Add patch from Debian for CVE 2007-0227. Run updatedb through ionice #231203 by Daniel Pielmeier. Add support by marty rosenberg for -0 (NUL delimited output) #216838.

(Portage version: 2.2_rc6/cvs/Linux 2.6.26.2 x86_64)

4 files changed, 162 insertions, 1 deletions

diff --git a/sys-apps/slocate/files/slocate-3.1-CVE-2007-0227.patch b/sys-apps/slocate/files/slocate-3.1-CVE-2007-0227.patch
new file mode 100644
index 000000000000..18b52ba4d824
--- /dev/null
+++ b/sys-apps/slocate/files/slocate-3.1-CVE-2007-0227.patch
@@ -0,0 +1,49 @@
+stolen from debian:
+
+  * Include patch to prevent users obtaining names of private files
+    (apply patch directly, since no patch system is used so far)
+    (Closes: #411937) Fixes: CVE-2007-0227
+    Thanks to Kees Cook
+
+--- slocate-3.1.orig/src/utils.c
++++ slocate-3.1/src/utils.c
+@@ -524,6 +524,7 @@
+ {
+ 	struct stat path_stat;
+ 	int ret = 0;
++	char *path_copy = NULL;
+ 	char *ptr = NULL;
+ 
+ 	if (lstat(path, &path_stat) == -1)
+@@ -532,15 +533,25 @@
+ 	if (!S_ISLNK(path_stat.st_mode)) {
+ 		if (access(path, F_OK) != 0)
+ 		    goto EXIT;
+-	} else if ((ptr = rindex(path, '/'))) {
+-		*ptr = 0;
+-		if (access(path, F_OK) == 0)
+-		    ret = 1;
+-		*ptr = '/';
+-		goto EXIT;
+ 	}
+ 
++	/* "path" is const, so we shouldn't modify it.  Also, for speed,
++	 * I suspect strdup/free is less expensive than the deep access
++	 * checks... */
++	if (!(path_copy = strdup(path)))
++		goto EXIT;
++
+ 	ret = 1;
++
++	/* Each directory leading to the file (symlink or not) must be
++	 * readable for us to allow it to be listed in search results. */
++	while (ret && (ptr=rindex(path_copy,'/'))) {
++		*ptr=0;
++		if (*path_copy && access(path_copy, R_OK) != 0)
++		    ret = 0;
++	}
++	free(path_copy);
++
+ EXIT:
+ 	return ret;
+ }
diff --git a/sys-apps/slocate/files/slocate-3.1-NUL.patch b/sys-apps/slocate/files/slocate-3.1-NUL.patch
new file mode 100644
index 000000000000..cfd13392686e
--- /dev/null
+++ b/sys-apps/slocate/files/slocate-3.1-NUL.patch
@@ -0,0 +1,78 @@
+add an -0 argument to output results with NUL bytes
+
+http://bugs.gentoo.org/216838
+
+patch by marty rosenberg
+
+--- slocate-3.1/src/cmds.c
++++ slocate-3.1/src/cmds.c
+@@ -129,6 +129,7 @@
+ 	       "   --output=<file>    - Specifies the database to create.\n"
+ 	       "   -d <path>\n"
+ 	       "   --database=<path>  - Specfies the path of databases to search in.\n"
++	       "   -0                 - Delimit results with \\0 rather than \\n\n"
+ 	       "   -h\n"
+ 	       "   --help             - Display this help.\n"
+ 	       "   -v\n"
+@@ -707,7 +708,7 @@
+ 	if (strcmp(g_data->progname, "updatedb") == 0)
+ 	    cmd_data->updatedb = TRUE;
+ 
+-	while ((ch = getopt(argc,argv,"VvuhqU:r:o:e:l:d:-:n:f:c:i")) != EOF) {
++	while ((ch = getopt(argc,argv,"VvuhqU:r:o:e:l:d:-:n:f:c:i0")) != EOF) {
+ 		switch(ch) {
+ 			/* Help */
+ 		 case 'h':
+@@ -823,6 +824,9 @@
+ 				goto EXIT;
+ 			}
+ 			break;
++		case '0':
++			g_data->delim = '\0';
++			break;
+ 		 default:
+ 			break;
+ 		}
+@@ -871,4 +875,3 @@
+ 
+ 	return NULL;
+ }
+-
+--- slocate-3.1/src/slocate.c
++++ slocate-3.1/src/slocate.c
+@@ -164,6 +164,7 @@
+ 	g_data->regexp_data = NULL;
+ 	g_data->queries = -1;
+ 	g_data->SLOCATE_GID = get_gid(g_data, DB_GROUP, &ret);
++	g_data->delim = '\n';
+ 	if (!ret)
+ 	    goto EXIT;	
+ 
+@@ -191,7 +192,7 @@
+ 		    goto EXIT;
+ 	}
+ 	if (g_data->VERBOSE)
+-	    fprintf(stdout, "%s\n", path);       
++		fprintf(stdout, "%s%c", path,  g_data->delim);       
+ 	/* Match number string */
+ 	ptr1 = path;
+ 	code_len = 0;
+@@ -471,7 +472,7 @@
+ 	if (match_ret == 1) {
+ 		if (g_data->queries > 0)
+ 		    g_data->queries -= 1;
+-		fprintf(stdout, "%s\n", full_path);
++		fprintf(stdout, "%s%c", full_path, g_data->delim);
+ 	}
+ 	ret = 1;
+ EXIT:
+--- slocate-3.1/src/slocate.h
++++ slocate-3.1/src/slocate.h
+@@ -81,6 +81,7 @@
+ 	char **input_db;
+ 	int queries;
+ 	struct regexp_data_s *regexp_data;
++	char delim;
+ };
+ 
+ /* Encoding data */
diff --git a/sys-apps/slocate/files/slocate-3.1-cron2.patch b/sys-apps/slocate/files/slocate-3.1-cron2.patch
new file mode 100644
index 000000000000..8229a99a7303
--- /dev/null
+++ b/sys-apps/slocate/files/slocate-3.1-cron2.patch
@@ -0,0 +1,25 @@
+--- debian/cron.daily
++++ debian/cron.daily
+@@ -1,12 +1,18 @@
+ #! /bin/sh
+ 
+-if [ -x /usr/bin/slocate ]
++if [ -x /usr/bin/updatedb ]
+ then
+ 	if [ -f /etc/updatedb.conf ]
+ 	then
+-		/usr/bin/updatedb
++		. /etc/updatedb.conf
++		args=""
+ 	else
+-		/usr/bin/updatedb -f proc
++		args="-f proc"
+ 	fi
+-	chown root.slocate /var/lib/slocate/slocate.db
++
++	# run on active process in case ionice isnt installed, or
++	# system is really old and ionice doesnt work ...
++	ionice -c ${IONICE_CLASS:-2} -n ${IONICE_PRIORITY:-7} -p $$ 2>/dev/null
++
++	nice -n ${NICE:-10} /usr/bin/updatedb ${args}
+ fi
diff --git a/sys-apps/slocate/files/updatedb.conf b/sys-apps/slocate/files/updatedb.conf
index d7aecd68cede..6e5527dd7ba8 100644
--- a/sys-apps/slocate/files/updatedb.conf
+++ b/sys-apps/slocate/files/updatedb.conf
@@ -1,5 +1,5 @@
 # /etc/updatedb.conf: config file for slocate
-# $Id: updatedb.conf,v 1.23 2007/08/08 16:22:32 lu_zero Exp $
+# $Id: updatedb.conf,v 1.24 2008/08/19 01:11:18 vapier Exp $
 
 # This file sets variables that are used by updatedb.
 # For more info, see the updatedb(1) manpage.
@@ -9,3 +9,12 @@ PRUNEFS="afs auto autofs cifs devfs devpts eventpollfs futexfs gfs hugetlbfs iso
 
 # Paths which are pruned from updatedb database
 PRUNEPATHS="/tmp /var/tmp /root/.ccache"
+
+# nice value to run at: see -n in nice(1)
+NICE="10"
+
+# ionice class to run at: see -c in ionice(1)
+IONICE_CLASS="2"
+
+# ionice priority to run at: see -n in ionice(1)
+IONICE_PRIORITY="7"