old

Package-Manager: portage-2.2.0_alpha67/cvs/Linux x86_64

diff --git a/sys-fs/udisks/ChangeLog b/sys-fs/udisks/ChangeLog
index 97b8ebfacbaa680cc982e3e163cb3a44a6ebbe78..942b881dc26d683633771bb04572f0eafc3c5ef3 100644 (file)
--- a/sys-fs/udisks/ChangeLog
+++ b/sys-fs/udisks/ChangeLog
@@ -1,6 +1,10 @@
 # ChangeLog for sys-fs/udisks
 # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-fs/udisks/ChangeLog,v 1.58 2011/10/17 14:09:33 jer Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-fs/udisks/ChangeLog,v 1.59 2011/10/17 15:42:25 ssuominen Exp $
+
+  17 Oct 2011; Samuli Suominen <ssuominen@gentoo.org> -udisks-1.0.2-r1.ebuild,
+  -files/udisks-1.0.2-CVE-2010-4661.patch:
+  old
 
   17 Oct 2011; Jeroen Roovers <jer@gentoo.org> udisks-1.0.4-r1.ebuild:
   Stable for HPPA (bug #385231).

diff --git a/sys-fs/udisks/Manifest b/sys-fs/udisks/Manifest
index e9d9aecaee620378e985690c851529f5a6848803..96a2a2ab3f5e2f34c775522872f7902c21d4d895 100644 (file)
--- a/sys-fs/udisks/Manifest
+++ b/sys-fs/udisks/Manifest
@@ -1,21 +1,22 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA1
 
-AUX udisks-1.0.2-CVE-2010-4661.patch 4790 RMD160 ae379b461830e7b3a201382d3253f62d5fd65c50 SHA1 ced4c739103d1041ee74411118ba8b73658f8e8c SHA256 be4cff70a50d0b69812fb373f381879d492fc3d015cd4162f48633cee1d22812
 AUX udisks-1.0.2-ntfs-3g.patch 198 RMD160 e4b5cb3386184edf90bce5140a1c414ef5e99210 SHA1 d3ee3999b9d0437a6022d85d4535fc72632f6258 SHA256 1db923f52619c2dcc6c30ffedcd47dedce048dbec2eb781088738e51f8dc0539
 AUX udisks-1.0.3-mkfs-tempdir.patch 552 RMD160 e421c0d325327d299f5f825b5c8d5abe9eb20e67 SHA1 994fbac57474d2d135f91b6994cc12b2a76042b8 SHA256 db9740b6d09fcfe3c8b1ccd48a8dcf12d3d956ccead9caa6638fc61e7dbc9e89
-DIST udisks-1.0.2.tar.gz 716381 RMD160 a022ac752ac75d3bca102adee05be43f2ebb424e SHA1 a8307d726b7f1255e7008ff708c793a1301d1309 SHA256 7dc1a150a6a31b2727144603fa5a8f9852696fc5bdc4a11917b9b0f1b8e3dcf1
 DIST udisks-1.0.3.tar.gz 722912 RMD160 d6052f2e7b5be11163bbc784a9d18357fd31d7c2 SHA1 3033d99fe830a95c2a7c5a1a4e680c82632dc911 SHA256 d95bceb52a70c727291b934c4c05774899a0074927c8138a219b81a784de8a4b
 DIST udisks-1.0.4.tar.gz 719889 RMD160 163a8046fcc7f30d48b8272859ab0d09a88f179a SHA1 10d2acfd6e6ff4c8d9d962af1fb1856a885e3219 SHA256 854b89368733b9c3a577101b761ad5397ae75a05110c8698ac5b29de9a8bf8f5
-EBUILD udisks-1.0.2-r1.ebuild 1948 RMD160 c3c63cba11aa5825fc63edd1236dee2f71f3623b SHA1 bdc0a84045d9ea3338bd3012f44b858a950478e8 SHA256 d01c7a3fb40dd3b80977dd434fbc69fa9faf6afe7335e41d12204a31557cdc38
 EBUILD udisks-1.0.3-r1.ebuild 2053 RMD160 78ec65fdca89ab4b5a93258ac3993530e134c5bb SHA1 981c0c867a392a7330e0829df57f9babeb29f77a SHA256 20ce42700e904f19b206cf0357c7f5e8be2df3910b670353b74ee139a8db3c12
 EBUILD udisks-1.0.4-r1.ebuild 2031 RMD160 9116a9d23e58b34bf5f44fe8a1612478b62497bc SHA1 ac80c72464fe99590c348fd16fabecfaa19bf704 SHA256 50edb6f96cb6f289538860b443f80c5e009bb9504df26e052d0c3965a600983d
-MISC ChangeLog 7987 RMD160 3e3515d6412729f7f4174d3baafe3c89c3179085 SHA1 dde95394575bd4156b86bb27cabc1119fcc23ad6 SHA256 a4f2d230176505d6f2e722fc2a249ae48d3cdff27bafb1c00475063e5858a841
+MISC ChangeLog 8122 RMD160 51ee440b9e4338c8edffd82fe9758a4f7603f9c7 SHA1 0415e0d6ba271f261c1fe638ce8e7f6914eb0196 SHA256 524fcc8ae294dfdd27e981dc62144e8121a354e6aa333cb3e9f0522df692620b
 MISC metadata.xml 367 RMD160 3cc82714647236fdce4606ef9e8432ef2753a553 SHA1 6fd0b25ca51d565fdc6c40b9d1fc90ebff4ddb22 SHA256 9da91cf204d0f5616ca669618f4eed4c477140aef9f7f9218217e63e7d88d051
 -----BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.17 (GNU/Linux)
+Version: GnuPG v2.0.18 (GNU/Linux)
 
-iEYEARECAAYFAk6cNyMACgkQVWmRsqeSphO3OwCfXKA0Bcfxq+3EjrzeuXD6Tv7e
-0k8An0PfYwfg8kDGAhkabv9yZifrRg4i
-=ZlxF
+iQEcBAEBAgAGBQJOnEzRAAoJEEdUh39IaPFN5LQH/ilbMB+OHM6oB9OVBNGpYGJp
+FvQBkc74AtvbcKmU1HCkn4qtI2XrMcQhFZFdPpgOX8WcAO7PY2/JJyP4uzRkoyFR
+g/1xakWE0HtrNUJk+/2dmUN6O+4qdJe7uca2TXopyS2LX8+tJ584frIIGY00QzTR
+WwC7/voDULQImYcmxMF4m4ASOY05FdC98aHkHauYCOTRMtWCdfAtlLwIMccBupu/
+eEO6b7nCYPpMWORqzCRxrXv/Y7Rj+W9Ihz6WquPwRQ0h6Jx3rXIfQPB85X6EAT0N
+Mnv5TFyxcALJltQrtkq3s1AiNVnHrcaM/iXodGZK5Bjveyik5X5YmmmikBn6wdU=
+=w9v0
 -----END PGP SIGNATURE-----

diff --git a/sys-fs/udisks/files/udisks-1.0.2-CVE-2010-4661.patch b/sys-fs/udisks/files/udisks-1.0.2-CVE-2010-4661.patch
deleted file mode 100644 (file)
index bccb138..0000000
--- a/sys-fs/udisks/files/udisks-1.0.2-CVE-2010-4661.patch
+++ /dev/null
@@ -1,171 +0,0 @@
-From c933a929f07421ec747cebb24d5e620fc2b97037 Mon Sep 17 00:00:00 2001
-From: David Zeuthen <davidz@redhat.com>
-Date: Tue, 15 Mar 2011 13:20:44 +0000
-Subject: Bug 32232 – CVE-2010-4661: Arbitrary kernel module load
-
-Validate what is passed to the mount(8) command. In particular, only
-allow either well-known filesystems, filesystems already loaded or
-filesystem explicitly allowed by the administrator via the
-/etc/filesystems file.
-
-See https://bugs.freedesktop.org/show_bug.cgi?id=32232 for details.
-
-Signed-off-by: David Zeuthen <davidz@redhat.com>
----
-diff --git a/src/device.c b/src/device.c
-index 21d9530..d6595b8 100644
---- a/src/device.c
-+++ b/src/device.c
-@@ -5891,6 +5891,27 @@ static const FSMountOptions fs_mount_options[] =
-     { "udf", udf_defaults, udf_allow, udf_allow_uid_self, udf_allow_gid_self },
-   };
- 
-+static const gchar *well_known_filesystems[] =
-+{
-+  "btrfs",
-+  "ext2",
-+  "ext3",
-+  "ext4",
-+  "udf",
-+  "iso9660",
-+  "xfs",
-+  "jfs",
-+  "nilfs",
-+  "reiserfs",
-+  "reiser4",
-+  "msdos",
-+  "umsdos",
-+  "vfat",
-+  "exfat"
-+  "ntfs",
-+  NULL,
-+};
-+
- /* ------------------------------------------------ */
- 
- static int num_fs_mount_options = sizeof(fs_mount_options) / sizeof(FSMountOptions);
-@@ -6225,6 +6246,86 @@ filesystem_mount_completed_cb (DBusGMethodInvocation *context,
-     }
- }
- 
-+static gboolean
-+is_in_filesystem_file (const gchar *filesystems_file,
-+                       const gchar *fstype)
-+{
-+  gchar *filesystems;
-+  GError *error;
-+  gboolean ret;
-+  gchar **lines;
-+  guint n;
-+
-+  ret = FALSE;
-+  filesystems = NULL;
-+  lines = NULL;
-+
-+  error = NULL;
-+  if (!g_file_get_contents (filesystems_file,
-+                            &filesystems,
-+                            NULL, /* gsize *out_length */
-+                            &error))
-+    {
-+      g_warning ("Error reading /etc/filesystems: %s (%s %d)",
-+                 error->message,
-+                 g_quark_to_string (error->domain),
-+                 error->code);
-+      g_error_free (error);
-+      goto out;
-+    }
-+
-+  lines = g_strsplit (filesystems, "\n", -1);
-+  for (n = 0; lines != NULL && lines[n] != NULL && !ret; n++)
-+    {
-+      gchar **tokens;
-+      gint num_tokens;
-+      g_strdelimit (lines[n], " \t", ' ');
-+      g_strstrip (lines[n]);
-+      tokens = g_strsplit (lines[n], " ", -1);
-+      num_tokens = g_strv_length (tokens);
-+      if (num_tokens == 1 && g_strcmp0 (tokens[0], fstype) == 0)
-+        {
-+          ret = TRUE;
-+        }
-+      g_strfreev (tokens);
-+    }
-+
-+ out:
-+  g_strfreev (lines);
-+  g_free (filesystems);
-+  return ret;
-+}
-+
-+static gboolean
-+is_well_known_filesystem (const gchar *fstype)
-+{
-+  gboolean ret;
-+  guint n;
-+
-+  ret = FALSE;
-+  for (n = 0; well_known_filesystems[n] != NULL; n++)
-+    {
-+      if (g_strcmp0 (well_known_filesystems[n], fstype) == 0)
-+        {
-+          ret = TRUE;
-+          goto out;
-+        }
-+    }
-+ out:
-+  return ret;
-+}
-+
-+/* this is not a very efficient implementation but it's very rarely
-+ * called so no real point in optimizing it...
-+ */
-+static gboolean
-+is_allowed_filesystem (const gchar *fstype)
-+{
-+  return is_well_known_filesystem (fstype) ||
-+    is_in_filesystem_file ("/proc/filesystems", fstype) ||
-+    is_in_filesystem_file ("/etc/filesystems", fstype);
-+}
-+
- static void
- device_filesystem_mount_authorized_cb (Daemon *daemon,
-                                        Device *device,
-@@ -6255,6 +6356,35 @@ device_filesystem_mount_authorized_cb (Daemon *daemon,
-   remove_dir_on_unmount = FALSE;
-   error = NULL;
- 
-+  /* If the user requests the filesystem type, error out unless the
-+   * filesystem type is
-+   *
-+   * - well-known [1]; or
-+   * - in the /etc/filesystems file; or
-+   * - in the /proc/filesystems file
-+   *
-+   * We do this because mount(8) on Linux allows loading any arbitrary
-+   * kernel module (when invoked as root) by passing something appropriate
-+   * to the -t option. So we have to validate whatever we pass.
-+   *
-+   * See https://bugs.freedesktop.org/show_bug.cgi?id=32232 for more
-+   * details.
-+   *
-+   * [1] : since /etc/filesystems may be horribly out of date and not
-+   *       contain e.g. ext4
-+   */
-+  if (filesystem_type != NULL && strlen (filesystem_type) > 0 &&
-+      g_strcmp0 (filesystem_type, "auto") != 0)
-+    {
-+      if (!is_allowed_filesystem (filesystem_type))
-+        {
-+          throw_error (context, ERROR_FAILED,
-+                       "Requested filesystem type is neither well-known nor "
-+                       "in /proc/filesystems nor in /etc/filesystems");
-+          goto out;
-+        }
-+    }
-+
-   daemon_local_get_uid (device->priv->daemon, &caller_uid, context);
- 
-   if (device->priv->id_usage == NULL || strcmp (device->priv->id_usage, "filesystem") != 0)
---
-cgit v0.8.3-6-g21f6

diff --git a/sys-fs/udisks/udisks-1.0.2-r1.ebuild b/sys-fs/udisks/udisks-1.0.2-r1.ebuild
deleted file mode 100644 (file)
index 72bbe83..0000000
--- a/sys-fs/udisks/udisks-1.0.2-r1.ebuild
+++ /dev/null
@@ -1,75 +0,0 @@
-# Copyright 1999-2011 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-fs/udisks/udisks-1.0.2-r1.ebuild,v 1.7 2011/04/26 10:51:37 xarthisius Exp $
-
-EAPI=4
-inherit eutils bash-completion linux-info
-
-DESCRIPTION="Daemon providing interfaces to work with storage devices"
-HOMEPAGE="http://www.freedesktop.org/wiki/Software/udisks"
-SRC_URI="http://hal.freedesktop.org/releases/${P}.tar.gz"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="alpha amd64 arm hppa ia64 ppc ppc64 sh sparc x86"
-IUSE="debug doc nls remote-access"
-
-COMMON_DEPEND=">=sys-fs/udev-147[extras]
-       >=dev-libs/glib-2.16.1:2
-       >=sys-apps/dbus-1.4.0
-       >=dev-libs/dbus-glib-0.92
-       >=sys-auth/polkit-0.97
-       >=sys-block/parted-1.8.8[device-mapper]
-       >=sys-fs/lvm2-2.02.66
-       >=dev-libs/libatasmart-0.14
-       >=sys-apps/sg3_utils-1.27.20090411
-       !sys-apps/devicekit-disks"
-RDEPEND="${COMMON_DEPEND}
-       virtual/eject
-       remote-access? ( net-dns/avahi )"
-DEPEND="${COMMON_DEPEND}
-       app-text/docbook-xsl-stylesheets
-       dev-libs/libxslt
-       >=dev-util/intltool-0.40.0
-       dev-util/pkgconfig
-       doc? ( dev-util/gtk-doc
-               app-text/docbook-xml-dtd:4.1.2 )"
-
-RESTRICT="test" # this would need running dbus and sudo available
-
-pkg_setup() {
-       DOCS="AUTHORS HACKING NEWS README"
-
-       if use amd64 || use x86; then
-               CONFIG_CHECK="~USB_SUSPEND ~!IDE"
-               linux-info_pkg_setup
-       fi
-}
-
-src_prepare() {
-       epatch "${FILESDIR}"/${P}-CVE-2010-4661.patch
-}
-
-src_configure() {
-       econf \
-               --localstatedir="${EPREFIX}"/var \
-               --disable-dependency-tracking \
-               --disable-static \
-               $(use_enable debug verbose-mode) \
-               --enable-man-pages \
-               $(use_enable doc gtk-doc) \
-               $(use_enable remote-access) \
-               $(use_enable nls) \
-               --with-html-dir="${EPREFIX}"/usr/share/doc/${PF}/html
-}
-
-src_install() {
-       default
-
-       rm -f "${ED}"/etc/profile.d/udisks-bash-completion.sh
-       dobashcompletion tools/udisks-bash-completion.sh ${PN}
-
-       find "${ED}" -name '*.la' -exec rm -f {} +
-
-       keepdir /media
-}