Fix for CVE-2011-2910. see Bug #379293

(Portage version: 2.1.10.11/cvs/Linux x86_64)

4 files changed, 128 insertions, 2 deletions

diff --git a/media-radio/ax25-tools/ChangeLog b/media-radio/ax25-tools/ChangeLog
index a885f33ae857..b9739dc48652 100644
--- a/media-radio/ax25-tools/ChangeLog
+++ b/media-radio/ax25-tools/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for media-radio/ax25-tools
 # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/media-radio/ax25-tools/ChangeLog,v 1.9 2011/01/08 18:18:37 tomjbe Exp $
+# $Header: /var/cvsroot/gentoo-x86/media-radio/ax25-tools/ChangeLog,v 1.10 2011/08/30 16:59:58 tomjbe Exp $
+
+*ax25-tools-0.0.10_rc2-r1 (30 Aug 2011)
+
+  30 Aug 2011; Thomas Beierlein <tomjbe@gentoo.org>
+  +ax25-tools-0.0.10_rc2-r1.ebuild,
+  +files/ax25-tools-0.0.10_rc2-cve-2011-2910.patch, metadata.xml:
+  Fix for CVE-2011-2910. see Bug #379293
 
   08 Jan 2011; Thomas Beierlein <tomjbe@gentoo.org> metadata.xml:
   Fix typo in metadata.xml
diff --git a/media-radio/ax25-tools/ax25-tools-0.0.10_rc2-r1.ebuild b/media-radio/ax25-tools/ax25-tools-0.0.10_rc2-r1.ebuild
new file mode 100644
index 000000000000..0c583c08ceec
--- /dev/null
+++ b/media-radio/ax25-tools/ax25-tools-0.0.10_rc2-r1.ebuild
@@ -0,0 +1,51 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/media-radio/ax25-tools/ax25-tools-0.0.10_rc2-r1.ebuild,v 1.1 2011/08/30 16:59:58 tomjbe Exp $
+
+EAPI="2"
+inherit autotools eutils
+
+MY_P=${P/_/-}
+
+DESCRIPTION="Basic AX.25 (Amateur Radio) administrative tools and daemons"
+HOMEPAGE="http://www.linux-ax25.org/"
+SRC_URI="http://www.linux-ax25.org/pub/${PN}/${MY_P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~ppc ~x86"
+IUSE="X"
+
+S=${WORKDIR}/${MY_P}
+
+DEPEND="dev-libs/libax25
+	X? ( x11-libs/libX11
+		media-libs/mesa )"
+RDEPEND=${DEPEND}
+
+src_prepare() {
+	epatch "${FILESDIR}/${P}-parallel-make.patch" \
+		"${FILESDIR}/${P}-cve-2011-2910.patch" # see bug # 379293
+	eautoreconf
+}
+
+src_configure() {
+	econf $(use_with X x)
+}
+
+src_install() {
+	emake DESTDIR="${D}" install installconf || die "emake install failed"
+
+	# Package does not respect --docdir
+	rm -rf "${D}"/usr/share/doc/ax25-tools || die "clean-up doc failed"
+	dodoc AUTHORS ChangeLog NEWS README tcpip/ttylinkd.README \
+	user_call/README.user_call yamdrv/README.yamdrv dmascc/README.dmascc \
+	tcpip/ttylinkd.INSTALL || die "dodoc failed"
+
+	newinitd "${FILESDIR}"/ax25d.rc ax25d || die "ax25d rc install failed"
+	newinitd "${FILESDIR}"/mheardd.rc mheardd || die "mheardd rc install failed"
+	newinitd "${FILESDIR}"/netromd.rc netromd || die "netromd rc install failed"
+	newinitd "${FILESDIR}"/rip98d.rc rip98d || die "rip98d rc install failed"
+	newinitd "${FILESDIR}"/rxecho.rc rxecho || die "rxecho rc install failed"
+	newinitd "${FILESDIR}"/ttylinkd.rc ttylinkd || die "ttylinkd install failed"
+}
diff --git a/media-radio/ax25-tools/files/ax25-tools-0.0.10_rc2-cve-2011-2910.patch b/media-radio/ax25-tools/files/ax25-tools-0.0.10_rc2-cve-2011-2910.patch
new file mode 100644
index 000000000000..9b5eb608c7bf
--- /dev/null
+++ b/media-radio/ax25-tools/files/ax25-tools-0.0.10_rc2-cve-2011-2910.patch
@@ -0,0 +1,68 @@
+diff -Nur ax25-tools-0.0.10-rc2/ax25/ax25d.c ax25-tools/ax25/ax25d.c
+--- ax25-tools-0.0.10-rc2/ax25/ax25d.c	2009-06-21 20:01:55.000000000 +0200
++++ ax25-tools/ax25/ax25d.c	2011-08-18 11:51:08.000000000 +0200
+@@ -1,5 +1,5 @@
+ /*
+- * $Id: ax25-tools-0.0.10_rc2-cve-2011-2910.patch,v 1.1 2011/08/30 16:59:58 tomjbe Exp $
++ * $Id: ax25-tools-0.0.10_rc2-cve-2011-2910.patch,v 1.1 2011/08/30 16:59:58 tomjbe Exp $
+  *
+  *  This is my version of axl.c, written for the LBBS code to make it
+  *    compatable with the kernel AX25 driver.  It appears to work, with
+@@ -577,7 +577,7 @@
+ 							/* close link */
+ 							/* setproctitle("ax25d [%s]: disconnecting", User); */
+ 							close(new);
+-							return 0;
++							exit(0);
+ 						}
+ login:
+ 						/* setproctitle("ax25d [%s]: login", User); */
+@@ -614,11 +614,15 @@
+ 							closelog();
+ 
+ 						/* Make root secure, before we exec() */
+-						setgroups(0, grps);	/* Strip any supplementary gid's */
+-						setgid(raxl->gid);
+-						setuid(raxl->uid);
++						/* Strip any supplementary gid's */
++						if (setgroups(0, grps) == -1)
++							exit(1);
++						if (setgid(raxl->gid) == -1)
++							exit(1);
++						if (setuid(raxl->uid) == -1)
++							exit(1);
+ 						execve(raxl->exec, argv, NULL);
+-						return 1;
++						exit(1);
+ 
+ 					default:
+ 						close(new);
+diff -Nur ax25-tools-0.0.10-rc2/ax25/axspawn.c ax25-tools/ax25/axspawn.c
+--- ax25-tools-0.0.10-rc2/ax25/axspawn.c	2009-06-21 20:01:55.000000000 +0200
++++ ax25-tools/ax25/axspawn.c	2011-08-18 12:43:49.000000000 +0200
+@@ -1,10 +1,10 @@
+ /*
+  *
+- * $Id: ax25-tools-0.0.10_rc2-cve-2011-2910.patch,v 1.1 2011/08/30 16:59:58 tomjbe Exp $
++ * $Id: ax25-tools-0.0.10_rc2-cve-2011-2910.patch,v 1.1 2011/08/30 16:59:58 tomjbe Exp $
+  *
+  * axspawn.c - run a program from ax25d.
+  *
+- * Copyright (c) 1996 Jörg Reuter DL1BKE (jreuter@poboxes.com)
++ * Copyright (c) 1996 Joerg Reuter DL1BKE (jreuter@poboxes.com)
+  *
+  * This program is a hack.
+  * 
+@@ -1693,7 +1693,11 @@
+                 pututline(&ut_line);
+                 endutent();
+ 
+-		setsid();
++		/* become process group leader, if we not already are */
++		if (getpid() != getsid(0)) {
++			if (setsid() == -1)
++				exit(1);
++		}
+ 
+                 chargc = 0;
+                 envc = 0;
diff --git a/media-radio/ax25-tools/metadata.xml b/media-radio/ax25-tools/metadata.xml
index 0324fc6021af..38613982ebd1 100644
--- a/media-radio/ax25-tools/metadata.xml
+++ b/media-radio/ax25-tools/metadata.xml
@@ -4,7 +4,7 @@
 	<herd>no-herd</herd>
 	<maintainer>
 		<email>tomjbe@gentoo.org</email>
-		<name>Thomaas Beierlein</name>
+		<name>Thomas Beierlein</name>
 	</maintainer>
 	<use>
 		<flag name='X'>Enable some X based configuration tools.</flag>