diff options
author | Nicolás Reynolds <fauno@endefensadelsl.org> | 2013-06-20 16:36:47 -0300 |
---|---|---|
committer | Nicolás Reynolds <fauno@endefensadelsl.org> | 2013-06-20 16:36:47 -0300 |
commit | 572f3b3bd973bfa7e64c4c42fe87c8e3a79b7c20 (patch) | |
tree | 89f43dd22eaacadfa97977de1f3b73285da15735 /extra/x2goserver/revert.patch | |
parent | cebf33d7109e0157a80f34d6136e212f0a28d274 (diff) | |
parent | 5898d76e47144f2366f9acda9ab52827b696c2d5 (diff) |
Merge branch 'master' of ssh://vparabola/home/parabola/abslibre-pre-mips64el
Conflicts:
community/bitcoin/PKGBUILD
community/ecryptfs-utils/PKGBUILD
community/erlang/PKGBUILD
community/esmtp/PKGBUILD
community/gmic/PKGBUILD
community/ibus-sunpinyin/PKGBUILD
community/libev/PKGBUILD
community/libmirage/PKGBUILD
community/libraw/PKGBUILD
community/lilypond/PKGBUILD
community/luajit/PKGBUILD
community/matchbox-window-manager/PKGBUILD
community/miniupnpc/PKGBUILD
community/mplayer2/PKGBUILD
community/mumble/PKGBUILD
community/oss/PKGBUILD
community/pidgin-lwqq/PKGBUILD
community/postgis/PKGBUILD
community/python2-pytables/PKGBUILD
community/qmc2/PKGBUILD
community/qtfm/PKGBUILD
community/ruby-gtk3/PKGBUILD
community/tea/PKGBUILD
community/yacpi/PKGBUILD
core/bridge-utils/PKGBUILD
core/gcc/PKGBUILD
core/libsasl/PKGBUILD
core/lvm2/PKGBUILD
core/net-tools/PKGBUILD
core/ppp/PKGBUILD
core/pptpclient/PKGBUILD
core/sdparm/PKGBUILD
core/systemd/PKGBUILD
core/sysvinit-tools/PKGBUILD
extra/aisleriot/PKGBUILD
extra/arora/PKGBUILD
extra/bluez-hcidump/PKGBUILD
extra/bluez/PKGBUILD
extra/cups/PKGBUILD
extra/cyrus-sasl/PKGBUILD
extra/dhcp/PKGBUILD
extra/gnome-bluetooth/PKGBUILD
extra/gnome-desktop/PKGBUILD
extra/gnutls/PKGBUILD
extra/gts/PKGBUILD
extra/guile/PKGBUILD
extra/harfbuzz/PKGBUILD
extra/iptraf-ng/PKGBUILD
extra/json-c/PKGBUILD
extra/kdenetwork/PKGBUILD
extra/kdepim/PKGBUILD
extra/kdesdk-kate/PKGBUILD
extra/libatasmart/PKGBUILD
extra/libbsd/PKGBUILD
extra/libdmtx/PKGBUILD
extra/libhangul/PKGBUILD
extra/libindi/PKGBUILD
extra/libpeas/PKGBUILD
extra/libsmbios/PKGBUILD
extra/libspiro/PKGBUILD
extra/libsrtp/PKGBUILD
extra/libxml2/PKGBUILD
extra/libxrender/PKGBUILD
extra/libxvmc/PKGBUILD
extra/llvm/PKGBUILD
extra/maxima/PKGBUILD
extra/msmtp/PKGBUILD
extra/ortp/PKGBUILD
extra/perl-dbd-sqlite/PKGBUILD
extra/perl-yaml-syck/PKGBUILD
extra/php/PKGBUILD
extra/pm-utils/PKGBUILD
extra/pulseaudio/PKGBUILD
extra/pyqt4/PKGBUILD
extra/scim-anthy/PKGBUILD
extra/scim-chewing/PKGBUILD
extra/scim-m17n/PKGBUILD
extra/scim/PKGBUILD
extra/ssmtp/PKGBUILD
extra/texmacs/PKGBUILD
extra/v86d/PKGBUILD
extra/vlc/PKGBUILD
extra/webkitgtk/PKGBUILD
extra/webkitgtk2/PKGBUILD
extra/wireshark/PKGBUILD
extra/zsh/PKGBUILD
libre/bogofilter-libre/PKGBUILD
libre/ecasound-libre/PKGBUILD
libre/libretools/libretools.install
libre/mc-libre/PKGBUILD
Diffstat (limited to 'extra/x2goserver/revert.patch')
-rw-r--r-- | extra/x2goserver/revert.patch | 152 |
1 files changed, 0 insertions, 152 deletions
diff --git a/extra/x2goserver/revert.patch b/extra/x2goserver/revert.patch deleted file mode 100644 index 023bbd18c..000000000 --- a/extra/x2goserver/revert.patch +++ /dev/null @@ -1,152 +0,0 @@ -From 011d14ae076ba6fec96cd1e019c4f82444ab0f9f Mon Sep 17 00:00:00 2001 -From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de> -Date: Sun, 19 May 2013 00:41:32 +0200 -Subject: [PATCH] Security fix for setgid wrapper x2gosqlitewrapper.c. - Hard-code path to x2gosqlitewrapper.pl during build via - defining a macro in the Makefile. Thanks to Richard - Weinberger for spotting this!!! - ---- - Makefile | 2 +- - debian/changelog | 3 +++ - debian/rules | 4 +-- - x2goserver/Makefile | 4 +-- - x2goserver/x2gosqlitewrapper.c | 54 +++------------------------------------- - 5 files changed, 12 insertions(+), 55 deletions(-) - -diff --git a/Makefile b/Makefile -index 3be40f9..588084f 100755 ---- a/Makefile -+++ b/Makefile -@@ -4,7 +4,7 @@ RM_FILE=rm -f - RM_DIR=rmdir -p --ignore-fail-on-non-empty - - DESTDIR= --PREFIX=/usr/local -+PREFIX ?= /usr/local - ETCDIR=/etc/x2go - LIBDIR=$(PREFIX)/lib/x2go - SHAREDIR=$(PREFIX)/share/x2go -diff --git a/debian/changelog b/debian/changelog -index 470a502..2cf2dde 100644 ---- a/debian/changelog -+++ b/debian/changelog -@@ -12,6 +12,9 @@ x2goserver (4.0.0.2-0~x2go1) UNRELEASED; urgency=low - * New upstream version (4.0.0.2): - - Use make_path from File::Path in x2godbadmin to create user directory if - not present. (Fixes: #200). -+ - Security fix for setgid wrapper x2gosqlitewrapper.c. Hard-code path to -+ x2gosqlitewrapper.pl during build via defining a macro in the Makefile. -+ Thanks to Richard Weinberger for spotting this!!! - /debian/control: - + Let x2goserver bin:package depend on xfonts-base and fontconfig. (Fixes: - #163). -diff --git a/debian/rules b/debian/rules -index b32e08d..5bb94b2 100755 ---- a/debian/rules -+++ b/debian/rules -@@ -1,10 +1,10 @@ - #!/usr/bin/make -f - - %: -- dh $@ -+ PREFIX=/usr dh $@ - - override_dh_auto_install: -- make -f Makefile build-arch -+ PREFIX=/usr make -f Makefile build-arch - - override_dh_auto_clean: - rm -fv x2gosqlitewrapper -diff --git a/x2goserver/Makefile b/x2goserver/Makefile -index 4287478..e9d56e6 100755 ---- a/x2goserver/Makefile -+++ b/x2goserver/Makefile -@@ -15,7 +15,7 @@ RM_FILE=rm -f - RM_DIR=rmdir -p --ignore-fail-on-non-empty - - DESTDIR= --PREFIX=/usr/local -+PREFIX ?= /usr/local - ETCDIR=/etc/x2go - BINDIR=$(PREFIX)/bin - SBINDIR=$(PREFIX)/sbin -@@ -41,7 +41,7 @@ build: build-arch build-indep - build-arch: build_setgidwrappers - - build_setgidwrappers: -- $(CC) $(CFLAGS) $(LDFLAGS) -o x2gosqlitewrapper x2gosqlitewrapper.c -+ $(CC) $(CFLAGS) $(LDFLAGS) -DTRUSTED_BINARY=\"$(DESTDIR)$(LIBDIR)/x2gosqlitewrapper.pl\" -o x2gosqlitewrapper x2gosqlitewrapper.c - - build-indep: build_man2html - -diff --git a/x2goserver/x2gosqlitewrapper.c b/x2goserver/x2gosqlitewrapper.c -index a134efc..ad95eff 100644 ---- a/x2goserver/x2gosqlitewrapper.c -+++ b/x2goserver/x2gosqlitewrapper.c -@@ -21,58 +21,12 @@ - * - */ - --#include <stdio.h> --#include <stdlib.h> --#include <unistd.h> --#include <libgen.h> --#include <errno.h> -- - int main( int argc, char *argv[] ) { -- char * x2gosqlitewrapper = NULL; -- size_t path_max; -- --/* -- The following snippet is taken from the realpath manpage --*/ --#ifdef PATH_MAX -- path_max = PATH_MAX; --#else -- path_max = pathconf (".", _PC_PATH_MAX); -- if (path_max <= 0){ -- path_max = 4096; -- } --#endif -- { -- // allocate dynamic buffer in stack: this needs C99 or gnu?? -- char buffer[path_max]; -- ssize_t rvrl; -- int rvap; -- -- // resolve link of /proc/self/exe to find out where we are -- rvrl = readlink("/proc/self/exe", buffer, path_max); -- if(rvrl == -1){ -- perror("readlink(\"/proc/self/exe\",buffer,path_max)"); -- exit(EXIT_FAILURE); -- } -- if(rvrl >= path_max){ -- fprintf(stderr, "Could not resolve the path of this file using \"/proc/self/exe\". The path is too long (> %i)", path_max); -- exit(EXIT_FAILURE); -- } -- -- // derive the full path of x2gosqlitewrapper.pl from path of this binary -- rvap = asprintf(&x2gosqlitewrapper, "%s/%s", dirname(buffer), "x2gosqlitewrapper.pl"); -- if(rvap == -1){ -- fprintf(stderr, "Failed to allocate memory calling asprintf\n"); -- exit(EXIT_FAILURE); -- } -- -- // execute the script, running with user-rights of this binary -- execv(x2gosqlitewrapper, argv); - -- } -+ char x2gosqlitewrapper[] = TRUSTED_BINARY; - -- // ...fail -- fprintf(stderr, "Failed to execute %s: %s\n", x2gosqlitewrapper, strerror(errno)); -- return EXIT_FAILURE; -+ argv[0] = "x2gosqlitewrapper.pl"; -+ // execute the script, running with user-rights of this binary -+ execv(x2gosqlitewrapper, argv); - - } --- -1.7.9.5 - |