACE(sizeof(int)) +

133

+-                                            CMSG_SPACE(PAGE_SIZE)]; /* selinux label */

134

++                                            CMSG_SPACE(sizeof(int)) + /* fd */

135

++                                            CMSG_SPACE(NAME_MAX)]; /* selinux label */

136

+                         } control;

137

+                         ssize_t n;

138

+                         int v;

139

+--

140

+cgit v0.9.0.2-2-gbebe

141

142

diff --git a/sys-apps/systemd/files/update-etc-systemd-symlinks.path b/sys-apps/systemd/files/update-etc-systemd-symlinks.path

143

new file mode 100644

144

index 0000000..33a9576

145

--- /dev/null

146

+++ b/sys-apps/systemd/files/update-etc-systemd-symlinks.path

147

@@ -0,0 +1,5 @@

148

+[Unit]

149

+Description=Update /etc/systemd/system symlinks for units moved to /usr

150

+

151

+[Path]

152

+PathChanged=/lib/systemd/system

153

154

diff --git a/sys-apps/systemd/files/update-etc-systemd-symlinks.service b/sys-apps/systemd/files/update-etc-systemd-symlinks.service

155

new file mode 100644

156

index 0000000..c05a194

157

--- /dev/null

158

+++ b/sys-apps/systemd/files/update-etc-systemd-symlinks.service

159

@@ -0,0 +1,6 @@

160

+[Unit]

161

+Description=Update /etc/systemd/system symlinks for units moved to /usr

162

+

163

+[Service]

164

+Type=oneshot

165

+ExecStart=/usr/libexec/systemd/update-etc-systemd-symlinks.sh

166

167

diff --git a/sys-apps/systemd/files/update-etc-systemd-symlinks.sh b/sys-apps/systemd/files/update-etc-systemd-symlinks.sh

168

new file mode 100755

169

index 0000000..ce81bba

170

--- /dev/null

171

+++ b/sys-apps/systemd/files/update-etc-systemd-symlinks.sh

172

@@ -0,0 +1,19 @@

173

+#!/bin/sh

174

+# Update symlinks to systemd units moved into /usr/systemd.

175

+# (c) 2012 Michał Górny

176

+# Released under the terms of the 2-clause BSD license

177

+

178

+IFS_SAVE=${IFS}

179

+IFS='

180

+'

181

+# follow + symlink type will match broken symlinks only

182

+set -- $(find -L /etc/systemd/system -type l -print)

183

+IFS=${IFS_SAVE}

184

+

185

+for f; do

186

+	old_path=$(readlink "${f}")

187

+	new_path=/usr/lib${old_path#/lib}

188

+	if [ -f "${new_path}" ]; then

189

+		ln -v -s -f "${new_path}" "${f}"

190

+	fi

191

+done

192

193

diff --git a/sys-apps/systemd/systemd-44.ebuild b/sys-apps/systemd/systemd-44.ebuild

194

new file mode 100644

195

index 0000000..39f1a9b

196

--- /dev/null

197

+++ b/sys-apps/systemd/systemd-44.ebuild

198

@@ -0,0 +1,167 @@

199

+# Copyright 1999-2012 Gentoo Foundation

200

+# Distributed under the terms of the GNU General Public License v2

201

+# $Header: /var/cvsroot/gentoo-x86/sys-apps/systemd/systemd-44.ebuild,v 1.1 2012/04/05 11:15:27 mgorny Exp $

202

+

203

+EAPI=4

204

+

205

+inherit autotools-utils bash-completion-r1 linux-info pam systemd

206

+

207

+DESCRIPTION="System and service manager for Linux"

208

+HOMEPAGE="http://www.freedesktop.org/wiki/Software/systemd"

209

+SRC_URI="http://www.freedesktop.org/software/systemd/${P}.tar.xz"

210

+

211

+LICENSE="GPL-2"

212

+SLOT="0"

213

+KEYWORDS="~amd64 ~x86"

214

+IUSE="acl audit cryptsetup lzma pam plymouth selinux tcpd"

215

+

216

+# We need to depend on sysvinit for sulogin which is used in the rescue

217

+# mode. Bug #399615.

218

+

219

+# A little higher than upstream requires

220

+# but I had real trouble with 2.6.37 and systemd.

221

+MINKV="2.6.38"

222

+

223

+# dbus version because of systemd units

224

+# sysvinit for sulogin

225

+RDEPEND=">=sys-apps/dbus-1.4.10

226

+	>=sys-apps/kmod-5

227

+	sys-apps/sysvinit

228

+	>=sys-apps/util-linux-2.19

229

+	>=sys-fs/udev-172

230

+	sys-libs/libcap

231

+	acl? ( sys-apps/acl )

232

+	audit? ( >=sys-process/audit-2 )

233

+	cryptsetup? ( sys-fs/cryptsetup )

234

+	lzma? ( app-arch/xz-utils )

235

+	pam? ( virtual/pam )

236

+	plymouth? ( sys-boot/plymouth )

237

+	selinux? ( sys-libs/libselinux )

238

+	tcpd? ( sys-apps/tcp-wrappers )"

239

+

240

+DEPEND="${RDEPEND}

241

+	app-arch/xz-utils

242

+	app-text/docbook-xsl-stylesheets

243

+	dev-libs/libxslt

244

+	dev-util/gperf

245

+	dev-util/intltool

246

+	>=sys-kernel/linux-headers-${MINKV}"

247

+

248

+PATCHES=(

249

+	# bug #408879: Session Logout File Deletion Weakness (CVE-2012-1174)

250

+	"${FILESDIR}"/0001-util-never-follow-symlinks-in-rm_rf_children.patch

251

+	# Not all architectures have PAGE_SIZE

252

+	"${FILESDIR}"/journal-use-NAME_MAX.patch

253

+)

254

+

255

+pkg_setup() {

256

+	enewgroup lock # used by var-lock.mount

257

+	enewgroup tty 5 # used by mount-setup for /dev/pts

258

+}

259

+

260

+src_configure() {

261

+	local myeconfargs=(

262

+		--with-distro=gentoo

263

+		# install everything to /usr

264

+		--with-rootprefix=/usr

265

+		--with-rootlibdir=/usr/$(get_libdir)

266

+		# but pam modules have to lie in /lib*

267

+		--with-pamlibdir=/$(get_libdir)/security

268

+		--localstatedir=/var

269

+		# make sure we get /bin:/sbin in $PATH

270

+		--enable-split-usr

271

+		$(use_enable acl)

272

+		$(use_enable audit)

273

+		$(use_enable cryptsetup libcryptsetup)

274

+		$(use_enable lzma xz)

275

+		$(use_enable pam)

276

+		$(use_enable plymouth)

277

+		$(use_enable selinux)

278

+		$(use_enable tcpd tcpwrap)

279

+		# now in sys-apps/systemd-ui

280

+		--disable-gtk

281

+	)

282

+

283

+	autotools-utils_src_configure

284

+}

285

+

286

+src_install() {

287

+	autotools-utils_src_install \

288

+		bashcompletiondir=/tmp

289

+

290

+	# compat for init= use

291

+	dosym ../usr/lib/systemd/systemd /bin/systemd

292

+	dosym ../lib/systemd/systemd /usr/bin/systemd

293

+	# rsyslog.service depends on it...

294

+	dosym ../usr/bin/systemctl /bin/systemctl

295

+

296

+	# move files as necessary

297

+	newbashcomp "${D}"/tmp/systemd-bash-completion.sh ${PN}

298

+	rm -r "${D}"/tmp || die

299

+

300

+	# we just keep sysvinit tools, so no need for the mans

301

+	rm "${D}"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 \

302

+		|| die

303

+	rm "${D}"/usr/share/man/man1/init.1 || die

304

+

305

+	# Create /run/lock as required by new baselay/OpenRC compat.

306

+	insinto /usr/lib/tmpfiles.d

307

+	doins "${FILESDIR}"/gentoo-run.conf

308

+

309

+	# Migration helpers.

310

+	exeinto /usr/libexec/systemd

311

+	doexe "${FILESDIR}"/update-etc-systemd-symlinks.sh

312

+	systemd_dounit "${FILESDIR}"/update-etc-systemd-symlinks.{service,path}

313

+	systemd_enable_service sysinit.target update-etc-systemd-symlinks.path

314

+}

315

+

316

+pkg_preinst() {

317

+	local CONFIG_CHECK="~AUTOFS4_FS ~CGROUPS ~DEVTMPFS ~FANOTIFY ~IPV6"

318

+	kernel_is -ge ${MINKV//./ } || ewarn "Kernel version at least ${MINKV} required"

319

+	check_extra_config

320

+}

321

+

322

+optfeature() {

323

+	elog "	[\e[1m$(has_version ${1} && echo I || echo ' ')\e[0m] ${1} (${2})"

324

+}

325

+

326

+pkg_postinst() {

327

+	mkdir -p "${ROOT}"/run || ewarn "Unable to mkdir /run, this could mean trouble."

328

+	if [[ ! -L "${ROOT}"/etc/mtab ]]; then

329

+		ewarn "Upstream suggests that the /etc/mtab file should be a symlink to /proc/mounts."

330

+		ewarn "It is known to cause users being unable to unmount user mounts. If you don't"

331

+		ewarn "require that specific feature, please call:"

332

+		ewarn "	$ ln -sf '${ROOT}proc/self/mounts' '${ROOT}etc/mtab'"

333

+		ewarn

334

+	fi

335

+

336

+	elog "You may need to perform some additional configuration for some programs"

337

+	elog "to work, see the systemd manpages for loading modules and handling tmpfiles:"

338

+	elog "	$ man modules-load.d"

339

+	elog "	$ man tmpfiles.d"

340

+	elog

341

+

342

+	elog "To get additional features, a number of optional runtime dependencies may"

343

+	elog "be installed:"

344

+	optfeature 'dev-python/dbus-python' 'for systemd-analyze'

345

+	optfeature 'dev-python/pycairo[svg]' 'for systemd-analyze plotting ability'

346

+	optfeature 'sys-apps/systemd-ui' 'for GTK+ systemadm UI and gnome-ask-password-agent'

347

+	elog

348

+

349

+	ewarn "Please note this is a work-in-progress and many packages in Gentoo"

350

+	ewarn "do not supply systemd unit files yet. You are testing it on your own"

351

+	ewarn "responsibility. Please remember than you can pass:"

352

+	ewarn "	init=/sbin/init"

353

+	ewarn "to your kernel to boot using sysvinit / OpenRC."

354

+

355

+	# Don't run it if we're outta /

356

+	if [[ ! ${ROOT%/} ]]; then

357

+		# Update symlinks to moved units.

358

+		sh "${FILESDIR}"/update-etc-systemd-symlinks.sh

359

+

360

+		# Try to start migration unit.

361

+		ebegin "Trying to start migration helper path monitoring."

362

+		systemctl --system start update-etc-systemd-symlinks.path 2>/dev/null

363

+		eend ${?}

364

+	fi

365

+}

1	commit: 1c619374ef208df51c34c55dd0b64ef72b05d718
2	Author: Steev Klimaszewski <steev <AT> gentoo <DOT> org>
3	AuthorDate: Thu Apr 5 22:36:26 2012 +0000
4	Commit: Stephen Klimaszewski <steev <AT> gentoo <DOT> org>
5	CommitDate: Thu Apr 5 22:36:26 2012 +0000
6	URL: http://git.overlays.gentoo.org/gitweb/?p=dev/steev.git;a=commit;h=1c619374
7
8	systemd: Add systemd 44
9
10	Add systemd-44 with patch to use NAME_MAX instead of PAGE_SIZE
11
12	Signed-off-by: Steev Klimaszewski <steev <AT> gentoo.org>
13
14	---
15	sys-apps/systemd/Manifest \| 8 +
16	...l-never-follow-symlinks-in-rm_rf_children.patch \| 32 ++++
17	sys-apps/systemd/files/gentoo-run.conf \| 5 +
18	sys-apps/systemd/files/journal-use-NAME_MAX.patch \| 44 +++++
19	.../systemd/files/update-etc-systemd-symlinks.path \| 5 +
20	.../files/update-etc-systemd-symlinks.service \| 6 +
21	.../systemd/files/update-etc-systemd-symlinks.sh \| 19 +++
22	sys-apps/systemd/systemd-44.ebuild \| 167 ++++++++++++++++++++
23	8 files changed, 286 insertions(+), 0 deletions(-)
24
25	diff --git a/sys-apps/systemd/Manifest b/sys-apps/systemd/Manifest
26	new file mode 100644
27	index 0000000..66bccea
28	--- /dev/null
29	+++ b/sys-apps/systemd/Manifest
30	@@ -0,0 +1,8 @@
31	+AUX 0001-util-never-follow-symlinks-in-rm_rf_children.patch 1262 RMD160 4b328f8d97887b773a95c520595ed2488a0922f7 SHA1 b212485909bae7f625e74809641385915a8bb110 SHA256 4bf6f7d0312f07614d2addece6b48f3301bb85de5f27c8b9729e11b1f4d9e36a
32	+AUX gentoo-run.conf 226 RMD160 3bea7b3d3fe3b3589d8bfdeaf52112ab46a67e82 SHA1 521d0d3ff408905075f42b3b00ccc77da2355c6a SHA256 a23fa3b35b4e9d5f1c41dc77cb5be1cec492eb903a57472df3d93a053db28ca7
33	+AUX journal-use-NAME_MAX.patch 2072 RMD160 bd9b713a2d42c54cf93e69b5793fada57fdebf13 SHA1 a3056c50455f4b23ed7b652bef3680e3a4dafb1d SHA256 763a621f1f459f751377049a8f4b444107d378d59be185413beef585a427f4ea
34	+AUX update-etc-systemd-symlinks.path 119 RMD160 b2512605a2313af9fca6b611a32b66e2c435577a SHA1 70ddad85c6981b9a0a81f1d0f84f4b039951c543 SHA256 4dbbe99fdc4b7922ad6fb4c6f39c975a4b139e04b04a65e3c79650b364fdc02a
35	+AUX update-etc-systemd-symlinks.service 165 RMD160 aab6eb2ff82ae82be72c12682fda2bc62d7b2e51 SHA1 6a766b8ef0a97290431756c8bbabf242447c632e SHA256 77f199392367cefc6d70110b955fb5f2ebafaf21ea8ca355b1863a44f130bf69
36	+AUX update-etc-systemd-symlinks.sh 451 RMD160 94066bbc526f108e2a3a49ad3b8dc52eb1ed4ad7 SHA1 9ad3fa9e5bef1b7d10a54101ddedb299d0f875a7 SHA256 1ed27cf8c2ca5ab862b9d935eec613d1a21ceb4cc363a4bfdac6430387e350df
37	+DIST systemd-44.tar.xz 885636 RMD160 d81f0b72806884628b80af5e261dddf5dbc88025 SHA1 851869f1d991343995a9ca1243616c8bf4edfdad SHA256 7a5aac4b4b8b3a82bf59292f10e43d8f2c2d7039f34e95714f81d8edcb42233c
38	+EBUILD systemd-44.ebuild 5223 RMD160 98f45aefd7efed79740703e347f1a709563cb463 SHA1 133795870b6fa29f55b1bf153d576426a3c31c7b SHA256 ac6f93421966bcc0d9de95000e083eec728a1a496d1a658a97c3eee37da47735
39
40	diff --git a/sys-apps/systemd/files/0001-util-never-follow-symlinks-in-rm_rf_children.patch b/sys-apps/systemd/files/0001-util-never-follow-symlinks-in-rm_rf_children.patch
41	new file mode 100644
42	index 0000000..7ac9251
43	--- /dev/null
44	+++ b/sys-apps/systemd/files/0001-util-never-follow-symlinks-in-rm_rf_children.patch
45	@@ -0,0 +1,32 @@
46	+From 5ebff5337594d690b322078c512eb222d34aaa82 Mon Sep 17 00:00:00 2001
47	+From: Michal Schmidt <mschmidt@××××××.com>
48	+Date: Fri, 2 Mar 2012 10:39:10 +0100
49	+Subject: [PATCH] util: never follow symlinks in rm_rf_children()
50	+
51	+The function checks if the entry is a directory before recursing, but
52	+there is a window between the check and the open, during which the
53	+directory could be replaced with a symlink.
54	+
55	+CVE-2012-1174
56	+https://bugzilla.redhat.com/show_bug.cgi?id=803358
57	+---
58	+ src/util.c \| 3 ++-
59	+ 1 file changed, 2 insertions(+), 1 deletion(-)
60	+
61	+diff --git a/src/util.c b/src/util.c
62	+index 20cbc2b..dfc1dc6 100644
63	+--- a/src/util.c
64	++++ b/src/util.c
65	+@@ -3593,7 +3593,8 @@ static int rm_rf_children(int fd, bool only_dirs, bool honour_sticky) {
66	+ if (is_dir) {
67	+ int subdir_fd;
68	+
69	+- if ((subdir_fd = openat(fd, de->d_name, O_RDONLY\|O_NONBLOCK\|O_DIRECTORY\|O_CLOEXEC)) < 0) {
70	++ subdir_fd = openat(fd, de->d_name, O_RDONLY\|O_NONBLOCK\|O_DIRECTORY\|O_CLOEXEC\|O_NOFOLLOW);
71	++ if (subdir_fd < 0) {
72	+ if (ret == 0 && errno != ENOENT)
73	+ ret = -errno;
74	+ continue;
75	+--
76	+1.7.9.4
77	+
78
79	diff --git a/sys-apps/systemd/files/gentoo-run.conf b/sys-apps/systemd/files/gentoo-run.conf
80	new file mode 100644
81	index 0000000..5b3bcab
82	--- /dev/null
83	+++ b/sys-apps/systemd/files/gentoo-run.conf
84	@@ -0,0 +1,5 @@
85	+# New OpenRC versions replace /var/lock with a symlink to /run/lock.
86	+# We just create that directory for now, just in case.
87	+# Of course, it's not guaranteed that'll satisfy all relevant packages.
88	+
89	+d /run/lock 0755 root root -
90
91	diff --git a/sys-apps/systemd/files/journal-use-NAME_MAX.patch b/sys-apps/systemd/files/journal-use-NAME_MAX.patch
92	new file mode 100644
93	index 0000000..623bea1
94	--- /dev/null
95	+++ b/sys-apps/systemd/files/journal-use-NAME_MAX.patch
96	@@ -0,0 +1,44 @@
97	+From 7264278fbbdc1dc6c30fedc902d1337594aa6ff6 Mon Sep 17 00:00:00 2001
98	+From: Lennart Poettering <lennart@××××××××××.net>
99	+Date: Wed, 21 Mar 2012 22:47:44 +0000
100	+Subject: journal: PAGE_SIZE is not known on ppc and other archs
101	+
102	+Let's use NAME_MAX, as suggested by Dan Walsh
103	+---
104	+diff --git a/src/journal/journald.c b/src/journal/journald.c
105	+index d27cb60..87390bd 100644
106	+--- a/src/journal/journald.c
107	++++ b/src/journal/journald.c
108	+@@ -29,7 +29,6 @@
109	+ #include <sys/ioctl.h>
110	+ #include <linux/sockios.h>
111	+ #include <sys/statvfs.h>
112	+-#include <sys/user.h>
113	+
114	+ #include <systemd/sd-journal.h>
115	+ #include <systemd/sd-login.h>
116	+@@ -2149,10 +2148,20 @@ static int process_event(Server s, struct epoll_event ev) {
117	+ size_t label_len = 0;
118	+ union {
119	+ struct cmsghdr cmsghdr;
120	++
121	++ /* We use NAME_MAX space for the
122	++ * SELinux label here. The kernel
123	++ * currently enforces no limit, but
124	++ * according to suggestions from the
125	++ * SELinux people this will change and
126	++ * it will probably be identical to
127	++ * NAME_MAX. For now we use that, but
128	++ * this should be updated one day when
129	++ * the final limit is known.*/
130	+ uint8_t buf[CMSG_SPACE(sizeof(struct ucred)) +
131	+ CMSG_SPACE(sizeof(struct timeval)) +
132	+- CMSG_SPACE(sizeof(int)) +
133	+- CMSG_SPACE(PAGE_SIZE)]; /* selinux label */
134	++ CMSG_SPACE(sizeof(int)) + /* fd */
135	++ CMSG_SPACE(NAME_MAX)]; /* selinux label */
136	+ } control;
137	+ ssize_t n;
138	+ int v;
139	+--
140	+cgit v0.9.0.2-2-gbebe
141
142	diff --git a/sys-apps/systemd/files/update-etc-systemd-symlinks.path b/sys-apps/systemd/files/update-etc-systemd-symlinks.path
143	new file mode 100644
144	index 0000000..33a9576
145	--- /dev/null
146	+++ b/sys-apps/systemd/files/update-etc-systemd-symlinks.path
147	@@ -0,0 +1,5 @@
148	+[Unit]
149	+Description=Update /etc/systemd/system symlinks for units moved to /usr
150	+
151	+[Path]
152	+PathChanged=/lib/systemd/system
153
154	diff --git a/sys-apps/systemd/files/update-etc-systemd-symlinks.service b/sys-apps/systemd/files/update-etc-systemd-symlinks.service
155	new file mode 100644
156	index 0000000..c05a194
157	--- /dev/null
158	+++ b/sys-apps/systemd/files/update-etc-systemd-symlinks.service
159	@@ -0,0 +1,6 @@
160	+[Unit]
161	+Description=Update /etc/systemd/system symlinks for units moved to /usr
162	+
163	+[Service]
164	+Type=oneshot
165	+ExecStart=/usr/libexec/systemd/update-etc-systemd-symlinks.sh
166
167	diff --git a/sys-apps/systemd/files/update-etc-systemd-symlinks.sh b/sys-apps/systemd/files/update-etc-systemd-symlinks.sh
168	new file mode 100755
169	index 0000000..ce81bba
170	--- /dev/null
171	+++ b/sys-apps/systemd/files/update-etc-systemd-symlinks.sh
172	@@ -0,0 +1,19 @@
173	+#!/bin/sh
174	+# Update symlinks to systemd units moved into /usr/systemd.
175	+# (c) 2012 Michał Górny
176	+# Released under the terms of the 2-clause BSD license
177	+
178	+IFS_SAVE=${IFS}
179	+IFS='
180	+'
181	+# follow + symlink type will match broken symlinks only
182	+set -- $(find -L /etc/systemd/system -type l -print)
183	+IFS=${IFS_SAVE}
184	+
185	+for f; do
186	+ old_path=$(readlink "${f}")
187	+ new_path=/usr/lib${old_path#/lib}
188	+ if [ -f "${new_path}" ]; then
189	+ ln -v -s -f "${new_path}" "${f}"
190	+ fi
191	+done
192
193	diff --git a/sys-apps/systemd/systemd-44.ebuild b/sys-apps/systemd/systemd-44.ebuild
194	new file mode 100644
195	index 0000000..39f1a9b
196	--- /dev/null
197	+++ b/sys-apps/systemd/systemd-44.ebuild
198	@@ -0,0 +1,167 @@
199	+# Copyright 1999-2012 Gentoo Foundation
200	+# Distributed under the terms of the GNU General Public License v2
201	+# $Header: /var/cvsroot/gentoo-x86/sys-apps/systemd/systemd-44.ebuild,v 1.1 2012/04/05 11:15:27 mgorny Exp $
202	+
203	+EAPI=4
204	+
205	+inherit autotools-utils bash-completion-r1 linux-info pam systemd
206	+
207	+DESCRIPTION="System and service manager for Linux"
208	+HOMEPAGE="http://www.freedesktop.org/wiki/Software/systemd"
209	+SRC_URI="http://www.freedesktop.org/software/systemd/${P}.tar.xz"
210	+
211	+LICENSE="GPL-2"
212	+SLOT="0"
213	+KEYWORDS="~amd64 ~x86"
214	+IUSE="acl audit cryptsetup lzma pam plymouth selinux tcpd"
215	+
216	+# We need to depend on sysvinit for sulogin which is used in the rescue
217	+# mode. Bug #399615.
218	+
219	+# A little higher than upstream requires
220	+# but I had real trouble with 2.6.37 and systemd.
221	+MINKV="2.6.38"
222	+
223	+# dbus version because of systemd units
224	+# sysvinit for sulogin
225	+RDEPEND=">=sys-apps/dbus-1.4.10
226	+ >=sys-apps/kmod-5
227	+ sys-apps/sysvinit
228	+ >=sys-apps/util-linux-2.19
229	+ >=sys-fs/udev-172
230	+ sys-libs/libcap
231	+ acl? ( sys-apps/acl )
232	+ audit? ( >=sys-process/audit-2 )
233	+ cryptsetup? ( sys-fs/cryptsetup )
234	+ lzma? ( app-arch/xz-utils )
235	+ pam? ( virtual/pam )
236	+ plymouth? ( sys-boot/plymouth )
237	+ selinux? ( sys-libs/libselinux )
238	+ tcpd? ( sys-apps/tcp-wrappers )"
239	+
240	+DEPEND="${RDEPEND}
241	+ app-arch/xz-utils
242	+ app-text/docbook-xsl-stylesheets
243	+ dev-libs/libxslt
244	+ dev-util/gperf
245	+ dev-util/intltool
246	+ >=sys-kernel/linux-headers-${MINKV}"
247	+
248	+PATCHES=(
249	+ # bug #408879: Session Logout File Deletion Weakness (CVE-2012-1174)
250	+ "${FILESDIR}"/0001-util-never-follow-symlinks-in-rm_rf_children.patch
251	+ # Not all architectures have PAGE_SIZE
252	+ "${FILESDIR}"/journal-use-NAME_MAX.patch
253	+)
254	+
255	+pkg_setup() {
256	+ enewgroup lock # used by var-lock.mount
257	+ enewgroup tty 5 # used by mount-setup for /dev/pts
258	+}
259	+
260	+src_configure() {
261	+ local myeconfargs=(
262	+ --with-distro=gentoo
263	+ # install everything to /usr
264	+ --with-rootprefix=/usr
265	+ --with-rootlibdir=/usr/$(get_libdir)
266	+ # but pam modules have to lie in /lib*
267	+ --with-pamlibdir=/$(get_libdir)/security
268	+ --localstatedir=/var
269	+ # make sure we get /bin:/sbin in $PATH
270	+ --enable-split-usr
271	+ $(use_enable acl)
272	+ $(use_enable audit)
273	+ $(use_enable cryptsetup libcryptsetup)
274	+ $(use_enable lzma xz)
275	+ $(use_enable pam)
276	+ $(use_enable plymouth)
277	+ $(use_enable selinux)
278	+ $(use_enable tcpd tcpwrap)
279	+ # now in sys-apps/systemd-ui
280	+ --disable-gtk
281	+ )
282	+
283	+ autotools-utils_src_configure
284	+}
285	+
286	+src_install() {
287	+ autotools-utils_src_install \
288	+ bashcompletiondir=/tmp
289	+
290	+ # compat for init= use
291	+ dosym ../usr/lib/systemd/systemd /bin/systemd
292	+ dosym ../lib/systemd/systemd /usr/bin/systemd
293	+ # rsyslog.service depends on it...
294	+ dosym ../usr/bin/systemctl /bin/systemctl
295	+
296	+ # move files as necessary
297	+ newbashcomp "${D}"/tmp/systemd-bash-completion.sh ${PN}
298	+ rm -r "${D}"/tmp \|\| die
299	+
300	+ # we just keep sysvinit tools, so no need for the mans
301	+ rm "${D}"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 \
302	+ \|\| die
303	+ rm "${D}"/usr/share/man/man1/init.1 \|\| die
304	+
305	+ # Create /run/lock as required by new baselay/OpenRC compat.
306	+ insinto /usr/lib/tmpfiles.d
307	+ doins "${FILESDIR}"/gentoo-run.conf
308	+
309	+ # Migration helpers.
310	+ exeinto /usr/libexec/systemd
311	+ doexe "${FILESDIR}"/update-etc-systemd-symlinks.sh
312	+ systemd_dounit "${FILESDIR}"/update-etc-systemd-symlinks.{service,path}
313	+ systemd_enable_service sysinit.target update-etc-systemd-symlinks.path
314	+}
315	+
316	+pkg_preinst() {
317	+ local CONFIG_CHECK="~AUTOFS4_FS ~CGROUPS ~DEVTMPFS ~FANOTIFY ~IPV6"
318	+ kernel_is -ge ${MINKV//./ } \|\| ewarn "Kernel version at least ${MINKV} required"
319	+ check_extra_config
320	+}
321	+
322	+optfeature() {
323	+ elog " [\e[1m$(has_version ${1} && echo I \|\| echo ' ')\e[0m] ${1} (${2})"
324	+}
325	+
326	+pkg_postinst() {
327	+ mkdir -p "${ROOT}"/run \|\| ewarn "Unable to mkdir /run, this could mean trouble."
328	+ if [[ ! -L "${ROOT}"/etc/mtab ]]; then
329	+ ewarn "Upstream suggests that the /etc/mtab file should be a symlink to /proc/mounts."
330	+ ewarn "It is known to cause users being unable to unmount user mounts. If you don't"
331	+ ewarn "require that specific feature, please call:"
332	+ ewarn " $ ln -sf '${ROOT}proc/self/mounts' '${ROOT}etc/mtab'"
333	+ ewarn
334	+ fi
335	+
336	+ elog "You may need to perform some additional configuration for some programs"
337	+ elog "to work, see the systemd manpages for loading modules and handling tmpfiles:"
338	+ elog " $ man modules-load.d"
339	+ elog " $ man tmpfiles.d"
340	+ elog
341	+
342	+ elog "To get additional features, a number of optional runtime dependencies may"
343	+ elog "be installed:"
344	+ optfeature 'dev-python/dbus-python' 'for systemd-analyze'
345	+ optfeature 'dev-python/pycairo[svg]' 'for systemd-analyze plotting ability'
346	+ optfeature 'sys-apps/systemd-ui' 'for GTK+ systemadm UI and gnome-ask-password-agent'
347	+ elog
348	+
349	+ ewarn "Please note this is a work-in-progress and many packages in Gentoo"
350	+ ewarn "do not supply systemd unit files yet. You are testing it on your own"
351	+ ewarn "responsibility. Please remember than you can pass:"
352	+ ewarn " init=/sbin/init"
353	+ ewarn "to your kernel to boot using sysvinit / OpenRC."
354	+
355	+ # Don't run it if we're outta /
356	+ if [[ ! ${ROOT%/} ]]; then
357	+ # Update symlinks to moved units.
358	+ sh "${FILESDIR}"/update-etc-systemd-symlinks.sh
359	+
360	+ # Try to start migration unit.
361	+ ebegin "Trying to start migration helper path monitoring."
362	+ systemctl --system start update-etc-systemd-symlinks.path 2>/dev/null
363	+ eend ${?}
364	+ fi
365	+}

Gentoo Archives: gentoo-commits