summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBernard Cafarelli <voyageur@gentoo.org>2014-04-23 09:50:21 +0000
committerBernard Cafarelli <voyageur@gentoo.org>2014-04-23 09:50:21 +0000
commitfa5dff6f1e6f1874ae9adb511936fa40f9e22c71 (patch)
tree819b4be342910a4ab18ff81555619eac23898cc6
parentStable for amd64 wrt bug #502838 (diff)
downloadgentoo-2-fa5dff6f1e6f1874ae9adb511936fa40f9e22c71.tar.gz
gentoo-2-fa5dff6f1e6f1874ae9adb511936fa40f9e22c71.tar.bz2
gentoo-2-fa5dff6f1e6f1874ae9adb511936fa40f9e22c71.zip
Upstream backport to fix gdomap denial of service, security bug #508370
(Portage version: 2.2.10/cvs/Linux x86_64, signed Manifest commit with key C74525F2)
-rw-r--r--gnustep-base/gnustep-base/ChangeLog8
-rw-r--r--gnustep-base/gnustep-base/files/gnustep-base-1.24.6-gdomap_dos.patch65
-rw-r--r--gnustep-base/gnustep-base/gnustep-base-1.24.6-r1.ebuild72
3 files changed, 144 insertions, 1 deletions
diff --git a/gnustep-base/gnustep-base/ChangeLog b/gnustep-base/gnustep-base/ChangeLog
index b4cd3d451e83..bcf351a5fc1d 100644
--- a/gnustep-base/gnustep-base/ChangeLog
+++ b/gnustep-base/gnustep-base/ChangeLog
@@ -1,6 +1,12 @@
# ChangeLog for gnustep-base/gnustep-base
# Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/gnustep-base/gnustep-base/ChangeLog,v 1.121 2014/01/29 15:11:24 voyageur Exp $
+# $Header: /var/cvsroot/gentoo-x86/gnustep-base/gnustep-base/ChangeLog,v 1.122 2014/04/23 09:50:20 voyageur Exp $
+
+*gnustep-base-1.24.6-r1 (23 Apr 2014)
+
+ 23 Apr 2014; Bernard Cafarelli <voyageur@gentoo.org>
+ +gnustep-base-1.24.6-r1.ebuild, +files/gnustep-base-1.24.6-gdomap_dos.patch:
+ Upstream backport to fix gdomap denial of service, security bug #508370
*gnustep-base-1.24.6 (29 Jan 2014)
diff --git a/gnustep-base/gnustep-base/files/gnustep-base-1.24.6-gdomap_dos.patch b/gnustep-base/gnustep-base/files/gnustep-base-1.24.6-gdomap_dos.patch
new file mode 100644
index 000000000000..ed348f9867a7
--- /dev/null
+++ b/gnustep-base/gnustep-base/files/gnustep-base-1.24.6-gdomap_dos.patch
@@ -0,0 +1,65 @@
+--- libs/base/trunk/Tools/gdomap.c 2014/03/19 08:07:41 37755
++++ libs/base/trunk/Tools/gdomap.c 2014/03/19 08:18:09 37756
+@@ -296,7 +296,7 @@
+ # define syslog(prio, msg,...) slogf(_SLOG_SETCODE(_SLOG_SYSLOG, 0), prio, msg, __VA_ARGS__)
+ # endif
+
+-static int log_priority;
++static int log_priority = 0;
+
+ static void
+ gdomap_log (int prio)
+@@ -4481,16 +4481,7 @@
+ const char *machine = 0;
+ const char *lookupf = 0;
+ int donamesf = 0;
+-
+-#if defined(HAVE_SYSLOG)
+- /* Initially, gdomap_log errors to stderr as well as to syslogd. */
+-#if defined(SYSLOG_4_2)
+- openlog ("gdomap", LOG_NDELAY);
+- log_priority = LOG_DAEMON;
+-#elif !defined(HAVE_SLOGF)
+- openlog ("gdomap", LOG_NDELAY, LOG_DAEMON);
+-#endif
+-#endif
++ int forked = 0;
+
+ #if defined(__MINGW__)
+ WORD wVersionRequested;
+@@ -4851,7 +4842,6 @@
+ #else
+ if (nofork == 0)
+ {
+- is_daemon = 1;
+ /*
+ * Now fork off child process to run in background.
+ */
+@@ -4865,6 +4855,7 @@
+ /*
+ * Try to run in background.
+ */
++ forked = 1;
+ #if defined(NeXT)
+ setpgrp(0, getpid());
+ #else
+@@ -4924,6 +4915,19 @@
+
+ #endif /* !__MINGW__ */
+
++ if (forked)
++ {
++ is_daemon = 1;
++#if defined(HAVE_SYSLOG)
++#if defined(SYSLOG_4_2)
++ openlog ("gdomap", LOG_NDELAY);
++ log_priority = LOG_DAEMON;
++#elif !defined(HAVE_SLOGF)
++ openlog ("gdomap", LOG_NDELAY, LOG_DAEMON);
++#endif
++#endif
++ }
++
+ init_my_port(); /* Determine port to listen on. */
+ init_ports(); /* Create ports to handle requests. */
+
diff --git a/gnustep-base/gnustep-base/gnustep-base-1.24.6-r1.ebuild b/gnustep-base/gnustep-base/gnustep-base-1.24.6-r1.ebuild
new file mode 100644
index 000000000000..d34785821aaa
--- /dev/null
+++ b/gnustep-base/gnustep-base/gnustep-base-1.24.6-r1.ebuild
@@ -0,0 +1,72 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/gnustep-base/gnustep-base/gnustep-base-1.24.6-r1.ebuild,v 1.1 2014/04/23 09:50:20 voyageur Exp $
+
+EAPI=5
+inherit eutils gnustep-base
+
+DESCRIPTION="A library of general-purpose, non-graphical Objective C objects."
+HOMEPAGE="http://www.gnustep.org"
+SRC_URI="ftp://ftp.gnustep.org/pub/gnustep/core/${P}.tar.gz"
+
+LICENSE="GPL-2 LGPL-2.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux ~sparc-solaris ~x86-solaris"
+IUSE="+icu +libffi ssl zeroconf"
+
+RDEPEND="${GNUSTEP_CORE_DEPEND}
+ >=gnustep-base/gnustep-make-2.6.0
+ icu? ( >=dev-libs/icu-4.0:= )
+ !libffi? ( dev-libs/ffcall
+ gnustep-base/gnustep-make[-native-exceptions] )
+ libffi? ( virtual/libffi )
+ ssl? ( net-libs/gnutls )
+ >=dev-libs/libxml2-2.6
+ >=dev-libs/libxslt-1.1
+ >=dev-libs/gmp-4.1
+ >=dev-libs/openssl-0.9.7
+ >=sys-libs/zlib-1.2
+ zeroconf? ( net-dns/avahi )"
+DEPEND="${RDEPEND}
+ virtual/pkgconfig"
+
+src_prepare() {
+ epatch "${FILESDIR}"/${P}-gdomap_dos.patch
+}
+
+src_configure() {
+ egnustep_env
+
+ local myconf
+ if use libffi;
+ then
+ myconf="--enable-libffi --disable-ffcall --with-ffi-include=$(pkg-config --variable=includedir libffi)"
+ else
+ myconf="--disable-libffi --enable-ffcall"
+ fi
+
+ myconf="$myconf $(use_enable icu)"
+ myconf="$myconf $(use_enable ssl tls)"
+ myconf="$myconf $(use_enable zeroconf)"
+ myconf="$myconf --with-xml-prefix=${EPREFIX}/usr"
+ myconf="$myconf --with-gmp-include=${EPREFIX}/usr/include --with-gmp-library=${EPREFIX}/usr/lib"
+ myconf="$myconf --with-default-config=${EPREFIX}/etc/GNUstep/GNUstep.conf"
+
+ econf $myconf
+}
+
+src_install() {
+ # We need to set LD_LIBRARY_PATH because the doc generation program
+ # uses the gnustep-base libraries. Since egnustep_env "cleans the
+ # environment" including our LD_LIBRARY_PATH, we're left no choice
+ # but doing it like this.
+
+ egnustep_env
+ egnustep_install
+
+ if use doc ; then
+ export LD_LIBRARY_PATH="${S}/Source/obj:${LD_LIBRARY_PATH}"
+ egnustep_doc
+ fi
+ egnustep_install_config
+}