diff options
author | Lars Wendler <polynomial-c@gentoo.org> | 2016-02-16 21:57:56 +0100 |
---|---|---|
committer | Lars Wendler <polynomial-c@gentoo.org> | 2016-02-16 21:57:56 +0100 |
commit | 7c64231d37ba906f77ddc02e8f67b6d784e69b1f (patch) | |
tree | dc3c58e3127ec24b5bbddd99e49eb894c5e2e465 /sys-auth/libfprint/files | |
parent | dev-python/rsa: mark 3.2.2-r1 arm stable #570990 (diff) | |
download | gentoo-7c64231d37ba906f77ddc02e8f67b6d784e69b1f.tar.gz gentoo-7c64231d37ba906f77ddc02e8f67b6d784e69b1f.tar.bz2 gentoo-7c64231d37ba906f77ddc02e8f67b6d784e69b1f.zip |
sys-auth/libfprint: Security revbump fixing broken udev rule (bug #562218).
Package-Manager: portage-2.2.27
Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
Diffstat (limited to 'sys-auth/libfprint/files')
-rw-r--r-- | sys-auth/libfprint/files/libfprint-0.6.0-fix-udev-rules.patch | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/sys-auth/libfprint/files/libfprint-0.6.0-fix-udev-rules.patch b/sys-auth/libfprint/files/libfprint-0.6.0-fix-udev-rules.patch new file mode 100644 index 000000000000..128ac8ce311b --- /dev/null +++ b/sys-auth/libfprint/files/libfprint-0.6.0-fix-udev-rules.patch @@ -0,0 +1,23 @@ +Remove spurious \n to fix udev rule generation + +Steven Newbury <steve@snewbury.org.uk>: +libfprint generates 60-fprint-autosuspend.rules for all supported devices, +however there's a spurious \n before the ', MODE="0666"' which results in it +appearing on a new line after the match criteria. At least on current +systemd/udev this results in MODE="0666" being applied unconditionally to all +device nodes. This is an extremely serious security problem and effectively +gives root access to all users simply by having the ebuild emerged. + +https://bugs.gentoo.org/562218 + +--- a/libfprint/fprint-list-udev-rules.c ++++ b/libfprint/fprint-list-udev-rules.c +@@ -74,7 +74,7 @@ + if (num_printed == 0) + printf ("# %s\n", driver->full_name); + +- printf ("SUBSYSTEM==\"usb\", ATTRS{idVendor}==\"%04x\", ATTRS{idProduct}==\"%04x\", ATTRS{dev}==\"*\", TEST==\"power/control\", ATTR{power/control}=\"auto\"\n, MODE=\"0666\"\n", driver->id_table[i].vendor, driver->id_table[i].product); ++ printf ("SUBSYSTEM==\"usb\", ATTRS{idVendor}==\"%04x\", ATTRS{idProduct}==\"%04x\", ATTRS{dev}==\"*\", TEST==\"power/control\", ATTR{power/control}=\"auto\", MODE=\"0666\"\n", driver->id_table[i].vendor, driver->id_table[i].product); + printf ("SUBSYSTEM==\"usb\", ATTRS{idVendor}==\"%04x\", ATTRS{idProduct}==\"%04x\", ENV{LIBFPRINT_DRIVER}=\"%s\"\n", driver->id_table[i].vendor, driver->id_table[i].product, driver->full_name); + num_printed++; + } |