diff options
| author |   Michael Orlitzky <mjo@gentoo.org> | 2016-08-16 09:44:11 -0400 |
|---|---|---|
| committer | Michael Orlitzky <mjo@gentoo.org> | 2016-08-16 15:03:52 -0400 |
| commit | dd5396cb80f0b3434113092cf76472775c7b2905 (patch) | |
| tree | 28dda768b13edb200ab04b1c1790f36fc0c3f140 /net-misc/omniORB/files | |
| parent | dev-db/sqlite: Version bump. (diff) | |
| download | gentoo-dd5396cb80f0b3434113092cf76472775c7b2905.tar.gz gentoo-dd5396cb80f0b3434113092cf76472775c7b2905.tar.bz2 gentoo-dd5396cb80f0b3434113092cf76472775c7b2905.zip | |
net-misc/omniORB: new version using EAPI=6 and a few ebuild fixes.
There has been a new version of this maintainer-needed package
available for a while, and a user requested a version bump, so I've
updated to the latest available stable release (bug 560680). In doing
so, I added the missing PYTHON_DEPS and PYTHON_REQUIRED_USE from the
python-single-r1 eclass (bug 547660). I also patched the build system
to use a umask of 022 instead of 002 when creating directories, to fix
compilation on systems with TPE (bug 576040).
For the new version, the ebuild was updated to use EAPI=6. Some
patches were dropped, as the fixes were merged upstream. IPv6 support
was added with a straightforward $(use_with ipv6) call. Some errors
were clarified, and some quoting adjusted -- minor housekeeping.
Gentoo-Bug: 547660
Gentoo-Bug: 560680
Gentoo-Bug: 576040
Package-Manager: portage-2.2.28
Diffstat (limited to 'net-misc/omniORB/files')
| -rw-r--r-- | net-misc/omniORB/files/change-umask-from-002-to-022-in-CreateDir-macro.patch | 58 |
1 files changed, 58 insertions, 0 deletions
diff --git a/net-misc/omniORB/files/change-umask-from-002-to-022-in-CreateDir-macro.patch b/net-misc/omniORB/files/change-umask-from-002-to-022-in-CreateDir-macro.patch new file mode 100644 index 000000000000..2aaab59ef201 --- /dev/null +++ b/net-misc/omniORB/files/change-umask-from-002-to-022-in-CreateDir-macro.patch @@ -0,0 +1,58 @@ +From 2a0ea5621ef7cd9303e49657166dfd04ffa624d7 Mon Sep 17 00:00:00 2001 +From: Michael Orlitzky <michael@orlitzky.com> +Date: Tue, 16 Aug 2016 13:55:08 -0400 +Subject: [PATCH 1/1] mk: Change umask from 002 to 022 in the CreateDir macro. + +The build system has a macro called CreateDir that does more or less +what you'd expect. But before it creates the directory given to it, it +sets the umask to 002. This can be a vulnerability, since we don't +know who the end user will be building the software as; there may be +untrusted people in his default group. In that case, one of those +people can overwrite the scripts in the directory created by CreateDir +before the user executes them. + +There is a kernel-level workaround for these types of vulnerabilities +in the Grsecurity project called Trusted Path Execution (TPE). When +enabled, users are not allowed to execute files in directories not +owned by themselves or root. When that restriction is enabled, omniORB +fails to build (due to the aforementioned umask). + +This commit changes the umask to 022 in CreateDir. This should not +cause any problems (ha ha), and is safer than the previous umask of +002. It also fixes the build on systems where TPE is enabled. + +Gentoo-Bug: 576040 +--- + mk/beforeauto.mk.in | 2 +- + mk/beforedir.mk | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/mk/beforeauto.mk.in b/mk/beforeauto.mk.in +index 83d544c..9f65c69 100644 +--- a/mk/beforeauto.mk.in ++++ b/mk/beforeauto.mk.in +@@ -167,7 +167,7 @@ unexport SUBDIRS + + define CreateDir + if [ ! -d $$dir ]; then \ +- (umask 002; set -x; $(MKDIRHIER) $$dir); \ ++ (umask 022; set -x; $(MKDIRHIER) $$dir); \ + fi + endef + +diff --git a/mk/beforedir.mk b/mk/beforedir.mk +index f804ed3..855bc4d 100644 +--- a/mk/beforedir.mk ++++ b/mk/beforedir.mk +@@ -187,7 +187,7 @@ unexport SUBDIRS + + define CreateDir + if [ ! -d $$dir ]; then \ +- (umask 002; set -x; $(MKDIRHIER) $$dir); \ ++ (umask 022; set -x; $(MKDIRHIER) $$dir); \ + fi + endef + +-- +2.7.3 + |