diff options
author | Gilles Dartiguelongue <eva@gentoo.org> | 2009-04-09 22:45:30 +0000 |
---|---|---|
committer | Gilles Dartiguelongue <eva@gentoo.org> | 2009-04-09 22:45:30 +0000 |
commit | d1768a07517c653099298c326026c3f72579ca4d (patch) | |
tree | dd611aafe59f3d31fb3468eddac137dca922cb26 /app-admin/system-tools-backends/files | |
parent | Update category for apache in README.Gentoo file. Remove useless "standalone"... (diff) | |
download | gentoo-2-d1768a07517c653099298c326026c3f72579ca4d.tar.gz gentoo-2-d1768a07517c653099298c326026c3f72579ca4d.tar.bz2 gentoo-2-d1768a07517c653099298c326026c3f72579ca4d.zip |
Bump to 2.6.0-r2. Include more patches from bug #214265 and from ubuntu.
(Portage version: 2.2_rc28/cvs/Linux x86_64)
Diffstat (limited to 'app-admin/system-tools-backends/files')
5 files changed, 126 insertions, 0 deletions
diff --git a/app-admin/system-tools-backends/files/system-tools-backends-2.6.0-cleanup-pid-file.patch b/app-admin/system-tools-backends/files/system-tools-backends-2.6.0-cleanup-pid-file.patch new file mode 100644 index 000000000000..6ec22b9f0645 --- /dev/null +++ b/app-admin/system-tools-backends/files/system-tools-backends-2.6.0-cleanup-pid-file.patch @@ -0,0 +1,30 @@ +# +# Ubuntu: https://bugs.launchpad.net/ubuntu/+source/system-tools-backends/+bug/298777 +# Upstream: https://bugs.freedesktop.org/show_bug.cgi?id=18625 +# Description: Patch to make S-T-B delete it's PID file when terminated +# +Index: system-tools-backends-2.6.0/dispatcher/main.c +=================================================================== +--- system-tools-backends-2.6.0.orig/dispatcher/main.c 2008-11-16 17:25:20.000000000 +0000 ++++ system-tools-backends-2.6.0/dispatcher/main.c 2008-11-16 17:25:30.000000000 +0000 +@@ -59,6 +59,12 @@ + close (dev_null_fd); + } + ++static void ++remove_pidfile (void) ++{ ++ unlink (LOCALSTATEDIR "/run/system-tools-backends.pid"); ++} ++ + void + signal_received (gint signal) + { +@@ -67,6 +73,7 @@ + case SIGTERM: + case SIGABRT: + g_object_unref (dispatcher); ++ remove_pidfile (); + exit (0); + break; + default: diff --git a/app-admin/system-tools-backends/files/system-tools-backends-2.6.0-cve-2008-4311.patch b/app-admin/system-tools-backends/files/system-tools-backends-2.6.0-cve-2008-4311.patch new file mode 100644 index 000000000000..924b57b906cc --- /dev/null +++ b/app-admin/system-tools-backends/files/system-tools-backends-2.6.0-cve-2008-4311.patch @@ -0,0 +1,44 @@ +commit fd648907e46017d46c367f59c62d0b0395830903 +Author: Simon McVittie <http://smcv.pseudorandom.co.uk/> +Date: 2009-01-04 19:35:51 +0000 + + Allow root to send messages to all the system tools backends, so they work even when CVE-2008-4311 has been fixed. + + Also disallow normal user access by destination, not by interface (fd.o #18961). + +diff --git a/system-tools-backends.conf b/system-tools-backends.conf +index 00d6d58..537ef73 100644 +--- a/system-tools-backends.conf ++++ b/system-tools-backends.conf +@@ -23,8 +23,8 @@ + --> + + <!-- configuration modules can't be accessed directly... --> +- <deny send_interface="org.freedesktop.SystemToolsBackends"/> +- <deny send_interface="org.freedesktop.SystemToolsBackends.Platform"/> ++ <deny send_destination="org.freedesktop.SystemToolsBackends"/> ++ <deny send_destination="org.freedesktop.SystemToolsBackends.Platform"/> + <deny send_destination="org.freedesktop.SystemToolsBackends"/> + </policy> + +@@ -47,9 +47,18 @@ + + <!-- be able to speak to configuration modules, + so any message to them has to go through the dispatcher --> +- <allow send_interface="org.freedesktop.SystemToolsBackends"/> +- <allow send_interface="org.freedesktop.SystemToolsBackends.Platform"/> + <allow send_destination="org.freedesktop.SystemToolsBackends"/> ++ <allow send_destination="org.freedesktop.SystemToolsBackends.Platform"/> ++ <allow send_destination="org.freedesktop.SystemToolsBackends.GroupsConfig"/> ++ <allow send_destination="org.freedesktop.SystemToolsBackends.HostsConfig"/> ++ <allow send_destination="org.freedesktop.SystemToolsBackends.IfacesConfig"/> ++ <allow send_destination="org.freedesktop.SystemToolsBackends.NFSConfig"/> ++ <allow send_destination="org.freedesktop.SystemToolsBackends.NTPConfig"/> ++ <allow send_destination="org.freedesktop.SystemToolsBackends.ServicesConfig"/> ++ <allow send_destination="org.freedesktop.SystemToolsBackends.SMBConfig"/> ++ <allow send_destination="org.freedesktop.SystemToolsBackends.TimeConfig"/> ++ <allow send_destination="org.freedesktop.SystemToolsBackends.UserConfig"/> ++ <allow send_destination="org.freedesktop.SystemToolsBackends.UsersConfig"/> + </policy> + <policy group="stb-admin"> + <!-- be able to speak to the dispatcher --> diff --git a/app-admin/system-tools-backends/files/system-tools-backends-2.6.0-default-permissions.patch b/app-admin/system-tools-backends/files/system-tools-backends-2.6.0-default-permissions.patch new file mode 100644 index 000000000000..4712182cf7d6 --- /dev/null +++ b/app-admin/system-tools-backends/files/system-tools-backends-2.6.0-default-permissions.patch @@ -0,0 +1,24 @@ +--- a/system-tools-backends.conf.orig 2008-05-28 13:20:52.246850438 +0200 ++++ b/system-tools-backends.conf 2008-05-28 13:24:07.867969323 +0200 +@@ -25,9 +25,7 @@ + <!-- configuration modules can't be accessed directly... --> + <deny send_interface="org.freedesktop.SystemToolsBackends"/> + <deny send_interface="org.freedesktop.SystemToolsBackends.Platform"/> +- +- <!-- ...so petitions go through the dispatcher instead --> +- <allow send_destination="org.freedesktop.SystemToolsBackends"/> ++ <deny send_destination="org.freedesktop.SystemToolsBackends"/> + </policy> + + <policy user="0"> +@@ -51,5 +49,10 @@ + so any message to them has to go through the dispatcher --> + <allow send_interface="org.freedesktop.SystemToolsBackends"/> + <allow send_interface="org.freedesktop.SystemToolsBackends.Platform"/> ++ <allow send_destination="org.freedesktop.SystemToolsBackends"/> ++ </policy> ++ <policy group="stb-admin"> ++ <!-- be able to speak to the dispatcher --> ++ <allow send_destination="org.freedesktop.SystemToolsBackends"/> + </policy> + </busconfig> diff --git a/app-admin/system-tools-backends/files/system-tools-backends-2.6.0-gcc43.patch b/app-admin/system-tools-backends/files/system-tools-backends-2.6.0-gcc43.patch new file mode 100644 index 000000000000..084c45f42ffc --- /dev/null +++ b/app-admin/system-tools-backends/files/system-tools-backends-2.6.0-gcc43.patch @@ -0,0 +1,15 @@ +diff --git a/dispatcher/main.c b/dispatcher/main.c +index 8088bd0..0448b5e 100644 +--- a/dispatcher/main.c ++++ b/dispatcher/main.c +@@ -47,7 +47,9 @@ daemonize (void) + + setsid (); + +- if ((pidfile_fd = open (LOCALSTATEDIR "/run/system-tools-backends.pid", O_CREAT | O_WRONLY)) != -1) ++ if ((pidfile_fd = open (LOCALSTATEDIR "/run/system-tools-backends.pid", ++ O_CREAT | O_WRONLY, ++ S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH)) != -1) + { + str = g_strdup_printf ("%d", getpid ()); + write (pidfile_fd, str, strlen (str)); diff --git a/app-admin/system-tools-backends/files/system-tools-backends-2.6.0-handle-services.patch b/app-admin/system-tools-backends/files/system-tools-backends-2.6.0-handle-services.patch new file mode 100644 index 000000000000..c8f8f96cc043 --- /dev/null +++ b/app-admin/system-tools-backends/files/system-tools-backends-2.6.0-handle-services.patch @@ -0,0 +1,13 @@ +diff --git Init/Services.pm Init/Services.pm +index c1d2620..07ed2cd 100644 +--- Init/Services.pm ++++ Init/Services.pm +@@ -802,7 +802,7 @@ sub set_gentoo_service_status + + return if ($status == $old_status); + +- if ($action == $SERVICE_START) ++ if ($status == $SERVICE_START) + { + &Utils::File::run ("rc-update add $script $rl"); + &run_gentoo_script ($script, "start"); |