Add patch from Debian for CVE 2007-0227. Run updatedb through ionice #231203 by Daniel Pielmeier. Add support by marty rosenberg for -0 (NUL delimited output) #216838.

Package-Manager: portage-2.2_rc6/cvs/Linux 2.6.26.2 x86_64

7 files changed, 270 insertions, 8 deletions

diff --git a/sys-apps/slocate/ChangeLog b/sys-apps/slocate/ChangeLog
index bbcd8210d322..0c3a78e94c30 100644
--- a/sys-apps/slocate/ChangeLog
+++ b/sys-apps/slocate/ChangeLog
@@ -1,6 +1,16 @@
 # ChangeLog for sys-apps/slocate
 # Copyright 1999-2008 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-apps/slocate/ChangeLog,v 1.82 2008/02/06 18:03:24 nixnut Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/slocate/ChangeLog,v 1.83 2008/08/19 01:11:18 vapier Exp $
+
+*slocate-3.1-r2 (19 Aug 2008)
+
+  19 Aug 2008; Mike Frysinger <vapier@gentoo.org>
+  +files/slocate-3.1-CVE-2007-0227.patch, +files/slocate-3.1-NUL.patch,
+  +files/slocate-3.1-cron2.patch, files/updatedb.conf,
+  +slocate-3.1-r2.ebuild:
+  Add patch from Debian for CVE 2007-0227. Run updatedb through ionice
+  #231203 by Daniel Pielmeier. Add support by marty rosenberg for -0 (NUL
+  delimited output) #216838.
 
   06 Feb 2008; nixnut <nixnut@gentoo.org> slocate-3.1-r1.ebuild:
   stable on ppc wrt bug #180360
diff --git a/sys-apps/slocate/Manifest b/sys-apps/slocate/Manifest
index e0a797a67dad..1bce6fc13279 100644
--- a/sys-apps/slocate/Manifest
+++ b/sys-apps/slocate/Manifest
@@ -3,22 +3,26 @@ Hash: SHA1
 
 AUX slocate-2.7-bounds.patch 305 RMD160 df8f220cdf25d98e2fa9fd0e054b2151b3a4b1ad SHA1 a82e6f131ecc6109ac8e8546ba543913e151f39e SHA256 59ce3339cacaa817d65031fae80c0bd96962f01915511a096e47fafa295d5e8f
 AUX slocate-2.7-really-long-paths.patch 538 RMD160 d592621e92a5fd3c5e15e64fad4c307eddbdfb86 SHA1 b3e9918d171eeb35c4ef569e590bff1586aeee78 SHA256 3d2ab6ec4cbb2b87a358e93018e6f77f6bbad18eaffbd47d8b6acdec20480e83
+AUX slocate-3.1-CVE-2007-0227.patch 1200 RMD160 541519f6d3ff303ed99abbe40205819e9b2b8d57 SHA1 3c6b438321bdda5d1650ac8725bf394e77c6e9a4 SHA256 085c837ecc9d374b37270ddc1ee6507375954ca96d59af29d264b271642d942c
+AUX slocate-3.1-NUL.patch 1883 RMD160 d52a0ccebba857133159f43e5c5bba05134aaf34 SHA1 87d0544f1489190d8b23e2ca7b378ab91d1b3603 SHA256 abbb472b46ebc4709f9c4f1f09d5e8110765cee31372fc54736166996272c528
 AUX slocate-3.1-build.patch 1258 RMD160 1eaac141880c84e33e1673b253d6b0a6bb1f37f3 SHA1 328c1d36e26c7f47ac4ea8f0619efd6a45bbb918 SHA256 aded9d720df1ca41c83acabb29e97e37079df9cf214b524d419e4b8692d13733
 AUX slocate-3.1-cron.patch 352 RMD160 9a987c16e5b3f26b8453cbc8bea53b9f0513ffaa SHA1 8a54b02e1af14468abfe57e3bff7687e1b0ac1da SHA256 e5d97b84e7de76721820606a33a8d517f6715b8c11fa6ff9c790c46d832e766f
+AUX slocate-3.1-cron2.patch 583 RMD160 d70c207b47137014731dc12fe649f951d12a3e04 SHA1 7cec841a45d5aeadb051f683943e6272d0a8d7c8 SHA256 c6a89e64f1e5d9f0827a80d7e6365ed1cdb9d5b6b0198e59fad138ad2c46cbfa
 AUX slocate-3.1-incompat-warning.patch 528 RMD160 4220d1c38e050e8eeff4f524ed1cd6b2da5d62d4 SHA1 2cd98e3f83ea8bd8466e7ece5ca747020bcb54ed SHA256 ba9c9806c2e2058e5644f74b7697d58ea8a3f004e4f35885cbb97354a89dd9ac
-AUX updatedb.conf 593 RMD160 3f0b5c1f7f2973a68f03b54591fd475e72ebae69 SHA1 35eefbabe00d72a2837ea669ac730eb18f8cf7e0 SHA256 093d9f803e50822644a0a96deef6d4283a4dc993a7b096990fb7a627ad6e7bd6
+AUX updatedb.conf 779 RMD160 5003a1ae1e36032c9417819201ae2ea3f65d7831 SHA1 15b28ed4c6a20e18216a0e2373f14980a5e164b9 SHA256 ab6ff4a36f303eefd8ee04e037d46716d08489f1edec862b97d0519936eccf27
 DIST slocate-2.7-debian.patch.bz2 2623 RMD160 9e6e96dfe2ca8b203f657993a3a81378459841c5 SHA1 1e79ae1e2faca851ca7f11fb64024c1489cee495 SHA256 ccacaa44d29a739f67916bc74ae5154c1090d2555aca345cefc5aaba212d4c4a
 DIST slocate-2.7-uclibc-sl_fts.patch.bz2 7566 RMD160 bc614e9717e6c4a2bc8247d7140cfcefae8f3219 SHA1 7082ded9745704228126a0e0a762cc459e5e13f5 SHA256 a980650613df9524f428ad2f6722a24149fe348f3422b60c59673dc6400fab77
 DIST slocate-2.7.tar.gz 87240 RMD160 0aa08da7b958be5c8fec7c4655e42373d8faf2cc SHA1 b5de4668b61b137f3f5fa9f17b334f56b9424f90 SHA256 ddff733fcc5f240d40361c5acbce0011b2204efc506efb0da63c8d0e38947dcf
 DIST slocate-3.1.tar.gz 37748 RMD160 d3b1e818cc35ce8e87ec1b0764f6b2145a319e13 SHA1 e427552664385b86931b7626c26bd95ae5f9f085 SHA256 6abec68ab50fa743739fb78a5063c295ae2f7d04d2e538f7c3108120e49a3266
 EBUILD slocate-2.7-r8.ebuild 2762 RMD160 bd3d2cc630f474aa122bc2fddac0cc031a4d80b8 SHA1 b617ec505b163e958e23fca3e06467a2bfe4e716 SHA256 26440e0adef082f9c16a52df6e1fc8ae0d3fe1688cd4ad25374f12301be15e4b
 EBUILD slocate-3.1-r1.ebuild 2203 RMD160 9f18a8ea1cb6ab3c17699a93a3a6a40a8ec1b5fe SHA1 7e628ebf474930bb1235e7f5d0d376e7e0ee8652 SHA256 bb013625ca9a0c536d4ec446d9a867feade0a46515c612eb45e48e1671f67e70
-MISC ChangeLog 10642 RMD160 0ba9f9b2bfd4c8436288a8a4a658a737f37c463e SHA1 3500810d4ee21399274d57ee59335d3c63c89461 SHA256 160aa4d830c2c80338aafb8914fda7ef63149a272fb05960230cd3e35ac6feaa
+EBUILD slocate-3.1-r2.ebuild 2307 RMD160 c972a1903a54a0131757bf9d73083f8f2940a79b SHA1 ad9374dfbbfc906cefc19964ed41284546c49490 SHA256 329563e10610afcaad3e1c4faab03a602fbd4b39c1e0f5be77fab11b679b4af8
+MISC ChangeLog 11051 RMD160 4b6b7ce25c71deb460d7b34bb368e7c88c5c1ed9 SHA1 67d1f866d2d94da92cec70579cf343cecff981ca SHA256 076f6743ed89fbf502846b83f2d89cb397ea41e7f2a413a2176ecfa9169c1f41
 MISC metadata.xml 164 RMD160 f43cbec30b7074319087c9acffdb9354b17b0db3 SHA1 9c213f5803676c56439df3716be07d6692588856 SHA256 f5f2891f2a4791cd31350bb2bb572131ad7235cd0eeb124c9912c187ac10ce92
 -----BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.7 (GNU/Linux)
+Version: GnuPG v2.0.9 (GNU/Linux)
 
-iD8DBQFH3N2hj9hvisErhMIRAsIYAJ9UkjUxogvTo5IoBluMN9FweE5CAACg7BGI
-skYk0BzdusT2svcvuLknmFg=
-=BSDe
+iEYEARECAAYFAkiqHb0ACgkQ67wieSYcaxcDvACgiEIwL4iZWYGo+TwN9AZS7Agx
+BO4AoKTPQGU+ofY8HAVwP00TIfb/XjUg
+=1wgL
 -----END PGP SIGNATURE-----
diff --git a/sys-apps/slocate/files/slocate-3.1-CVE-2007-0227.patch b/sys-apps/slocate/files/slocate-3.1-CVE-2007-0227.patch
new file mode 100644
index 000000000000..18b52ba4d824
--- /dev/null
+++ b/sys-apps/slocate/files/slocate-3.1-CVE-2007-0227.patch
@@ -0,0 +1,49 @@
+stolen from debian:
+
+  * Include patch to prevent users obtaining names of private files
+    (apply patch directly, since no patch system is used so far)
+    (Closes: #411937) Fixes: CVE-2007-0227
+    Thanks to Kees Cook
+
+--- slocate-3.1.orig/src/utils.c
++++ slocate-3.1/src/utils.c
+@@ -524,6 +524,7 @@
+ {
+ 	struct stat path_stat;
+ 	int ret = 0;
++	char *path_copy = NULL;
+ 	char *ptr = NULL;
+ 
+ 	if (lstat(path, &path_stat) == -1)
+@@ -532,15 +533,25 @@
+ 	if (!S_ISLNK(path_stat.st_mode)) {
+ 		if (access(path, F_OK) != 0)
+ 		    goto EXIT;
+-	} else if ((ptr = rindex(path, '/'))) {
+-		*ptr = 0;
+-		if (access(path, F_OK) == 0)
+-		    ret = 1;
+-		*ptr = '/';
+-		goto EXIT;
+ 	}
+ 
++	/* "path" is const, so we shouldn't modify it.  Also, for speed,
++	 * I suspect strdup/free is less expensive than the deep access
++	 * checks... */
++	if (!(path_copy = strdup(path)))
++		goto EXIT;
++
+ 	ret = 1;
++
++	/* Each directory leading to the file (symlink or not) must be
++	 * readable for us to allow it to be listed in search results. */
++	while (ret && (ptr=rindex(path_copy,'/'))) {
++		*ptr=0;
++		if (*path_copy && access(path_copy, R_OK) != 0)
++		    ret = 0;
++	}
++	free(path_copy);
++
+ EXIT:
+ 	return ret;
+ }
diff --git a/sys-apps/slocate/files/slocate-3.1-NUL.patch b/sys-apps/slocate/files/slocate-3.1-NUL.patch
new file mode 100644
index 000000000000..cfd13392686e
--- /dev/null
+++ b/sys-apps/slocate/files/slocate-3.1-NUL.patch
@@ -0,0 +1,78 @@
+add an -0 argument to output results with NUL bytes
+
+http://bugs.gentoo.org/216838
+
+patch by marty rosenberg
+
+--- slocate-3.1/src/cmds.c
++++ slocate-3.1/src/cmds.c
+@@ -129,6 +129,7 @@
+ 	       "   --output=<file>    - Specifies the database to create.\n"
+ 	       "   -d <path>\n"
+ 	       "   --database=<path>  - Specfies the path of databases to search in.\n"
++	       "   -0                 - Delimit results with \\0 rather than \\n\n"
+ 	       "   -h\n"
+ 	       "   --help             - Display this help.\n"
+ 	       "   -v\n"
+@@ -707,7 +708,7 @@
+ 	if (strcmp(g_data->progname, "updatedb") == 0)
+ 	    cmd_data->updatedb = TRUE;
+ 
+-	while ((ch = getopt(argc,argv,"VvuhqU:r:o:e:l:d:-:n:f:c:i")) != EOF) {
++	while ((ch = getopt(argc,argv,"VvuhqU:r:o:e:l:d:-:n:f:c:i0")) != EOF) {
+ 		switch(ch) {
+ 			/* Help */
+ 		 case 'h':
+@@ -823,6 +824,9 @@
+ 				goto EXIT;
+ 			}
+ 			break;
++		case '0':
++			g_data->delim = '\0';
++			break;
+ 		 default:
+ 			break;
+ 		}
+@@ -871,4 +875,3 @@
+ 
+ 	return NULL;
+ }
+-
+--- slocate-3.1/src/slocate.c
++++ slocate-3.1/src/slocate.c
+@@ -164,6 +164,7 @@
+ 	g_data->regexp_data = NULL;
+ 	g_data->queries = -1;
+ 	g_data->SLOCATE_GID = get_gid(g_data, DB_GROUP, &ret);
++	g_data->delim = '\n';
+ 	if (!ret)
+ 	    goto EXIT;	
+ 
+@@ -191,7 +192,7 @@
+ 		    goto EXIT;
+ 	}
+ 	if (g_data->VERBOSE)
+-	    fprintf(stdout, "%s\n", path);       
++		fprintf(stdout, "%s%c", path,  g_data->delim);       
+ 	/* Match number string */
+ 	ptr1 = path;
+ 	code_len = 0;
+@@ -471,7 +472,7 @@
+ 	if (match_ret == 1) {
+ 		if (g_data->queries > 0)
+ 		    g_data->queries -= 1;
+-		fprintf(stdout, "%s\n", full_path);
++		fprintf(stdout, "%s%c", full_path, g_data->delim);
+ 	}
+ 	ret = 1;
+ EXIT:
+--- slocate-3.1/src/slocate.h
++++ slocate-3.1/src/slocate.h
+@@ -81,6 +81,7 @@
+ 	char **input_db;
+ 	int queries;
+ 	struct regexp_data_s *regexp_data;
++	char delim;
+ };
+ 
+ /* Encoding data */
diff --git a/sys-apps/slocate/files/slocate-3.1-cron2.patch b/sys-apps/slocate/files/slocate-3.1-cron2.patch
new file mode 100644
index 000000000000..8229a99a7303
--- /dev/null
+++ b/sys-apps/slocate/files/slocate-3.1-cron2.patch
@@ -0,0 +1,25 @@
+--- debian/cron.daily
++++ debian/cron.daily
+@@ -1,12 +1,18 @@
+ #! /bin/sh
+ 
+-if [ -x /usr/bin/slocate ]
++if [ -x /usr/bin/updatedb ]
+ then
+ 	if [ -f /etc/updatedb.conf ]
+ 	then
+-		/usr/bin/updatedb
++		. /etc/updatedb.conf
++		args=""
+ 	else
+-		/usr/bin/updatedb -f proc
++		args="-f proc"
+ 	fi
+-	chown root.slocate /var/lib/slocate/slocate.db
++
++	# run on active process in case ionice isnt installed, or
++	# system is really old and ionice doesnt work ...
++	ionice -c ${IONICE_CLASS:-2} -n ${IONICE_PRIORITY:-7} -p $$ 2>/dev/null
++
++	nice -n ${NICE:-10} /usr/bin/updatedb ${args}
+ fi
diff --git a/sys-apps/slocate/files/updatedb.conf b/sys-apps/slocate/files/updatedb.conf
index d7aecd68cede..6e5527dd7ba8 100644
--- a/sys-apps/slocate/files/updatedb.conf
+++ b/sys-apps/slocate/files/updatedb.conf
@@ -1,5 +1,5 @@
 # /etc/updatedb.conf: config file for slocate
-# $Id: updatedb.conf,v 1.23 2007/08/08 16:22:32 lu_zero Exp $
+# $Id: updatedb.conf,v 1.24 2008/08/19 01:11:18 vapier Exp $
 
 # This file sets variables that are used by updatedb.
 # For more info, see the updatedb(1) manpage.
@@ -9,3 +9,12 @@ PRUNEFS="afs auto autofs cifs devfs devpts eventpollfs futexfs gfs hugetlbfs iso
 
 # Paths which are pruned from updatedb database
 PRUNEPATHS="/tmp /var/tmp /root/.ccache"
+
+# nice value to run at: see -n in nice(1)
+NICE="10"
+
+# ionice class to run at: see -c in ionice(1)
+IONICE_CLASS="2"
+
+# ionice priority to run at: see -n in ionice(1)
+IONICE_PRIORITY="7"
diff --git a/sys-apps/slocate/slocate-3.1-r2.ebuild b/sys-apps/slocate/slocate-3.1-r2.ebuild
new file mode 100644
index 000000000000..766944f9ba82
--- /dev/null
+++ b/sys-apps/slocate/slocate-3.1-r2.ebuild
@@ -0,0 +1,87 @@
+# Copyright 1999-2008 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/slocate/slocate-3.1-r2.ebuild,v 1.1 2008/08/19 01:11:18 vapier Exp $
+
+inherit flag-o-matic eutils
+
+DESCRIPTION="Secure way to index and quickly search for files on your system (drop-in replacement for 'locate')"
+HOMEPAGE="http://slocate.trakker.ca/"
+SRC_URI="http://slocate.trakker.ca/files/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE=""
+
+DEPEND="sys-apps/shadow"
+RDEPEND="${DEPEND}
+	!sys-apps/rlocate"
+
+pkg_setup() {
+	if [[ -n $(egetent group slocate) ]] && [[ -z $(egetent group locate) ]] ; then
+		eerror "The 'slocate' group has been renamed to 'locate'."
+		eerror "You seem to already have a 'slocate' group."
+		eerror "Please rename it:"
+		eerror "groupmod -n locate slocate"
+		die "Change 'slocate' to 'locate'"
+	fi
+	enewgroup locate 245
+}
+
+src_unpack() {
+	unpack ${A}
+	cd "${S}"
+	epatch "${FILESDIR}"/${P}-build.patch
+	epatch "${FILESDIR}"/${P}-incompat-warning.patch
+	epatch "${FILESDIR}"/${P}-CVE-2007-0227.patch
+	epatch "${FILESDIR}"/${P}-cron2.patch
+	epatch "${FILESDIR}"/${P}-NUL.patch #216838
+}
+
+src_compile() {
+	filter-lfs-flags
+	emake -C src || die
+}
+
+src_install() {
+	dobin src/slocate || die
+	dodir /usr/bin
+	dosym slocate /usr/bin/locate
+	dosym slocate /usr/bin/updatedb
+
+	exeinto /etc/cron.daily
+	newexe debian/cron.daily slocate || die
+
+	doman doc/*.1
+	dosym slocate.1 /usr/share/man/man1/locate.1
+
+	keepdir /var/lib/slocate
+
+	dodoc Changelog README WISHLIST notes
+
+	insinto /etc
+	doins "${FILESDIR}"/updatedb.conf
+
+	fowners root:locate /usr/bin/slocate
+	fperms go-r,g+s /usr/bin/slocate
+
+	chown -R root:locate "${D}"/var/lib/slocate
+	fperms 0750 /var/lib/slocate
+}
+
+pkg_preinst() {
+	if has_version '=sys-apps/slocate-2*' ; then
+		rm -f "${ROOT}"/var/lib/slocate/slocate.db
+		ewarn "The slocate database created by slocate-2.x is incompatible"
+		ewarn "with slocate-3.x.  Make sure you run updatedb!"
+	fi
+}
+
+pkg_postinst() {
+	if [[ -f ${ROOT}/etc/cron.daily/slocate.cron ]]; then
+		ewarn "If you merged slocate-2.7.ebuild, please remove"
+		ewarn "/etc/cron.daily/slocate.cron since .cron has been removed"
+		ewarn "from the filename"
+		echo
+	fi
+}