From 120c8dd70a06b4e65be9ca7739c1846c1d135fec Mon Sep 17 00:00:00 2001 From: Samuli Suominen Date: Mon, 17 Oct 2011 15:42:25 +0000 Subject: [PATCH] old Package-Manager: portage-2.2.0_alpha67/cvs/Linux x86_64 --- sys-fs/udisks/ChangeLog | 6 +- sys-fs/udisks/Manifest | 17 +- .../files/udisks-1.0.2-CVE-2010-4661.patch | 171 ------------------ sys-fs/udisks/udisks-1.0.2-r1.ebuild | 75 -------- 4 files changed, 14 insertions(+), 255 deletions(-) delete mode 100644 sys-fs/udisks/files/udisks-1.0.2-CVE-2010-4661.patch delete mode 100644 sys-fs/udisks/udisks-1.0.2-r1.ebuild diff --git a/sys-fs/udisks/ChangeLog b/sys-fs/udisks/ChangeLog index 97b8ebfacbaa..942b881dc26d 100644 --- a/sys-fs/udisks/ChangeLog +++ b/sys-fs/udisks/ChangeLog @@ -1,6 +1,10 @@ # ChangeLog for sys-fs/udisks # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-fs/udisks/ChangeLog,v 1.58 2011/10/17 14:09:33 jer Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-fs/udisks/ChangeLog,v 1.59 2011/10/17 15:42:25 ssuominen Exp $ + + 17 Oct 2011; Samuli Suominen -udisks-1.0.2-r1.ebuild, + -files/udisks-1.0.2-CVE-2010-4661.patch: + old 17 Oct 2011; Jeroen Roovers udisks-1.0.4-r1.ebuild: Stable for HPPA (bug #385231). diff --git a/sys-fs/udisks/Manifest b/sys-fs/udisks/Manifest index e9d9aecaee62..96a2a2ab3f5e 100644 --- a/sys-fs/udisks/Manifest +++ b/sys-fs/udisks/Manifest @@ -1,21 +1,22 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 -AUX udisks-1.0.2-CVE-2010-4661.patch 4790 RMD160 ae379b461830e7b3a201382d3253f62d5fd65c50 SHA1 ced4c739103d1041ee74411118ba8b73658f8e8c SHA256 be4cff70a50d0b69812fb373f381879d492fc3d015cd4162f48633cee1d22812 AUX udisks-1.0.2-ntfs-3g.patch 198 RMD160 e4b5cb3386184edf90bce5140a1c414ef5e99210 SHA1 d3ee3999b9d0437a6022d85d4535fc72632f6258 SHA256 1db923f52619c2dcc6c30ffedcd47dedce048dbec2eb781088738e51f8dc0539 AUX udisks-1.0.3-mkfs-tempdir.patch 552 RMD160 e421c0d325327d299f5f825b5c8d5abe9eb20e67 SHA1 994fbac57474d2d135f91b6994cc12b2a76042b8 SHA256 db9740b6d09fcfe3c8b1ccd48a8dcf12d3d956ccead9caa6638fc61e7dbc9e89 -DIST udisks-1.0.2.tar.gz 716381 RMD160 a022ac752ac75d3bca102adee05be43f2ebb424e SHA1 a8307d726b7f1255e7008ff708c793a1301d1309 SHA256 7dc1a150a6a31b2727144603fa5a8f9852696fc5bdc4a11917b9b0f1b8e3dcf1 DIST udisks-1.0.3.tar.gz 722912 RMD160 d6052f2e7b5be11163bbc784a9d18357fd31d7c2 SHA1 3033d99fe830a95c2a7c5a1a4e680c82632dc911 SHA256 d95bceb52a70c727291b934c4c05774899a0074927c8138a219b81a784de8a4b DIST udisks-1.0.4.tar.gz 719889 RMD160 163a8046fcc7f30d48b8272859ab0d09a88f179a SHA1 10d2acfd6e6ff4c8d9d962af1fb1856a885e3219 SHA256 854b89368733b9c3a577101b761ad5397ae75a05110c8698ac5b29de9a8bf8f5 -EBUILD udisks-1.0.2-r1.ebuild 1948 RMD160 c3c63cba11aa5825fc63edd1236dee2f71f3623b SHA1 bdc0a84045d9ea3338bd3012f44b858a950478e8 SHA256 d01c7a3fb40dd3b80977dd434fbc69fa9faf6afe7335e41d12204a31557cdc38 EBUILD udisks-1.0.3-r1.ebuild 2053 RMD160 78ec65fdca89ab4b5a93258ac3993530e134c5bb SHA1 981c0c867a392a7330e0829df57f9babeb29f77a SHA256 20ce42700e904f19b206cf0357c7f5e8be2df3910b670353b74ee139a8db3c12 EBUILD udisks-1.0.4-r1.ebuild 2031 RMD160 9116a9d23e58b34bf5f44fe8a1612478b62497bc SHA1 ac80c72464fe99590c348fd16fabecfaa19bf704 SHA256 50edb6f96cb6f289538860b443f80c5e009bb9504df26e052d0c3965a600983d -MISC ChangeLog 7987 RMD160 3e3515d6412729f7f4174d3baafe3c89c3179085 SHA1 dde95394575bd4156b86bb27cabc1119fcc23ad6 SHA256 a4f2d230176505d6f2e722fc2a249ae48d3cdff27bafb1c00475063e5858a841 +MISC ChangeLog 8122 RMD160 51ee440b9e4338c8edffd82fe9758a4f7603f9c7 SHA1 0415e0d6ba271f261c1fe638ce8e7f6914eb0196 SHA256 524fcc8ae294dfdd27e981dc62144e8121a354e6aa333cb3e9f0522df692620b MISC metadata.xml 367 RMD160 3cc82714647236fdce4606ef9e8432ef2753a553 SHA1 6fd0b25ca51d565fdc6c40b9d1fc90ebff4ddb22 SHA256 9da91cf204d0f5616ca669618f4eed4c477140aef9f7f9218217e63e7d88d051 -----BEGIN PGP SIGNATURE----- -Version: GnuPG v2.0.17 (GNU/Linux) +Version: GnuPG v2.0.18 (GNU/Linux) -iEYEARECAAYFAk6cNyMACgkQVWmRsqeSphO3OwCfXKA0Bcfxq+3EjrzeuXD6Tv7e -0k8An0PfYwfg8kDGAhkabv9yZifrRg4i -=ZlxF +iQEcBAEBAgAGBQJOnEzRAAoJEEdUh39IaPFN5LQH/ilbMB+OHM6oB9OVBNGpYGJp +FvQBkc74AtvbcKmU1HCkn4qtI2XrMcQhFZFdPpgOX8WcAO7PY2/JJyP4uzRkoyFR +g/1xakWE0HtrNUJk+/2dmUN6O+4qdJe7uca2TXopyS2LX8+tJ584frIIGY00QzTR +WwC7/voDULQImYcmxMF4m4ASOY05FdC98aHkHauYCOTRMtWCdfAtlLwIMccBupu/ +eEO6b7nCYPpMWORqzCRxrXv/Y7Rj+W9Ihz6WquPwRQ0h6Jx3rXIfQPB85X6EAT0N +Mnv5TFyxcALJltQrtkq3s1AiNVnHrcaM/iXodGZK5Bjveyik5X5YmmmikBn6wdU= +=w9v0 -----END PGP SIGNATURE----- diff --git a/sys-fs/udisks/files/udisks-1.0.2-CVE-2010-4661.patch b/sys-fs/udisks/files/udisks-1.0.2-CVE-2010-4661.patch deleted file mode 100644 index bccb138994af..000000000000 --- a/sys-fs/udisks/files/udisks-1.0.2-CVE-2010-4661.patch +++ /dev/null @@ -1,171 +0,0 @@ -From c933a929f07421ec747cebb24d5e620fc2b97037 Mon Sep 17 00:00:00 2001 -From: David Zeuthen -Date: Tue, 15 Mar 2011 13:20:44 +0000 -Subject: Bug 32232 – CVE-2010-4661: Arbitrary kernel module load - -Validate what is passed to the mount(8) command. In particular, only -allow either well-known filesystems, filesystems already loaded or -filesystem explicitly allowed by the administrator via the -/etc/filesystems file. - -See https://bugs.freedesktop.org/show_bug.cgi?id=32232 for details. - -Signed-off-by: David Zeuthen ---- -diff --git a/src/device.c b/src/device.c -index 21d9530..d6595b8 100644 ---- a/src/device.c -+++ b/src/device.c -@@ -5891,6 +5891,27 @@ static const FSMountOptions fs_mount_options[] = - { "udf", udf_defaults, udf_allow, udf_allow_uid_self, udf_allow_gid_self }, - }; - -+static const gchar *well_known_filesystems[] = -+{ -+ "btrfs", -+ "ext2", -+ "ext3", -+ "ext4", -+ "udf", -+ "iso9660", -+ "xfs", -+ "jfs", -+ "nilfs", -+ "reiserfs", -+ "reiser4", -+ "msdos", -+ "umsdos", -+ "vfat", -+ "exfat" -+ "ntfs", -+ NULL, -+}; -+ - /* ------------------------------------------------ */ - - static int num_fs_mount_options = sizeof(fs_mount_options) / sizeof(FSMountOptions); -@@ -6225,6 +6246,86 @@ filesystem_mount_completed_cb (DBusGMethodInvocation *context, - } - } - -+static gboolean -+is_in_filesystem_file (const gchar *filesystems_file, -+ const gchar *fstype) -+{ -+ gchar *filesystems; -+ GError *error; -+ gboolean ret; -+ gchar **lines; -+ guint n; -+ -+ ret = FALSE; -+ filesystems = NULL; -+ lines = NULL; -+ -+ error = NULL; -+ if (!g_file_get_contents (filesystems_file, -+ &filesystems, -+ NULL, /* gsize *out_length */ -+ &error)) -+ { -+ g_warning ("Error reading /etc/filesystems: %s (%s %d)", -+ error->message, -+ g_quark_to_string (error->domain), -+ error->code); -+ g_error_free (error); -+ goto out; -+ } -+ -+ lines = g_strsplit (filesystems, "\n", -1); -+ for (n = 0; lines != NULL && lines[n] != NULL && !ret; n++) -+ { -+ gchar **tokens; -+ gint num_tokens; -+ g_strdelimit (lines[n], " \t", ' '); -+ g_strstrip (lines[n]); -+ tokens = g_strsplit (lines[n], " ", -1); -+ num_tokens = g_strv_length (tokens); -+ if (num_tokens == 1 && g_strcmp0 (tokens[0], fstype) == 0) -+ { -+ ret = TRUE; -+ } -+ g_strfreev (tokens); -+ } -+ -+ out: -+ g_strfreev (lines); -+ g_free (filesystems); -+ return ret; -+} -+ -+static gboolean -+is_well_known_filesystem (const gchar *fstype) -+{ -+ gboolean ret; -+ guint n; -+ -+ ret = FALSE; -+ for (n = 0; well_known_filesystems[n] != NULL; n++) -+ { -+ if (g_strcmp0 (well_known_filesystems[n], fstype) == 0) -+ { -+ ret = TRUE; -+ goto out; -+ } -+ } -+ out: -+ return ret; -+} -+ -+/* this is not a very efficient implementation but it's very rarely -+ * called so no real point in optimizing it... -+ */ -+static gboolean -+is_allowed_filesystem (const gchar *fstype) -+{ -+ return is_well_known_filesystem (fstype) || -+ is_in_filesystem_file ("/proc/filesystems", fstype) || -+ is_in_filesystem_file ("/etc/filesystems", fstype); -+} -+ - static void - device_filesystem_mount_authorized_cb (Daemon *daemon, - Device *device, -@@ -6255,6 +6356,35 @@ device_filesystem_mount_authorized_cb (Daemon *daemon, - remove_dir_on_unmount = FALSE; - error = NULL; - -+ /* If the user requests the filesystem type, error out unless the -+ * filesystem type is -+ * -+ * - well-known [1]; or -+ * - in the /etc/filesystems file; or -+ * - in the /proc/filesystems file -+ * -+ * We do this because mount(8) on Linux allows loading any arbitrary -+ * kernel module (when invoked as root) by passing something appropriate -+ * to the -t option. So we have to validate whatever we pass. -+ * -+ * See https://bugs.freedesktop.org/show_bug.cgi?id=32232 for more -+ * details. -+ * -+ * [1] : since /etc/filesystems may be horribly out of date and not -+ * contain e.g. ext4 -+ */ -+ if (filesystem_type != NULL && strlen (filesystem_type) > 0 && -+ g_strcmp0 (filesystem_type, "auto") != 0) -+ { -+ if (!is_allowed_filesystem (filesystem_type)) -+ { -+ throw_error (context, ERROR_FAILED, -+ "Requested filesystem type is neither well-known nor " -+ "in /proc/filesystems nor in /etc/filesystems"); -+ goto out; -+ } -+ } -+ - daemon_local_get_uid (device->priv->daemon, &caller_uid, context); - - if (device->priv->id_usage == NULL || strcmp (device->priv->id_usage, "filesystem") != 0) --- -cgit v0.8.3-6-g21f6 diff --git a/sys-fs/udisks/udisks-1.0.2-r1.ebuild b/sys-fs/udisks/udisks-1.0.2-r1.ebuild deleted file mode 100644 index 72bbe8334055..000000000000 --- a/sys-fs/udisks/udisks-1.0.2-r1.ebuild +++ /dev/null @@ -1,75 +0,0 @@ -# Copyright 1999-2011 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-fs/udisks/udisks-1.0.2-r1.ebuild,v 1.7 2011/04/26 10:51:37 xarthisius Exp $ - -EAPI=4 -inherit eutils bash-completion linux-info - -DESCRIPTION="Daemon providing interfaces to work with storage devices" -HOMEPAGE="http://www.freedesktop.org/wiki/Software/udisks" -SRC_URI="http://hal.freedesktop.org/releases/${P}.tar.gz" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="alpha amd64 arm hppa ia64 ppc ppc64 sh sparc x86" -IUSE="debug doc nls remote-access" - -COMMON_DEPEND=">=sys-fs/udev-147[extras] - >=dev-libs/glib-2.16.1:2 - >=sys-apps/dbus-1.4.0 - >=dev-libs/dbus-glib-0.92 - >=sys-auth/polkit-0.97 - >=sys-block/parted-1.8.8[device-mapper] - >=sys-fs/lvm2-2.02.66 - >=dev-libs/libatasmart-0.14 - >=sys-apps/sg3_utils-1.27.20090411 - !sys-apps/devicekit-disks" -RDEPEND="${COMMON_DEPEND} - virtual/eject - remote-access? ( net-dns/avahi )" -DEPEND="${COMMON_DEPEND} - app-text/docbook-xsl-stylesheets - dev-libs/libxslt - >=dev-util/intltool-0.40.0 - dev-util/pkgconfig - doc? ( dev-util/gtk-doc - app-text/docbook-xml-dtd:4.1.2 )" - -RESTRICT="test" # this would need running dbus and sudo available - -pkg_setup() { - DOCS="AUTHORS HACKING NEWS README" - - if use amd64 || use x86; then - CONFIG_CHECK="~USB_SUSPEND ~!IDE" - linux-info_pkg_setup - fi -} - -src_prepare() { - epatch "${FILESDIR}"/${P}-CVE-2010-4661.patch -} - -src_configure() { - econf \ - --localstatedir="${EPREFIX}"/var \ - --disable-dependency-tracking \ - --disable-static \ - $(use_enable debug verbose-mode) \ - --enable-man-pages \ - $(use_enable doc gtk-doc) \ - $(use_enable remote-access) \ - $(use_enable nls) \ - --with-html-dir="${EPREFIX}"/usr/share/doc/${PF}/html -} - -src_install() { - default - - rm -f "${ED}"/etc/profile.d/udisks-bash-completion.sh - dobashcompletion tools/udisks-bash-completion.sh ${PN} - - find "${ED}" -name '*.la' -exec rm -f {} + - - keepdir /media -} -- 2.26.2