From fa5dff6f1e6f1874ae9adb511936fa40f9e22c71 Mon Sep 17 00:00:00 2001 From: Bernard Cafarelli Date: Wed, 23 Apr 2014 09:50:21 +0000 Subject: Upstream backport to fix gdomap denial of service, security bug #508370 (Portage version: 2.2.10/cvs/Linux x86_64, signed Manifest commit with key C74525F2) --- gnustep-base/gnustep-base/ChangeLog | 8 ++- .../files/gnustep-base-1.24.6-gdomap_dos.patch | 65 +++++++++++++++++++ .../gnustep-base/gnustep-base-1.24.6-r1.ebuild | 72 ++++++++++++++++++++++ 3 files changed, 144 insertions(+), 1 deletion(-) create mode 100644 gnustep-base/gnustep-base/files/gnustep-base-1.24.6-gdomap_dos.patch create mode 100644 gnustep-base/gnustep-base/gnustep-base-1.24.6-r1.ebuild (limited to 'gnustep-base') diff --git a/gnustep-base/gnustep-base/ChangeLog b/gnustep-base/gnustep-base/ChangeLog index b4cd3d451e83..bcf351a5fc1d 100644 --- a/gnustep-base/gnustep-base/ChangeLog +++ b/gnustep-base/gnustep-base/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for gnustep-base/gnustep-base # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/gnustep-base/gnustep-base/ChangeLog,v 1.121 2014/01/29 15:11:24 voyageur Exp $ +# $Header: /var/cvsroot/gentoo-x86/gnustep-base/gnustep-base/ChangeLog,v 1.122 2014/04/23 09:50:20 voyageur Exp $ + +*gnustep-base-1.24.6-r1 (23 Apr 2014) + + 23 Apr 2014; Bernard Cafarelli + +gnustep-base-1.24.6-r1.ebuild, +files/gnustep-base-1.24.6-gdomap_dos.patch: + Upstream backport to fix gdomap denial of service, security bug #508370 *gnustep-base-1.24.6 (29 Jan 2014) diff --git a/gnustep-base/gnustep-base/files/gnustep-base-1.24.6-gdomap_dos.patch b/gnustep-base/gnustep-base/files/gnustep-base-1.24.6-gdomap_dos.patch new file mode 100644 index 000000000000..ed348f9867a7 --- /dev/null +++ b/gnustep-base/gnustep-base/files/gnustep-base-1.24.6-gdomap_dos.patch @@ -0,0 +1,65 @@ +--- libs/base/trunk/Tools/gdomap.c 2014/03/19 08:07:41 37755 ++++ libs/base/trunk/Tools/gdomap.c 2014/03/19 08:18:09 37756 +@@ -296,7 +296,7 @@ + # define syslog(prio, msg,...) slogf(_SLOG_SETCODE(_SLOG_SYSLOG, 0), prio, msg, __VA_ARGS__) + # endif + +-static int log_priority; ++static int log_priority = 0; + + static void + gdomap_log (int prio) +@@ -4481,16 +4481,7 @@ + const char *machine = 0; + const char *lookupf = 0; + int donamesf = 0; +- +-#if defined(HAVE_SYSLOG) +- /* Initially, gdomap_log errors to stderr as well as to syslogd. */ +-#if defined(SYSLOG_4_2) +- openlog ("gdomap", LOG_NDELAY); +- log_priority = LOG_DAEMON; +-#elif !defined(HAVE_SLOGF) +- openlog ("gdomap", LOG_NDELAY, LOG_DAEMON); +-#endif +-#endif ++ int forked = 0; + + #if defined(__MINGW__) + WORD wVersionRequested; +@@ -4851,7 +4842,6 @@ + #else + if (nofork == 0) + { +- is_daemon = 1; + /* + * Now fork off child process to run in background. + */ +@@ -4865,6 +4855,7 @@ + /* + * Try to run in background. + */ ++ forked = 1; + #if defined(NeXT) + setpgrp(0, getpid()); + #else +@@ -4924,6 +4915,19 @@ + + #endif /* !__MINGW__ */ + ++ if (forked) ++ { ++ is_daemon = 1; ++#if defined(HAVE_SYSLOG) ++#if defined(SYSLOG_4_2) ++ openlog ("gdomap", LOG_NDELAY); ++ log_priority = LOG_DAEMON; ++#elif !defined(HAVE_SLOGF) ++ openlog ("gdomap", LOG_NDELAY, LOG_DAEMON); ++#endif ++#endif ++ } ++ + init_my_port(); /* Determine port to listen on. */ + init_ports(); /* Create ports to handle requests. */ + diff --git a/gnustep-base/gnustep-base/gnustep-base-1.24.6-r1.ebuild b/gnustep-base/gnustep-base/gnustep-base-1.24.6-r1.ebuild new file mode 100644 index 000000000000..d34785821aaa --- /dev/null +++ b/gnustep-base/gnustep-base/gnustep-base-1.24.6-r1.ebuild @@ -0,0 +1,72 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/gnustep-base/gnustep-base/gnustep-base-1.24.6-r1.ebuild,v 1.1 2014/04/23 09:50:20 voyageur Exp $ + +EAPI=5 +inherit eutils gnustep-base + +DESCRIPTION="A library of general-purpose, non-graphical Objective C objects." +HOMEPAGE="http://www.gnustep.org" +SRC_URI="ftp://ftp.gnustep.org/pub/gnustep/core/${P}.tar.gz" + +LICENSE="GPL-2 LGPL-2.1" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux ~sparc-solaris ~x86-solaris" +IUSE="+icu +libffi ssl zeroconf" + +RDEPEND="${GNUSTEP_CORE_DEPEND} + >=gnustep-base/gnustep-make-2.6.0 + icu? ( >=dev-libs/icu-4.0:= ) + !libffi? ( dev-libs/ffcall + gnustep-base/gnustep-make[-native-exceptions] ) + libffi? ( virtual/libffi ) + ssl? ( net-libs/gnutls ) + >=dev-libs/libxml2-2.6 + >=dev-libs/libxslt-1.1 + >=dev-libs/gmp-4.1 + >=dev-libs/openssl-0.9.7 + >=sys-libs/zlib-1.2 + zeroconf? ( net-dns/avahi )" +DEPEND="${RDEPEND} + virtual/pkgconfig" + +src_prepare() { + epatch "${FILESDIR}"/${P}-gdomap_dos.patch +} + +src_configure() { + egnustep_env + + local myconf + if use libffi; + then + myconf="--enable-libffi --disable-ffcall --with-ffi-include=$(pkg-config --variable=includedir libffi)" + else + myconf="--disable-libffi --enable-ffcall" + fi + + myconf="$myconf $(use_enable icu)" + myconf="$myconf $(use_enable ssl tls)" + myconf="$myconf $(use_enable zeroconf)" + myconf="$myconf --with-xml-prefix=${EPREFIX}/usr" + myconf="$myconf --with-gmp-include=${EPREFIX}/usr/include --with-gmp-library=${EPREFIX}/usr/lib" + myconf="$myconf --with-default-config=${EPREFIX}/etc/GNUstep/GNUstep.conf" + + econf $myconf +} + +src_install() { + # We need to set LD_LIBRARY_PATH because the doc generation program + # uses the gnustep-base libraries. Since egnustep_env "cleans the + # environment" including our LD_LIBRARY_PATH, we're left no choice + # but doing it like this. + + egnustep_env + egnustep_install + + if use doc ; then + export LD_LIBRARY_PATH="${S}/Source/obj:${LD_LIBRARY_PATH}" + egnustep_doc + fi + egnustep_install_config +} -- cgit v1.2.3-65-gdbad