diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2018-05-25 23:29:36 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2018-05-31 15:16:15 -0700 |
commit | 3152fcc3bbd4cabf01c7e70766a305ce4c725881 (patch) | |
tree | 59b07e5d76b8023848dff79ce5fe6b83cd536925 /patches/source/udisks2 | |
parent | 9664bee729d487bcc0a0bc35859f8e13d5421c75 (diff) | |
download | current-3152fcc3bbd4cabf01c7e70766a305ce4c725881.tar.gz current-3152fcc3bbd4cabf01c7e70766a305ce4c725881.tar.xz |
Fri May 25 23:29:36 UTC 201814.0
patches/packages/glibc-zoneinfo-2018e-noarch-2_slack14.0.txz: Rebuilt.
Handle removal of US/Pacific-New timezone. If we see that the machine is
using this, it will be automatically switched to US/Pacific.
Diffstat (limited to 'patches/source/udisks2')
-rw-r--r-- | patches/source/udisks2/doinst.sh | 12 | ||||
-rw-r--r-- | patches/source/udisks2/slack-desc | 19 | ||||
-rw-r--r-- | patches/source/udisks2/udisks2.CVE-2014-0004.diff | 106 | ||||
-rwxr-xr-x | patches/source/udisks2/udisks2.SlackBuild | 142 |
4 files changed, 279 insertions, 0 deletions
diff --git a/patches/source/udisks2/doinst.sh b/patches/source/udisks2/doinst.sh new file mode 100644 index 000000000..c186599af --- /dev/null +++ b/patches/source/udisks2/doinst.sh @@ -0,0 +1,12 @@ +# udisks2 is stupid about testing files before using them. If /etc/crypttab +# does not exist, it will fill the log with "errors" as it tries to open the +# nonexistent file. There's really no reason that a system without encrypted +# volumes should require this file, but nobody upstream cares to fix the +# problem (and the code's too messy for me to find it), so we have little +# choice but to trowel over this. (sigh) + +if [ ! -r etc/crypttab ]; then + # echo "HEY, EVERYONE SHOULD HAVE A CRYPTTAB!!!" (just kidding) + touch etc/crypttab +fi + diff --git a/patches/source/udisks2/slack-desc b/patches/source/udisks2/slack-desc new file mode 100644 index 000000000..0d6d44272 --- /dev/null +++ b/patches/source/udisks2/slack-desc @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. Line +# up the first '|' above the ':' following the base package name, and the '|' +# on the right side marks the last column you can put a character in. You must +# make exactly 11 lines for the formatting to be correct. It's also +# customary to leave one space after the ':'. + + |-----handy-ruler------------------------------------------------------| +udisks2: udisks2 (storage device daemon v2) +udisks2: +udisks2: The udisks project provides a storage daemon that implements D-Bus +udisks2: interfaces that can be used to query and manipulate storage devices. +udisks2: +udisks2: It also includes a command-line tool, udisks(1), that can be used to +udisks2: query and control the daemon. +udisks2: +udisks2: Homepage: http://www.freedesktop.org/wiki/Software/udisks +udisks2: +udisks2: diff --git a/patches/source/udisks2/udisks2.CVE-2014-0004.diff b/patches/source/udisks2/udisks2.CVE-2014-0004.diff new file mode 100644 index 000000000..0c81d16ad --- /dev/null +++ b/patches/source/udisks2/udisks2.CVE-2014-0004.diff @@ -0,0 +1,106 @@ +From 24496747b648d1a7bd0d6da1ef3759f035ba1cd6 Mon Sep 17 00:00:00 2001 +From: Martin Pitt <martin.pitt@ubuntu.com> +Date: Wed, 05 Mar 2014 12:47:15 +0000 +Subject: Fix buffer overflow in mount path parsing + +In the mount monitor we parse mount points from /proc/self/mountinfo and +/proc/swaps. Ensure that we don't overflow the buffers on platforms where mount +paths could be longer than PATH_MAX (unknown if that can actually happen), as +at least the mount paths for hotpluggable devices are somewhat user-controlled. + +Thanks to Florian Weimer for discovering this bug, and to David Zeuthen +for his initial patch! + +CVE-2014-0004 +--- +diff --git a/src/udisksmountmonitor.c b/src/udisksmountmonitor.c +index 8af1028..e7097fa 100644 +--- a/src/udisksmountmonitor.c ++++ b/src/udisksmountmonitor.c +@@ -38,6 +38,11 @@ + #include "udisksmount.h" + #include "udisksprivate.h" + ++/* build a %Ns format string macro with N == PATH_MAX */ ++#define xstr(s) str(s) ++#define str(s) #s ++#define PATH_MAX_FMT "%" xstr(PATH_MAX) "s" ++ + /** + * SECTION:udisksmountmonitor + * @title: UDisksMountMonitor +@@ -416,8 +421,8 @@ udisks_mount_monitor_get_mountinfo (UDisksMountMonitor *monitor, + guint mount_id; + guint parent_id; + guint major, minor; +- gchar encoded_root[PATH_MAX]; +- gchar encoded_mount_point[PATH_MAX]; ++ gchar encoded_root[PATH_MAX + 1]; ++ gchar encoded_mount_point[PATH_MAX + 1]; + gchar *mount_point; + dev_t dev; + +@@ -425,7 +430,7 @@ udisks_mount_monitor_get_mountinfo (UDisksMountMonitor *monitor, + continue; + + if (sscanf (lines[n], +- "%d %d %d:%d %s %s", ++ "%d %d %d:%d " PATH_MAX_FMT " " PATH_MAX_FMT, + &mount_id, + &parent_id, + &major, +@@ -436,6 +441,8 @@ udisks_mount_monitor_get_mountinfo (UDisksMountMonitor *monitor, + udisks_warning ("Error parsing line '%s'", lines[n]); + continue; + } ++ encoded_root[sizeof encoded_root - 1] = '\0'; ++ encoded_mount_point[sizeof encoded_mount_point - 1] = '\0'; + + /* Temporary work-around for btrfs, see + * +@@ -450,15 +457,17 @@ udisks_mount_monitor_get_mountinfo (UDisksMountMonitor *monitor, + sep = strstr (lines[n], " - "); + if (sep != NULL) + { +- gchar fstype[PATH_MAX]; +- gchar mount_source[PATH_MAX]; ++ gchar fstype[PATH_MAX + 1]; ++ gchar mount_source[PATH_MAX + 1]; + struct stat statbuf; + +- if (sscanf (sep + 3, "%s %s", fstype, mount_source) != 2) ++ if (sscanf (sep + 3, PATH_MAX_FMT " " PATH_MAX_FMT, fstype, mount_source) != 2) + { + udisks_warning ("Error parsing things past - for '%s'", lines[n]); + continue; + } ++ fstype[sizeof fstype - 1] = '\0'; ++ mount_source[sizeof mount_source - 1] = '\0'; + + if (g_strcmp0 (fstype, "btrfs") != 0) + continue; +@@ -546,7 +555,7 @@ udisks_mount_monitor_get_swaps (UDisksMountMonitor *monitor, + lines = g_strsplit (contents, "\n", 0); + for (n = 0; lines[n] != NULL; n++) + { +- gchar filename[PATH_MAX]; ++ gchar filename[PATH_MAX + 1]; + struct stat statbuf; + dev_t dev; + +@@ -557,11 +566,12 @@ udisks_mount_monitor_get_swaps (UDisksMountMonitor *monitor, + if (strlen (lines[n]) == 0) + continue; + +- if (sscanf (lines[n], "%s", filename) != 1) ++ if (sscanf (lines[n], PATH_MAX_FMT, filename) != 1) + { + udisks_warning ("Error parsing line '%s'", lines[n]); + continue; + } ++ filename[sizeof filename - 1] = '\0'; + + if (stat (filename, &statbuf) != 0) + { +-- +cgit v0.9.0.2-2-gbebe diff --git a/patches/source/udisks2/udisks2.SlackBuild b/patches/source/udisks2/udisks2.SlackBuild new file mode 100755 index 000000000..63bb0c1f6 --- /dev/null +++ b/patches/source/udisks2/udisks2.SlackBuild @@ -0,0 +1,142 @@ +#!/bin/sh + +# Slackware build script for udisks + +# Copyright 2010, 2011, 2014 Robby Workman, Northport, Alabama, USA +# All rights reserved. +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +# Modified 2012 by Eric Hameleers <alien at slackware.com> for ARM port. + +PKGNAM=udisks2 +SRCNAM=udisks +VERSION=${VERSION:-$(echo $SRCNAM-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} +BUILD=${BUILD:-2_slack14.0} + +NUMJOBS=${NUMJOBS:--j7} + +# Automatically determine the architecture we're building on: +MARCH=$( uname -m ) +if [ -z "$ARCH" ]; then + case "$MARCH" in + i?86) export ARCH=i486 ;; + armv7hl) export ARCH=$MARCH ;; + arm*) export ARCH=arm ;; + # Unless $ARCH is already set, use uname -m for all other archs: + *) export ARCH=$MARCH ;; + esac +fi + +if [ "$ARCH" = "i486" ]; then + SLKCFLAGS="-O2 -march=i486 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=i686 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -fPIC" + LIBDIRSUFFIX="64" +elif [ "$ARCH" = "armv7hl" ]; then + SLKCFLAGS="-O2 -march=armv7-a -mfpu=vfpv3-d16" + LIBDIRSUFFIX="" +else + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" +fi + +case "$ARCH" in + arm*) TARGET=$ARCH-slackware-linux-gnueabi ;; + *) TARGET=$ARCH-slackware-linux ;; +esac + +CWD=$(pwd) +TMP=${TMP:-/tmp} +PKG=$TMP/package-$PKGNAM + +rm -rf $PKG +mkdir -p $TMP $PKG +cd $TMP +rm -rf $SRCNAM-$VERSION +tar xvf $CWD/$SRCNAM-$VERSION.tar.xz || exit 1 +cd $SRCNAM-$VERSION || exit 1 + +zcat $CWD/udisks2.CVE-2014-0004.diff.gz | patch -p1 --verbose || exit 1 + +chown -R root:root . +find . \ + \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \ + -exec chmod 755 {} \; -o \ + \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ + -exec chmod 644 {} \; + +CFLAGS="$SLKCFLAGS" \ +CXXFLAGS="$SLKCFLAGS" \ +./configure \ + --prefix=/usr \ + --libdir=/usr/lib${LIBDIRSUFFIX} \ + --sysconfdir=/etc \ + --localstatedir=/var \ + --disable-static \ + --mandir=/usr/man \ + --docdir=/usr/doc/$PKGNAM-$VERSION \ + --build=$TARGET || exit 1 + +make $NUMJOBS || make || exit 1 +make install DESTDIR=$PKG || exit 1 + +# Don't ship .la files: +rm -f $PKG/usr/lib${LIBDIRSUFFIX}/*.la + +find $PKG | xargs file | grep -e "executable" -e "shared object" | grep ELF \ + | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true + +# Compress and link manpages, if any: +if [ -d $PKG/usr/man ]; then + ( cd $PKG/usr/man + for manpagedir in $(find . -type d -name "man*") ; do + ( cd $manpagedir + for eachpage in $( find . -type l -maxdepth 1) ; do + ln -s $( readlink $eachpage ).gz $eachpage.gz + rm $eachpage + done + gzip -9 *.? + ) + done + ) +fi + +mkdir -p $PKG/usr/doc/$PKGNAM-$VERSION +cp -a \ + AUTHORS COPYING* HACKING INSTALL NEWS README* \ + $PKG/usr/doc/$PKGNAM-$VERSION + +# If there's a ChangeLog, installing at least part of the recent history +# is useful, but don't let it get totally out of control: +if [ -r ChangeLog ]; then + DOCSDIR=$(echo $PKG/usr/doc/${PKGNAM}-$VERSION) + cat ChangeLog | head -n 1000 > $DOCSDIR/ChangeLog + touch -r ChangeLog $DOCSDIR/ChangeLog +fi + +mkdir -p $PKG/install +zcat $CWD/doinst.sh.gz > $PKG/install/doinst.sh +cat $CWD/slack-desc > $PKG/install/slack-desc + +cd $PKG +/sbin/makepkg -l y -c n $TMP/$PKGNAM-$VERSION-$ARCH-$BUILD.txz |