diff options
author | Stefan Cornelius <dercorny@gentoo.org> | 2006-06-01 13:15:11 +0000 |
---|---|---|
committer | Stefan Cornelius <dercorny@gentoo.org> | 2006-06-01 13:15:11 +0000 |
commit | cb36367828fffc95b02e8fef21b4920a559092b0 (patch) | |
tree | 0b5c67bf6684e10a1a1860381039f6bf1ba21b94 /sys-process | |
parent | Add patch to build on HPPA Linux, thanks to Guy Martin (gmsoft). (diff) | |
download | gentoo-2-cb36367828fffc95b02e8fef21b4920a559092b0.tar.gz gentoo-2-cb36367828fffc95b02e8fef21b4920a559092b0.tar.bz2 gentoo-2-cb36367828fffc95b02e8fef21b4920a559092b0.zip |
Bumping for security bug #134194, special thanks to Eugene Ilkov
(Portage version: 2.1_rc3-r2)
Diffstat (limited to 'sys-process')
-rw-r--r-- | sys-process/vixie-cron/ChangeLog | 8 | ||||
-rw-r--r-- | sys-process/vixie-cron/files/digest-vixie-cron-4.1-r9 | 6 | ||||
-rw-r--r-- | sys-process/vixie-cron/files/vixie-cron-4.1-setuid_check.patch | 29 | ||||
-rw-r--r-- | sys-process/vixie-cron/vixie-cron-4.1-r9.ebuild | 103 |
4 files changed, 145 insertions, 1 deletions
diff --git a/sys-process/vixie-cron/ChangeLog b/sys-process/vixie-cron/ChangeLog index 91b4173bc8e9..4dc86595a521 100644 --- a/sys-process/vixie-cron/ChangeLog +++ b/sys-process/vixie-cron/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for sys-process/vixie-cron # Copyright 2002-2006 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-process/vixie-cron/ChangeLog,v 1.27 2006/04/27 23:26:56 antarus Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-process/vixie-cron/ChangeLog,v 1.28 2006/06/01 13:15:11 dercorny Exp $ + +*vixie-cron-4.1-r9 (01 Jun 2006) + + 01 Jun 2006; Stefan Cornelius <dercorny@gentoo.org> + +files/vixie-cron-4.1-setuid_check.patch, +vixie-cron-4.1-r9.ebuild: + Bumping for security bug #134194, special thanks to Eugene Ilkov 27 Apr 2006; Alec Warner <antarus@gentoo.org> files/digest-vixie-cron-3.0.1-r4, files/digest-vixie-cron-3.0.1-r5, diff --git a/sys-process/vixie-cron/files/digest-vixie-cron-4.1-r9 b/sys-process/vixie-cron/files/digest-vixie-cron-4.1-r9 new file mode 100644 index 000000000000..4b0d91076cd4 --- /dev/null +++ b/sys-process/vixie-cron/files/digest-vixie-cron-4.1-r9 @@ -0,0 +1,6 @@ +MD5 c674b03c6e76798b1c74f6070df167cc vixie-cron-4.1-gentoo-r4.patch.bz2 4204 +RMD160 1d439c0bb473e8307a5c33e2449efdd9ca6fc4f5 vixie-cron-4.1-gentoo-r4.patch.bz2 4204 +SHA256 8de14b11da567f7859df3dcf71802f32ac1b3650ae07c6cb6dbc259e1f6da7fc vixie-cron-4.1-gentoo-r4.patch.bz2 4204 +MD5 09dc04f9879684d27c64c910174a9536 vixie-cron-4.1.tar.bz2 54246 +RMD160 a7f6aaa6deb9924d56da8dca3e2e323e0786f97e vixie-cron-4.1.tar.bz2 54246 +SHA256 fd25119b301e0e8306ec27ee912298740c5c8ae879bac02381429cf355d1122d vixie-cron-4.1.tar.bz2 54246 diff --git a/sys-process/vixie-cron/files/vixie-cron-4.1-setuid_check.patch b/sys-process/vixie-cron/files/vixie-cron-4.1-setuid_check.patch new file mode 100644 index 000000000000..42fd8e13edd9 --- /dev/null +++ b/sys-process/vixie-cron/files/vixie-cron-4.1-setuid_check.patch @@ -0,0 +1,29 @@ +--- vixie-cron-4.1/do_command.c 2006-05-25 16:44:26.000000000 +0400 ++++ vixie-cron-4.1.lk/do_command.c 2006-05-25 16:42:25.000000000 +0400 +@@ -240,12 +240,23 @@ + } + } + #else +- setgid(e->pwd->pw_gid); ++ + initgroups(usernm, e->pwd->pw_gid); + #if (defined(BSD)) && (BSD >= 199103) + setlogin(usernm); + #endif /* BSD */ +- setuid(e->pwd->pw_uid); /* we aren't root after this... */ ++ // setuid(e->pwd->pw_uid); /* we aren't root after this... */ ++ ++ if ( setgid(e->pwd->pw_gid) == -1 ) { ++ fprintf(stderr,"can't set gid for %s\n", e->pwd->pw_name); ++ _exit(1); ++ } ++ ++ if ( setuid(e->pwd->pw_uid) == -1 ) { ++ fprintf(stderr,"can't set uid for %s\n", e->pwd->pw_name); ++ _exit(1); ++ } ++ + + #endif /* LOGIN_CAP */ + chdir(env_get("HOME", e->envp)); + diff --git a/sys-process/vixie-cron/vixie-cron-4.1-r9.ebuild b/sys-process/vixie-cron/vixie-cron-4.1-r9.ebuild new file mode 100644 index 000000000000..cfe80cb41cf0 --- /dev/null +++ b/sys-process/vixie-cron/vixie-cron-4.1-r9.ebuild @@ -0,0 +1,103 @@ +# Copyright 1999-2006 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-process/vixie-cron/vixie-cron-4.1-r9.ebuild,v 1.1 2006/06/01 13:15:11 dercorny Exp $ + +inherit cron toolchain-funcs debug pam + +# no useful homepage, bug #65898 +HOMEPAGE="ftp://ftp.isc.org/isc/cron/" +DESCRIPTION="Paul Vixie's cron daemon, a fully featured crond implementation" + +SELINUX_PATCH="${P}-selinux.diff" +GENTOO_PATCH_REV="r4" + +SRC_URI="mirror://gentoo/${P}.tar.bz2 + mirror://gentoo/${P}-gentoo-${GENTOO_PATCH_REV}.patch.bz2" + +LICENSE="as-is" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd" +IUSE="selinux pam debug" + +DEPEND=">=sys-apps/portage-2.0.47-r10 + selinux? ( sys-libs/libselinux ) + pam? ( virtual/pam )" + +RDEPEND="selinux? ( sys-libs/libselinux ) + pam? ( virtual/pam )" + +pkg_setup() { + enewgroup cron 16 +} + +src_unpack() { + unpack ${A} + cd ${S} + + epatch ${WORKDIR}/${P}-gentoo-${GENTOO_PATCH_REV}.patch + epatch ${FILESDIR}/crontab.5.diff + epatch ${FILESDIR}/${P}-commandline.patch + epatch ${FILESDIR}/${P}-basename.diff + epatch ${FILESDIR}/${P}-setuid_check.patch + + use pam && epatch ${FILESDIR}/${P}-pam.patch + use selinux && epatch ${FILESDIR}/${SELINUX_PATCH} +} + +src_compile() { + # we need to tinker with ldflags since we're installing as setuid. see + # "[gentoo-core] Heads up changes in suid handing with portage >=51_pre21" + # for details. Note that we do the sed fixes here rather than in unpack so + # that our changes to LDFLAGS are picked up. + + append-ldflags $(bindnow-flags) + use debug && append-flags -DDEBUGGING + + sed -i -e "s:gcc \(-Wall.*\):$(tc-getCC) \1 ${CFLAGS}:" \ + -e "s:^\(LDFLAGS[ \t]\+=\).*:\1 ${LDFLAGS}:" Makefile \ + || die "sed Makefile failed" + + emake || die "emake failed" +} + +src_install() { + docrondir + docron + docrontab + + # /etc stuff + insinto /etc + newins ${FILESDIR}/crontab-3.0.1-r4 crontab + newins ${FILESDIR}/${P}-cron.deny cron.deny + + keepdir /etc/cron.d + newpamd ${FILESDIR}/pamd.compatible cron + newinitd ${FILESDIR}/vixie-cron.rc6 vixie-cron + + # doc stuff + doman crontab.1 crontab.5 cron.8 + dodoc ${FILESDIR}/crontab + dodoc CHANGES CONVERSION FEATURES MAIL README THANKS +} + +pkg_postinst() { + if [[ -f ${ROOT}/etc/init.d/vcron ]] + then + ewarn "Please run:" + ewarn "rc-update del vcron" + ewarn "rc-update add vixie-cron default" + fi + + # bug 71326 + if [[ -u ${ROOT}/etc/pam.d/cron ]] ; then + echo + ewarn "Warning: previous ebuilds didn't reset permissions prior" + ewarn "to installing crontab, resulting in /etc/pam.d/cron being" + ewarn "installed with the SUID and executable bits set." + ewarn + ewarn "Run the following as root to set the proper permissions:" + ewarn " chmod 0644 /etc/pam.d/cron" + echo + fi + + cron_pkg_postinst +} |