summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatthias Schwarzott <zzam@gentoo.org>2009-04-16 08:58:23 +0000
committerMatthias Schwarzott <zzam@gentoo.org>2009-04-16 08:58:23 +0000
commitf08d6144fcea9295636ce11367ebb448a14ffded (patch)
tree79215f4e71ee05d28502bbc86d4b6003fb2206ef /sys-fs/udev
parentblock old freetype:1, they collide, bug #266186 (diff)
downloadgentoo-2-f08d6144fcea9295636ce11367ebb448a14ffded.tar.gz
gentoo-2-f08d6144fcea9295636ce11367ebb448a14ffded.tar.bz2
gentoo-2-f08d6144fcea9295636ce11367ebb448a14ffded.zip
Fix Bug #266290. CVE-2009-1185 and CVE-2009-1186
(Portage version: 2.1.6.11/cvs/Linux i686)
Diffstat (limited to 'sys-fs/udev')
-rw-r--r--sys-fs/udev/ChangeLog9
-rw-r--r--sys-fs/udev/files/udev-124-encoding-overflow.patch13
-rw-r--r--sys-fs/udev/files/udev-124-netlink-owner-check.patch39
-rw-r--r--sys-fs/udev/udev-124-r2.ebuild379
4 files changed, 439 insertions, 1 deletions
diff --git a/sys-fs/udev/ChangeLog b/sys-fs/udev/ChangeLog
index ab3126989527..39f12cbe5b21 100644
--- a/sys-fs/udev/ChangeLog
+++ b/sys-fs/udev/ChangeLog
@@ -1,6 +1,13 @@
# ChangeLog for sys-fs/udev
# Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-fs/udev/ChangeLog,v 1.457 2009/04/09 10:29:17 zzam Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-fs/udev/ChangeLog,v 1.458 2009/04/16 08:58:23 zzam Exp $
+
+*udev-124-r2 (16 Apr 2009)
+
+ 16 Apr 2009; Matthias Schwarzott <zzam@gentoo.org>
+ +files/udev-124-encoding-overflow.patch,
+ +files/udev-124-netlink-owner-check.patch, +udev-124-r2.ebuild:
+ Fix Bug #266290. CVE-2009-1185 and CVE-2009-1186
*udev-141 (09 Apr 2009)
diff --git a/sys-fs/udev/files/udev-124-encoding-overflow.patch b/sys-fs/udev/files/udev-124-encoding-overflow.patch
new file mode 100644
index 000000000000..1a60142b8689
--- /dev/null
+++ b/sys-fs/udev/files/udev-124-encoding-overflow.patch
@@ -0,0 +1,13 @@
+diff --git a/udev_utils_string.c b/udev_utils_string.c
+index e3dc137..0995da5 100644
+--- a/udev_utils_string.c
++++ b/udev_utils_string.c
+@@ -52,7 +52,7 @@ void remove_trailing_chars(char *path, char c)
+
+ size_t path_encode(char *s, size_t len)
+ {
+- char t[(len * 3)+1];
++ char t[(len * 4)+1];
+ size_t i, j;
+
+ t[0] = '\0';
diff --git a/sys-fs/udev/files/udev-124-netlink-owner-check.patch b/sys-fs/udev/files/udev-124-netlink-owner-check.patch
new file mode 100644
index 000000000000..4159637e8da5
--- /dev/null
+++ b/sys-fs/udev/files/udev-124-netlink-owner-check.patch
@@ -0,0 +1,39 @@
+diff -ruNp udev-124~/udevd.c udev-124/udevd.c
+--- udev-124~/udevd.c 2008-06-11 22:24:30.000000000 -0700
++++ udev-124/udevd.c 2009-04-08 16:30:06.000000000 -0700
+@@ -753,16 +753,34 @@ static struct udevd_uevent_msg *get_netl
+ struct udevd_uevent_msg *msg;
+ int bufpos;
+ ssize_t size;
++ struct sockaddr_nl snl;
++ struct msghdr smsg;
++ struct iovec iov;
+ static char buffer[UEVENT_BUFFER_SIZE+512];
+ char *pos;
+
+- size = recv(uevent_netlink_sock, &buffer, sizeof(buffer), 0);
++ iov.iov_base = buffer;
++ iov.iov_len = sizeof(buffer);
++
++ memset(&smsg, 0x00, sizeof(struct msghdr));
++ smsg.msg_name = &snl;
++ smsg.msg_namelen = sizeof(struct sockaddr_nl);
++ smsg.msg_iov = &iov;
++ smsg.msg_iovlen = 1;
++
++ size = recvmsg(uevent_netlink_sock, &smsg, 0);
+ if (size < 0) {
+ if (errno != EINTR)
+ err("unable to receive kernel netlink message: %s\n", strerror(errno));
+ return NULL;
+ }
+
++ if ((snl.nl_groups != 1) || (snl.nl_pid != 0)) {
++ info("ignored netlink message from invalid group/sender %d/%d\n",
++ snl.nl_groups, snl.nl_pid);
++ return NULL;
++ }
++
+ if ((size_t)size > sizeof(buffer)-1)
+ size = sizeof(buffer)-1;
+ buffer[size] = '\0';
diff --git a/sys-fs/udev/udev-124-r2.ebuild b/sys-fs/udev/udev-124-r2.ebuild
new file mode 100644
index 000000000000..b6db27b93589
--- /dev/null
+++ b/sys-fs/udev/udev-124-r2.ebuild
@@ -0,0 +1,379 @@
+# Copyright 1999-2009 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-fs/udev/udev-124-r2.ebuild,v 1.1 2009/04/16 08:58:23 zzam Exp $
+
+inherit eutils flag-o-matic multilib toolchain-funcs versionator
+
+DESCRIPTION="Linux dynamic and persistent device naming support (aka userspace devfs)"
+HOMEPAGE="http://www.kernel.org/pub/linux/utils/kernel/hotplug/udev.html"
+SRC_URI="mirror://kernel/linux/utils/kernel/hotplug/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="selinux"
+
+DEPEND="selinux? ( sys-libs/libselinux )"
+RDEPEND="!sys-apps/coldplug
+ !<sys-fs/device-mapper-1.02.19-r1"
+RDEPEND="${DEPEND} ${RDEPEND}
+ >=sys-apps/baselayout-1.12.5"
+# We need the lib/rcscripts/addon support
+PROVIDE="virtual/dev-manager"
+
+pkg_setup() {
+ udev_helper_dir="/$(get_libdir)/udev"
+
+ myconf=
+ extras="extras/ata_id \
+ extras/cdrom_id \
+ extras/edd_id \
+ extras/firmware \
+ extras/floppy \
+ extras/path_id \
+ extras/scsi_id \
+ extras/usb_id \
+ extras/volume_id \
+ extras/collect \
+ extras/rule_generator"
+
+ use selinux && myconf="${myconf} USE_SELINUX=true"
+
+ # comparing kernel version without linux-info.eclass to not pull
+ # virtual/linux-sources
+
+ local KV=$(uname -r)
+ local KV_MAJOR=$(get_major_version ${KV})
+ local KV_MINOR=$(get_version_component_range 2 ${KV})
+ local KV_MICRO=$(get_version_component_range 3 ${KV})
+
+ local ok=0
+ if [[ ${KV_MAJOR} == 2 && ${KV_MINOR} == 6 && ${KV_MICRO} -ge 18 ]]
+ then
+ ok=1
+ fi
+
+ if [[ ${ok} == 0 ]]
+ then
+ ewarn
+ ewarn "${P} does not support Linux kernel before version 2.6.15!"
+ ewarn "If you want to use udev reliable you should update"
+ ewarn "to at least kernel version 2.6.18!"
+ ewarn
+ ebeep
+ fi
+}
+
+sed_helper_dir() {
+ sed -e "s#/lib/udev#${udev_helper_dir}#" -i "$@"
+}
+
+src_unpack() {
+ unpack ${A}
+
+ cd "${S}"
+
+ # patches go here...
+ # Bug #223757, Bug #208578
+ epatch "${FILESDIR}/${PN}-122-rules-update.diff"
+ epatch "${FILESDIR}/${P}-cdrom-autoclose-bug.diff"
+
+ # Bug #266290
+ epatch "${FILESDIR}/${P}-encoding-overflow.patch" # CVE-2009-1185
+ epatch "${FILESDIR}/${P}-netlink-owner-check.patch" # CVE-2009-1186
+
+ # No need to clutter the logs ...
+ sed -ie '/^DEBUG/ c\DEBUG = false' Makefile
+ # Do not use optimization flags from the package
+ sed -ie 's|$(OPTIMIZATION)||g' Makefile
+ # Do not require xmlto to refresh manpages
+ sed -ie 's|$(MAN_PAGES)||g' Makefile
+
+ # Make sure there is no sudden changes to upstream rules file
+ # (more for my own needs than anything else ...)
+ MD5=$(md5sum < "${S}/etc/udev/rules.d/50-udev-default.rules")
+ MD5=${MD5/ -/}
+ if [[ ${MD5} != db44f7e02100f57a555d48e2192c3f8d ]]
+ then
+ echo
+ eerror "50-udev-default.rules has been updated, please validate!"
+ die "50-udev-default.rules has been updated, please validate!"
+ fi
+
+ sed_helper_dir \
+ etc/udev/rules.d/50-udev-default.rules \
+ extras/rule_generator/write_*_rules \
+ udev_rules_parse.c \
+ udev_rules.c
+
+ # Use correct multilib dir
+ sed -i extras/volume_id/lib/Makefile \
+ -e "/ =/s-/lib-/$(get_libdir)-"
+}
+
+src_compile() {
+ filter-flags -fprefetch-loop-arrays
+
+ if [[ -z ${extras} ]]; then
+ eerror "Variable extras is unset!"
+ eerror "It seems you suffer from Bug #190994"
+ die "Variable extras is unset!"
+ fi
+
+ # Not everyone has full $CHOST-{ld,ar,etc...} yet
+ local mycross=""
+ type -p ${CHOST}-ar && mycross=${CHOST}-
+
+ emake \
+ EXTRAS="${extras}" \
+ libudevdir=${udev_helper_dir} \
+ CROSS_COMPILE=${mycross} \
+ OPTFLAGS="" \
+ ${myconf} || die "compiling udev failed"
+}
+
+src_install() {
+ into /
+ emake \
+ DESTDIR="${D}" \
+ libudevdir=${udev_helper_dir} \
+ EXTRAS="${extras}" \
+ ${myconf} \
+ install || die "make install failed"
+
+ exeinto "${udev_helper_dir}"
+ newexe "${FILESDIR}"/net-118-r1.sh net.sh || die "net.sh not installed properly"
+ newexe "${FILESDIR}"/move_tmp_persistent_rules-112-r1.sh move_tmp_persistent_rules.sh \
+ || die "move_tmp_persistent_rules.sh not installed properly"
+ doexe "${FILESDIR}"/write_root_link_rule \
+ || die "write_root_link_rule not installed properly"
+ newexe "${FILESDIR}"/shell-compat-118-r3.sh shell-compat.sh \
+ || die "shell-compat.sh not installed properly"
+
+ keepdir "${udev_helper_dir}"/state
+ keepdir "${udev_helper_dir}"/devices
+
+ # create symlinks for these utilities to /sbin
+ # where multipath-tools expect them to be (Bug #168588)
+ dosym "..${udev_helper_dir}/vol_id" /sbin/vol_id
+ dosym "..${udev_helper_dir}/scsi_id" /sbin/scsi_id
+
+ # vol_id library (needed by mount and HAL)
+ into /
+ rm "${D}/$(get_libdir)"/libvolume_id.so* 2>/dev/null
+ dolib extras/volume_id/lib/*.so* || die "Failed installing libvolume_id.so"
+ into /usr
+ dolib extras/volume_id/lib/*.a || die "Failed installing libvolume_id.a"
+
+ # handle static linking bug #4411
+ rm -f "${D}/usr/$(get_libdir)/libvolume_id.so"
+ gen_usr_ldscript libvolume_id.so
+
+ # Add gentoo stuff to udev.conf
+ echo "# If you need to change mount-options, do it in /etc/fstab" \
+ >> "${D}"/etc/udev/udev.conf
+
+ # Now installing rules
+ cd etc/udev
+ insinto /etc/udev/rules.d/
+
+ # Our rules files
+ doins gentoo/??-*.rules
+ doins packages/40-alsa.rules
+
+ # Adding arch specific rules
+ if [[ -f packages/40-${ARCH}.rules ]]
+ then
+ doins "packages/40-${ARCH}.rules"
+ fi
+ cd "${S}"
+
+ # our udev hooks into the rc system
+ insinto /$(get_libdir)/rcscripts/addons
+ newins "${FILESDIR}"/udev-start-122-r1.sh udev-start.sh
+ newins "${FILESDIR}"/udev-stop-118-r2.sh udev-stop.sh
+
+ # The udev-post init-script
+ newinitd "${FILESDIR}"/udev-postmount-initd-111-r2 udev-postmount
+
+ insinto /etc/modprobe.d
+ newins "${FILESDIR}"/blacklist-110 blacklist
+ doins "${FILESDIR}"/pnp-aliases
+
+ # convert /lib/udev to real used dir
+ sed_helper_dir \
+ "${D}/$(get_libdir)"/rcscripts/addons/*.sh \
+ "${D}"/etc/init.d/udev* \
+ "${D}"/etc/modprobe.d/*
+
+ # documentation
+ dodoc ChangeLog FAQ README TODO RELEASE-NOTES
+ dodoc docs/{overview,udev_vs_devfs}
+
+ cd docs/writing_udev_rules
+ mv index.html writing_udev_rules.html
+ dohtml *.html
+
+ cd "${S}"
+
+ newdoc extras/volume_id/README README_volume_id
+
+ echo "CONFIG_PROTECT_MASK=\"/etc/udev/rules.d\"" > 20udev
+ doenvd 20udev
+}
+
+pkg_preinst() {
+ if [[ -d ${ROOT}/lib/udev-state ]]
+ then
+ mv -f "${ROOT}"/lib/udev-state/* "${D}"/lib/udev/state/
+ rm -r "${ROOT}"/lib/udev-state
+ fi
+
+ if [[ -f ${ROOT}/etc/udev/udev.config &&
+ ! -f ${ROOT}/etc/udev/udev.rules ]]
+ then
+ mv -f "${ROOT}"/etc/udev/udev.config "${ROOT}"/etc/udev/udev.rules
+ fi
+
+ # delete the old udev.hotplug symlink if it is present
+ if [[ -h ${ROOT}/etc/hotplug.d/default/udev.hotplug ]]
+ then
+ rm -f "${ROOT}"/etc/hotplug.d/default/udev.hotplug
+ fi
+
+ # delete the old wait_for_sysfs.hotplug symlink if it is present
+ if [[ -h ${ROOT}/etc/hotplug.d/default/05-wait_for_sysfs.hotplug ]]
+ then
+ rm -f "${ROOT}"/etc/hotplug.d/default/05-wait_for_sysfs.hotplug
+ fi
+
+ # delete the old wait_for_sysfs.hotplug symlink if it is present
+ if [[ -h ${ROOT}/etc/hotplug.d/default/10-udev.hotplug ]]
+ then
+ rm -f "${ROOT}"/etc/hotplug.d/default/10-udev.hotplug
+ fi
+
+ # is there a stale coldplug initscript? (CONFIG_PROTECT leaves it behind)
+ coldplug_stale=""
+ if [[ -f ${ROOT}/etc/init.d/coldplug ]]
+ then
+ coldplug_stale="1"
+ fi
+
+ has_version "=${CATEGORY}/${PN}-103-r3"
+ previous_equal_to_103_r3=$?
+
+ has_version "<${CATEGORY}/${PN}-104-r5"
+ previous_less_than_104_r5=$?
+
+ has_version "<${CATEGORY}/${PN}-106-r5"
+ previous_less_than_106_r5=$?
+
+ has_version "<${CATEGORY}/${PN}-113"
+ previous_less_than_113=$?
+}
+
+pkg_postinst() {
+ # people want reminders, I'll give them reminders. Odds are they will
+ # just ignore them anyway...
+
+ if [[ ${coldplug_stale} == 1 ]]
+ then
+ ewarn "A stale coldplug init script found. You should run:"
+ ewarn
+ ewarn " rc-update del coldplug"
+ ewarn " rm -f /etc/init.d/coldplug"
+ ewarn
+ ewarn "udev now provides its own coldplug functionality."
+ fi
+
+ # delete 40-scsi-hotplug.rules - all integrated in 50-udev.rules
+ if [[ $previous_equal_to_103_r3 = 0 ]] &&
+ [[ -e ${ROOT}/etc/udev/rules.d/40-scsi-hotplug.rules ]]
+ then
+ ewarn "Deleting stray 40-scsi-hotplug.rules"
+ ewarn "installed by sys-fs/udev-103-r3"
+ rm -f "${ROOT}"/etc/udev/rules.d/40-scsi-hotplug.rules
+ fi
+
+ # Removing some device-nodes we thought we need some time ago
+ if [[ -d ${ROOT}/lib/udev/devices ]]
+ then
+ rm -f "${ROOT}"/lib/udev/devices/{null,zero,console,urandom}
+ fi
+
+ # Removing some old file
+ if [[ $previous_less_than_104_r5 = 0 ]]
+ then
+ rm -f "${ROOT}"/etc/dev.d/net/hotplug.dev
+ rmdir --ignore-fail-on-non-empty "${ROOT}"/etc/dev.d/net 2>/dev/null
+ fi
+
+ if [[ $previous_less_than_106_r5 = 0 ]] &&
+ [[ -e ${ROOT}/etc/udev/rules.d/95-net.rules ]]
+ then
+ rm -f "${ROOT}"/etc/udev/rules.d/95-net.rules
+ fi
+
+ # Try to remove /etc/dev.d as that is obsolete
+ if [[ -d ${ROOT}/etc/dev.d ]]
+ then
+ rmdir --ignore-fail-on-non-empty "${ROOT}"/etc/dev.d/default "${ROOT}"/etc/dev.d 2>/dev/null
+ if [[ -d ${ROOT}/etc/dev.d ]]
+ then
+ ewarn "You still have the directory /etc/dev.d on your system."
+ ewarn "This is no longer used by udev and can be removed."
+ fi
+ fi
+
+ # 64-device-mapper.rules now gets installed by sys-fs/device-mapper
+ # remove it if user don't has sys-fs/device-mapper installed
+ if [[ $previous_less_than_113 = 0 ]] &&
+ [[ -f ${ROOT}/etc/udev/rules.d/64-device-mapper.rules ]] &&
+ ! has_version sys-fs/device-mapper
+ then
+ rm -f "${ROOT}"/etc/udev/rules.d/64-device-mapper.rules
+ einfo "Removed unneeded file 64-device-mapper.rules"
+ fi
+
+ # requested in Bug #225033:
+ elog
+ elog "persistent-net does assigning fixed names to network devices."
+ elog "If you have problems with the persistent-net rules,"
+ elog "just delete the rules file"
+ elog "\trm ${ROOT}etc/udev/rules.d/70-persistent-net.rules"
+ elog "and then reboot."
+ elog
+ elog "This may however number your devices in a different way than they are now."
+
+ if [[ ${ROOT} == / ]]
+ then
+ # check if root of init-process is identical to ours
+ if [[ -r /proc/1/root && /proc/1/root/ -ef /proc/self/root/ ]]
+ then
+ einfo "restarting udevd now."
+ if [[ -n $(pidof udevd) ]]
+ then
+ killall -15 udevd &>/dev/null
+ sleep 1
+ killall -9 udevd &>/dev/null
+ fi
+ /sbin/udevd --daemon
+ fi
+ fi
+
+ ewarn "If you build an initramfs including udev, then please"
+ ewarn "make sure that the /sbin/udevadm binary gets included,"
+ ewarn "as the helper apps udevinfo, udevtrigger, ... are now"
+ ewarn "only symlinks to udevadm."
+
+ ewarn
+ ewarn "mount options for directory /dev are no longer"
+ ewarn "set in /etc/udev/udev.conf, but in /etc/fstab"
+ ewarn "as for other directories."
+
+ elog
+ elog "For more information on udev on Gentoo, writing udev rules, and"
+ elog " fixing known issues visit:"
+ elog " http://www.gentoo.org/doc/en/udev-guide.xml"
+}