diff options
| author |   Michael Weber <xmw@gentoo.org> | 2012-06-29 06:28:41 +0000 |
|---|---|---|
| committer | Michael Weber <xmw@gentoo.org> | 2012-06-29 06:28:41 +0000 |
| commit | 973817ad845a31bee2ef3c79ab57b8f316862f8d (patch) | |
| tree | 718a3fc9b9425022bba0803e7fca56ae793691c4 /app-admin | |
| parent | Add IUSE cheetah (bug 423231 by Alexandr Tiurin) (diff) | |
| download | gentoo-2-973817ad845a31bee2ef3c79ab57b8f316862f8d.tar.gz gentoo-2-973817ad845a31bee2ef3c79ab57b8f316862f8d.tar.bz2 gentoo-2-973817ad845a31bee2ef3c79ab57b8f316862f8d.zip | |
Revbump to fix trigger plugin security problem (bug 424025)
(Portage version: 2.1.11.3/cvs/Linux x86_64)
Diffstat (limited to 'app-admin')
| -rw-r--r-- | app-admin/bcfg2/ChangeLog | 8 | ||||
| -rw-r--r-- | app-admin/bcfg2/bcfg2-1.2.2-r1.ebuild | 84 | ||||
| -rw-r--r-- | app-admin/bcfg2/files/bcfg2-1.2.2-CVE-2012-3366-Trigger-plugin.patch | 63 |
3 files changed, 154 insertions, 1 deletions
diff --git a/app-admin/bcfg2/ChangeLog b/app-admin/bcfg2/ChangeLog index 53ccb60ed3a2..e1553448ee00 100644 --- a/app-admin/bcfg2/ChangeLog +++ b/app-admin/bcfg2/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for app-admin/bcfg2 # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-admin/bcfg2/ChangeLog,v 1.25 2012/06/29 06:16:32 xmw Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-admin/bcfg2/ChangeLog,v 1.26 2012/06/29 06:28:41 xmw Exp $ + +*bcfg2-1.2.2-r1 (29 Jun 2012) + + 29 Jun 2012; Michael Weber <xmw@gentoo.org> +bcfg2-1.2.2-r1.ebuild, + +files/bcfg2-1.2.2-CVE-2012-3366-Trigger-plugin.patch: + Revbump to fix trigger plugin security problem (bug 424025) 29 Jun 2012; Michael Weber <xmw@gentoo.org> bcfg2-1.2.2.ebuild, metadata.xml: Add IUSE cheetah (bug 423231 by Alexandr Tiurin) diff --git a/app-admin/bcfg2/bcfg2-1.2.2-r1.ebuild b/app-admin/bcfg2/bcfg2-1.2.2-r1.ebuild new file mode 100644 index 000000000000..fb5e0cd482e7 --- /dev/null +++ b/app-admin/bcfg2/bcfg2-1.2.2-r1.ebuild @@ -0,0 +1,84 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/app-admin/bcfg2/bcfg2-1.2.2-r1.ebuild,v 1.1 2012/06/29 06:28:40 xmw Exp $ + +EAPI="4" + +PYTHON_DEPEND="2:2.6" +SUPPORT_PYTHON_ABIS="1" +# ssl module required. +RESTRICT_PYTHON_ABIS="2.4 2.5 3.*" + +inherit distutils eutils + +DESCRIPTION="configuration management tool" +HOMEPAGE="http://bcfg2.org" +SRC_URI="ftp://ftp.mcs.anl.gov/pub/bcfg/${P}.tar.gz" + +LICENSE="BSD" +SLOT="0" +KEYWORDS="~amd64 ~x86 ~amd64-linux ~x86-linux ~x64-solaris" +IUSE="doc cheetah genshi server" + +DEPEND="dev-python/setuptools + doc? ( dev-python/sphinx )" +RDEPEND="app-portage/gentoolkit + cheetah? ( dev-python/cheetah ) + genshi? ( dev-python/genshi ) + server? ( + virtual/fam + dev-python/lxml + dev-libs/libgamin[python] )" + +PYTHON_MODNAME="Bcfg2" + +distutils_src_install_post_hook() { + if ! use server; then + rm -f "$(distutils_get_intermediate_installation_image)${EPREFIX}/usr/sbin/bcfg2-"* + fi +} + +src_prepare() { + epatch "${FILESDIR}"/${P}-CVE-2012-3366-Trigger-plugin.patch + distutils_src_prepare +} + +src_compile() { + distutils_src_compile + + if use doc; then + einfo "Building Bcfg2 documentation" + PYTHONPATH="build-$(PYTHON -f --ABI)" \ + sphinx-build doc doc_output || die + fi +} + +src_install() { + distutils_src_install --record=PY_SERVER_LIBS --install-scripts "${EPREFIX}/usr/sbin" + + if ! use server; then + rm -rf "${ED}usr/share/bcfg2" || die + rm -rf "${ED}usr/share/man/man8" || die + else + newinitd "${FILESDIR}/${PN}-server-1.2.0.rc" bcfg2-server + fi + + insinto /etc + doins examples/bcfg2.conf + + if use doc; then + pushd doc_output > /dev/null + insinto /usr/share/doc/${PF}/html + doins -r [a-z]* _images _static || die "Failed to install documentation" + popd > /dev/null + fi +} + +pkg_postinst () { + distutils_pkg_postinst + + if use server; then + einfo "If this is a new installation, you probably need to run:" + einfo " bcfg2-admin init" + fi +} diff --git a/app-admin/bcfg2/files/bcfg2-1.2.2-CVE-2012-3366-Trigger-plugin.patch b/app-admin/bcfg2/files/bcfg2-1.2.2-CVE-2012-3366-Trigger-plugin.patch new file mode 100644 index 000000000000..031dfa89d3e0 --- /dev/null +++ b/app-admin/bcfg2/files/bcfg2-1.2.2-CVE-2012-3366-Trigger-plugin.patch @@ -0,0 +1,63 @@ +Downloaded from http://trac.mcs.anl.gov/projects/bcfg2/changeset/a524967e8d5c4c22e49cd619aed20c87a316c0be/
+
+Index: src/lib/Server/Plugins/Trigger.py
+===================================================================
+--- src/lib/Server/Plugins/Trigger.py (revision bf5040f75e71e25af0b9b5c2a9c098c5933d4acc)
++++ src/lib/Server/Plugins/Trigger.py (revision a524967e8d5c4c22e49cd619aed20c87a316c0be)
+@@ -1,16 +1,6 @@
+ import os
++import pipes
+ import Bcfg2.Server.Plugin
+-
+-
+-def async_run(prog, args):
+- pid = os.fork()
+- if pid:
+- os.waitpid(pid, 0)
+- else:
+- dpid = os.fork()
+- if not dpid:
+- os.system(" ".join([prog] + args))
+- os._exit(0)
+-
++from subprocess import Popen, PIPE
+
+ class Trigger(Bcfg2.Server.Plugin.Plugin,
+@@ -31,8 +21,29 @@
+ raise Bcfg2.Server.Plugin.PluginInitError
+
++ def async_run(self, args):
++ pid = os.fork()
++ if pid:
++ os.waitpid(pid, 0)
++ else:
++ dpid = os.fork()
++ if not dpid:
++ self.debug_log("Running %s" % " ".join(pipes.quote(a)
++ for a in args))
++ proc = Popen(args, stdin=PIPE, stdout=PIPE, stderr=PIPE)
++ (out, err) = proc.communicate()
++ rv = proc.wait()
++ if rv != 0:
++ self.logger.error("Trigger: Error running %s (%s): %s" %
++ (args[0], rv, err))
++ elif err:
++ self.debug_log("Trigger: Error: %s" % err)
++ os._exit(0)
++
+ def process_statistics(self, metadata, _):
+ args = [metadata.hostname, '-p', metadata.profile, '-g',
+ ':'.join([g for g in metadata.groups])]
++ self.debug_log("running triggers")
+ for notifier in os.listdir(self.data):
++ self.debug_log("running %s" % notifier)
+ if ((notifier[-1] == '~') or
+ (notifier[:2] == '.#') or
+@@ -40,5 +51,4 @@
+ (notifier in ['SCCS', '.svn', '4913'])):
+ continue
+- npath = self.data + '/' + notifier
+- self.logger.debug("Running %s %s" % (npath, " ".join(args)))
+- async_run(npath, args)
++ npath = os.path.join(self.data, notifier)
++ self.async_run([npath] + args)
|