diff options
Diffstat (limited to 'core')
| -rw-r--r-- | core/bash/PKGBUILD | 3 | ||||
| -rw-r--r-- | core/binutils/binutils-2.21-strip-segfault.patch | 96 | ||||
| -rw-r--r-- | core/flex/PKGBUILD | 6 | ||||
| -rw-r--r-- | core/glibc/glibc-2.13-prelink.patch | 26 | ||||
| -rw-r--r-- | core/less/zless | 9 | ||||
| -rw-r--r-- | core/libmpc/PKGBUILD | 6 | ||||
| -rw-r--r-- | core/m4/PKGBUILD | 6 | ||||
| -rw-r--r-- | core/make/PKGBUILD | 6 | ||||
| -rw-r--r-- | core/ppl/PKGBUILD | 6 | ||||
| -rw-r--r-- | core/psmisc/ChangeLog | 40 | ||||
| -rw-r--r-- | core/shadow/LICENSE | 31 | ||||
| -rw-r--r-- | core/shadow/PKGBUILD | 70 | ||||
| -rw-r--r-- | core/shadow/chage | 6 | ||||
| -rw-r--r-- | core/shadow/chsh | 6 | ||||
| -rw-r--r-- | core/shadow/login.defs | 21 | ||||
| -rw-r--r-- | core/shadow/shadow | 6 | ||||
| -rw-r--r-- | core/shadow/shadow-4.1.4.2-groupmod-pam-check.patch | 21 | ||||
| -rw-r--r-- | core/shadow/shadow-add-missing-include.patch | 11 | ||||
| -rw-r--r-- | core/shadow/shadow-strncpy-usage.patch | 27 | ||||
| -rw-r--r-- | core/shadow/shadow_CVE-2011-0721.patch | 57 | ||||
| -rw-r--r-- | core/syslog-ng/PKGBUILD | 25 | ||||
| -rw-r--r-- | core/syslog-ng/non-blocking-systemd-fds.patch | 32 | ||||
| -rw-r--r-- | core/tar/PKGBUILD | 6 |
23 files changed, 248 insertions, 275 deletions
diff --git a/core/bash/PKGBUILD b/core/bash/PKGBUILD index a44a19138..6e2469e5a 100644 --- a/core/bash/PKGBUILD +++ b/core/bash/PKGBUILD @@ -1,4 +1,4 @@ -# $Id: PKGBUILD 123077 2011-05-08 02:14:26Z allan $ +# $Id: PKGBUILD 129828 2011-06-29 04:14:18Z allan $ # Maintainer: Aaron Griffin <aaron@archlinux.org> # Maintainer: Allan McRae <allan@archlinux.org> @@ -49,6 +49,7 @@ build() { } check() { + cd ${srcdir}/${pkgname}-$_basever make check } diff --git a/core/binutils/binutils-2.21-strip-segfault.patch b/core/binutils/binutils-2.21-strip-segfault.patch deleted file mode 100644 index 0133d879b..000000000 --- a/core/binutils/binutils-2.21-strip-segfault.patch +++ /dev/null @@ -1,96 +0,0 @@ -diff --git a/binutils/objcopy.c b/binutils/objcopy.c -index 15c4f95..b64f3d0 100644 ---- a/binutils/objcopy.c -+++ b/binutils/objcopy.c -@@ -1,6 +1,6 @@ - /* objcopy.c -- copy object file from input to output, optionally massaging it. - Copyright 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, -- 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 -+ 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 - Free Software Foundation, Inc. - - This file is part of GNU Binutils. -@@ -2024,6 +2024,7 @@ copy_archive (bfd *ibfd, bfd *obfd, const char *output_target, - struct stat buf; - int stat_status = 0; - bfd_boolean del = TRUE; -+ bfd_boolean ok_object; - - /* Create an output file for this member. */ - output_name = concat (dir, "/", -@@ -2061,44 +2062,42 @@ copy_archive (bfd *ibfd, bfd *obfd, const char *output_target, - l->obfd = NULL; - list = l; - -- if (bfd_check_format (this_element, bfd_object)) -+ ok_object = bfd_check_format (this_element, bfd_object); -+ if (!ok_object) -+ bfd_nonfatal_message (NULL, this_element, NULL, -+ _("Unable to recognise the format of file")); -+ -+ /* PR binutils/3110: Cope with archives -+ containing multiple target types. */ -+ if (force_output_target || !ok_object) -+ output_bfd = bfd_openw (output_name, output_target); -+ else -+ output_bfd = bfd_openw (output_name, bfd_get_target (this_element)); -+ -+ if (output_bfd == NULL) - { -- /* PR binutils/3110: Cope with archives -- containing multiple target types. */ -- if (force_output_target) -- output_bfd = bfd_openw (output_name, output_target); -- else -- output_bfd = bfd_openw (output_name, bfd_get_target (this_element)); -+ bfd_nonfatal_message (output_name, NULL, NULL, NULL); -+ status = 1; -+ return; -+ } -+ -+ if (ok_object) -+ { -+ del = !copy_object (this_element, output_bfd, input_arch); - -- if (output_bfd == NULL) -+ if (del && bfd_get_arch (this_element) == bfd_arch_unknown) -+ /* Try again as an unknown object file. */ -+ ok_object = FALSE; -+ else if (!bfd_close (output_bfd)) - { - bfd_nonfatal_message (output_name, NULL, NULL, NULL); -+ /* Error in new object file. Don't change archive. */ - status = 1; -- return; - } -- -- del = ! copy_object (this_element, output_bfd, input_arch); -- -- if (! del -- || bfd_get_arch (this_element) != bfd_arch_unknown) -- { -- if (!bfd_close (output_bfd)) -- { -- bfd_nonfatal_message (output_name, NULL, NULL, NULL); -- /* Error in new object file. Don't change archive. */ -- status = 1; -- } -- } -- else -- goto copy_unknown_element; - } -- else -- { -- bfd_nonfatal_message (NULL, this_element, NULL, -- _("Unable to recognise the format of file")); - -- output_bfd = bfd_openw (output_name, output_target); --copy_unknown_element: -+ if (!ok_object) -+ { - del = !copy_unknown_object (this_element, output_bfd); - if (!bfd_close_all_done (output_bfd)) - { --- -1.6.5.GIT - diff --git a/core/flex/PKGBUILD b/core/flex/PKGBUILD index a28cf39df..24d25b67a 100644 --- a/core/flex/PKGBUILD +++ b/core/flex/PKGBUILD @@ -1,4 +1,4 @@ -# $Id: PKGBUILD 91170 2010-09-23 14:30:47Z allan $ +# $Id: PKGBUILD 129833 2011-06-29 04:16:41Z allan $ # Maintainer: Allan McRae <allan@archlinux.org> # Contributor: judd <jvinet@zeroflux.org> @@ -36,6 +36,10 @@ build() { ./configure --prefix=/usr \ --mandir=/usr/share/man --infodir=/usr/share/info make +} + +check() { + cd $srcdir/$pkgname-$pkgver make check } diff --git a/core/glibc/glibc-2.13-prelink.patch b/core/glibc/glibc-2.13-prelink.patch deleted file mode 100644 index bef7998a8..000000000 --- a/core/glibc/glibc-2.13-prelink.patch +++ /dev/null @@ -1,26 +0,0 @@ -diff --git a/elf/rtld.c b/elf/rtld.c -index 9a560b3..201c9cf 100644 ---- a/elf/rtld.c -+++ b/elf/rtld.c -@@ -2168,6 +2168,10 @@ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n", - we need it in the memory handling later. */ - GLRO(dl_initial_searchlist) = *GL(dl_ns)[LM_ID_BASE]._ns_main_searchlist; - -+ /* Remember the last search directory added at startup, now that -+ malloc will no longer be the one from dl-minimal.c. */ -+ GLRO(dl_init_all_dirs) = GL(dl_all_dirs); -+ - if (prelinked) - { - if (main_map->l_info [ADDRIDX (DT_GNU_CONFLICT)] != NULL) -@@ -2288,10 +2292,6 @@ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n", - lossage); - } - -- /* Remember the last search directory added at startup, now that -- malloc will no longer be the one from dl-minimal.c. */ -- GLRO(dl_init_all_dirs) = GL(dl_all_dirs); -- - if (! prelinked && rtld_multiple_ref) - { - /* There was an explicit ref to the dynamic linker as a shared lib. diff --git a/core/less/zless b/core/less/zless deleted file mode 100644 index 93d560bc5..000000000 --- a/core/less/zless +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/sh - -: ${PAGER=less} -export PAGER - -PATH="/usr/bin:$PATH" -export PATH - -exec zmore ${1+"$@"} diff --git a/core/libmpc/PKGBUILD b/core/libmpc/PKGBUILD index 45c4662dd..edbdb85f6 100644 --- a/core/libmpc/PKGBUILD +++ b/core/libmpc/PKGBUILD @@ -1,4 +1,4 @@ -# $Id: PKGBUILD 111157 2011-02-24 12:31:09Z allan $ +# $Id: PKGBUILD 129838 2011-06-29 04:23:14Z allan $ # Maintainer: Allan McRae <allan@archlinux.org> pkgname=libmpc @@ -25,6 +25,10 @@ build() { ./configure --prefix=/usr make +} + +check() { + cd "${srcdir}/mpc-${pkgver}" make check } diff --git a/core/m4/PKGBUILD b/core/m4/PKGBUILD index 09401b9bc..01f5364f0 100644 --- a/core/m4/PKGBUILD +++ b/core/m4/PKGBUILD @@ -1,4 +1,4 @@ -# $Id: PKGBUILD 111924 2011-03-02 03:59:52Z allan $ +# $Id: PKGBUILD 129843 2011-06-29 04:25:22Z allan $ # Maintainer: Allan McRae <allan@archlinux.org> # Contributor: Andreas Radke <andyrtr@archlinux.org> @@ -19,6 +19,10 @@ build() { cd ${srcdir}/$pkgname-$pkgver ./configure --prefix=/usr make +} + +check() { + cd ${srcdir}/$pkgname-$pkgver make check } diff --git a/core/make/PKGBUILD b/core/make/PKGBUILD index 832522a78..3da9085d7 100644 --- a/core/make/PKGBUILD +++ b/core/make/PKGBUILD @@ -1,4 +1,4 @@ -# $Id: PKGBUILD 110342 2011-02-18 22:21:30Z allan $ +# $Id: PKGBUILD 129849 2011-06-29 04:28:30Z allan $ # Maintainer: Allan McRae <allan@archlinux.org> # Contributor: judd <jvinet@zeroflux.org> @@ -36,6 +36,10 @@ build() { ./configure --prefix=/usr make +} + +check() { + cd ${srcdir}/${pkgname}-${pkgver} make check } diff --git a/core/ppl/PKGBUILD b/core/ppl/PKGBUILD index 34b6bac50..649f2b572 100644 --- a/core/ppl/PKGBUILD +++ b/core/ppl/PKGBUILD @@ -1,4 +1,4 @@ -# $Id: PKGBUILD 111674 2011-02-28 10:47:00Z allan $ +# $Id: PKGBUILD 129854 2011-06-29 04:31:09Z allan $ # Maintainer: Allan McRae <allan@archlinux.org> # Contributor: ezzetabi <ezzetabi at gawab dot com> @@ -18,6 +18,10 @@ build() { cd $srcdir/ppl-$pkgver ./configure --prefix=/usr --enable-interfaces="c,cxx" make +} + +check() { + cd $srcdir/ppl-$pkgver make check } diff --git a/core/psmisc/ChangeLog b/core/psmisc/ChangeLog deleted file mode 100644 index d9fa6dfa5..000000000 --- a/core/psmisc/ChangeLog +++ /dev/null @@ -1,40 +0,0 @@ -2010-09-06 Eric Belanger <eric@archlinux.org> - - * psmisc 22.13-1 - * Upstream update - -2010-08-03 Eric Belanger <eric@archlinux.org> - - * psmisc 22.12-1 - * Upstream update - * Updated psmisc.checkregs.fix.patch - -2010-04-30 Eric Belanger <eric@archlinux.org> - - * psmisc 22.11-1 - * Upstream update - -2010-01-12 Eric Belanger <eric@archlinux.org> - - * psmisc 22.10-1 - * Upstream update - -2009-07-31 Eric Belanger <eric@archlinux.org> - - * psmisc 22.8-1 - * Upstream update - -2009-05-14 Eric Belanger <eric@archlinux.org> - - * psmisc 22.7-1 - * Upstream update - -2009-04-30 Eric Belanger <eric@archlinux.org> - - * psmisc 22.6-2.1 - * Added peekfd in x86_64 package (close FS#14514) - -2008-10-19 Eric Belanger <eric@archlinux.org> - - * Updated url - * Added ChangeLog diff --git a/core/shadow/LICENSE b/core/shadow/LICENSE new file mode 100644 index 000000000..c5ab15a56 --- /dev/null +++ b/core/shadow/LICENSE @@ -0,0 +1,31 @@ +/* + * Copyright (c) 1990 - 1994, Julianne Frances Haugh + * Copyright (c) 1996 - 2000, Marek Michałkiewicz + * Copyright (c) 2001 - 2006, Tomasz Kłoczko + * Copyright (c) 2007 - 2009, Nicolas François + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the copyright holders or contributors may not be used to + * endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ diff --git a/core/shadow/PKGBUILD b/core/shadow/PKGBUILD index 2d586265a..b3a130166 100644 --- a/core/shadow/PKGBUILD +++ b/core/shadow/PKGBUILD @@ -1,15 +1,15 @@ -# $Id: PKGBUILD 111984 2011-03-02 21:59:18Z eric $ +# $Id: PKGBUILD 129320 2011-06-26 16:36:48Z eric $ # Maintainer: Aaron Griffin <aaron@archlinux.org> pkgname=shadow pkgver=4.1.4.3 -pkgrel=1 -pkgdesc="Shadow password file utilities" -arch=('i686' 'x86_64' 'mips64el') +pkgrel=2 +pkgdesc="Password and account management tool suite with support for shadow files and PAM" +arch=('i686' 'x86_64') url='http://pkg-shadow.alioth.debian.org/' -license=('custom') +license=('BSD') groups=('base') -depends=('bash' 'pam') +depends=('bash' 'pam' 'acl') backup=(etc/login.defs etc/pam.d/{chage,login,passwd,shadow,useradd,usermod,userdel} etc/pam.d/{chpasswd,newusers,groupadd,groupdel,groupmod} @@ -17,26 +17,32 @@ backup=(etc/login.defs etc/default/useradd) options=('!libtool') install=shadow.install -source=(ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-$pkgver.tar.bz2 - useradd.defaults login passwd chgpasswd chpasswd newusers defaults.pam - login.defs adduser shadow.cron.daily xstrdup.patch shadow-4.1.4.2-groupmod-pam-check.patch) -md5sums=('b8608d8294ac88974f27b20f991c0e79' 'beb64d09256ea46a4d96a783f096447f'\ - 'bf137fac19884d71dc55c24b6d08e16c' 'b84204ab731bd02dca49d0637d44ebec'\ - '65e9ebce249a5b9ed021e2790452b9e1' '453a98456b297d2a69ca7e9b5f40d10b'\ - '453a98456b297d2a69ca7e9b5f40d10b' 'a31374fef2cba0ca34dfc7078e2969e4'\ - 'fad9a7116366f7775b1099290be840da' '6ce67e423ee19c87ae64f661310b2408'\ - '1d64b4113e1d402746d9dd65f28a2c6f' '0eebe9d13065bec4b5d7ccf3bf46c509'\ - '7b747f7dca38b0b6e8ee56434378baae') -sha1sums=('ad9b85b5531ce8e68f4695efc4ac53ba7266269e' '9ae93de5987dd0ae428f0cc1a5a5a5cd53583f19'\ - '0b2d98a0ee3bfde8551ade48d4d35cc20ec702a1' '6f183bc7709b0a8d20ad17481a4ad025cf6e5056'\ - '4ad0e059406a305c8640ed30d93c2a1f62c2f4ad' 'd66096ed9477bd7242e8d2cc28eaa23170269788'\ - 'd66096ed9477bd7242e8d2cc28eaa23170269788' '0e56fed7fc93572c6bf0d8f3b099166558bb46f1'\ - 'fceb6defbf959f9bee5598e89378a49297968d1a' '78ec184a499f9708adcfcf0b7a3b22a60bf39f91'\ - '5d83ba7e11c765c951867cbe00b0ae7ff57148fa' '6010fffeed1fc6673ad9875492e1193b1a847b53'\ - '5823f38c0085b27e7e4327ab17ecc13563a43650') +#http://pkg-shadow.alioth.debian.org/releases/shadow-$pkgver.tar.bz2 +# shadow 4.1.4.3 is just shadow 4.1.4.2 with shadow_CVE-2011-0721.patch applied +source=(ftp://ftp.archlinux.org/other/shadow/shadow_4.1.4.2+svn3283.orig.tar.gz + adduser chgpasswd chpasswd defaults.pam login login.defs newusers + passwd shadow.cron.daily useradd.defaults LICENSE + xstrdup.patch shadow_CVE-2011-0721.patch shadow-strncpy-usage.patch + shadow-add-missing-include.patch) +sha1sums=('8b704b8f07718e329205f23d457c3121c0f3679e' + '78ec184a499f9708adcfcf0b7a3b22a60bf39f91' + '4ad0e059406a305c8640ed30d93c2a1f62c2f4ad' + 'd66096ed9477bd7242e8d2cc28eaa23170269788' + '0e56fed7fc93572c6bf0d8f3b099166558bb46f1' + '0b2d98a0ee3bfde8551ade48d4d35cc20ec702a1' + 'e5cab2118ecb1e61874cde842d7d04d1003f35cb' + 'd66096ed9477bd7242e8d2cc28eaa23170269788' + '6f183bc7709b0a8d20ad17481a4ad025cf6e5056' + '5d83ba7e11c765c951867cbe00b0ae7ff57148fa' + '9ae93de5987dd0ae428f0cc1a5a5a5cd53583f19' + '33a6cf1e44a1410e5c9726c89e5de68b78f5f922' + '6010fffeed1fc6673ad9875492e1193b1a847b53' + '6bfe6528391eb38d338beacedd620407877b637d' + '9db9e62ad173f31e1039121c0124cf60826ffd7e' + '0697a21f7519de30821da7772677035652df4ad2') build() { - cd "$srcdir/$pkgname-$pkgver" + cd "$srcdir/$pkgname-4.1.4.2+svn3283" #Ugh, force this to build shared libraries, for god's sake sed -i "s/noinst_LTLIBRARIES/lib_LTLIBRARIES/g" lib/Makefile.am @@ -44,8 +50,10 @@ build() { autoreconf export LDFLAGS="$LDFLAGS -lcrypt" - patch -Np1 -i "$srcdir/xstrdup.patch" - patch -Np1 -i "$srcdir/shadow-4.1.4.2-groupmod-pam-check.patch" + patch -p1 -i "$srcdir/xstrdup.patch" + patch -p1 -i "$srcdir/shadow_CVE-2011-0721.patch" + patch -p1 -i "$srcdir/shadow-strncpy-usage.patch" + patch -p1 -i "$srcdir/shadow-add-missing-include.patch" # supress etc/pam.d/*, we provide our own sed -i '/^SUBDIRS/s/pam.d//' etc/Makefile.in @@ -59,11 +67,11 @@ build() { } package() { - cd "$srcdir/$pkgname-$pkgver" + cd "$srcdir/$pkgname-4.1.4.2+svn3283" make DESTDIR="$pkgdir" install # license - install -Dm644 COPYING "$pkgdir/usr/share/licenses/shadow/COPYING" + install -Dm644 "$srcdir/LICENSE" "$pkgdir/usr/share/licenses/shadow/LICENSE" # interactive useradd install -Dm755 "$srcdir/adduser" "$pkgdir/usr/sbin/adduser" @@ -77,7 +85,7 @@ package() { # login.defs install -Dm644 "$srcdir/login.defs" "$pkgdir/etc/login.defs" - # PAM config - cutsom + # PAM config - custom install -Dm644 "$srcdir/login" "$pkgdir/etc/pam.d/login" install -Dm644 "$srcdir/passwd" "$pkgdir/etc/pam.d/passwd" install -Dm644 "$srcdir/chgpasswd" "$pkgdir/etc/pam.d/chgpasswd" @@ -93,6 +101,6 @@ package() { done # Remove su - using su from coreutils instead - rm -v "$pkgdir/bin/su" - find "$pkgdir/usr/share/man" -name 'su.1' -exec rm -v {} \; + rm "$pkgdir/bin/su" + find "$pkgdir/usr/share/man" -name 'su.1' -delete } diff --git a/core/shadow/chage b/core/shadow/chage deleted file mode 100644 index a7bf8a4a5..000000000 --- a/core/shadow/chage +++ /dev/null @@ -1,6 +0,0 @@ -#%PAM-1.0 -auth sufficient pam_rootok.so -auth required pam_unix.so -account required pam_unix.so -session required pam_unix.so -password required pam_permit.so diff --git a/core/shadow/chsh b/core/shadow/chsh deleted file mode 100644 index a7bf8a4a5..000000000 --- a/core/shadow/chsh +++ /dev/null @@ -1,6 +0,0 @@ -#%PAM-1.0 -auth sufficient pam_rootok.so -auth required pam_unix.so -account required pam_unix.so -session required pam_unix.so -password required pam_permit.so diff --git a/core/shadow/login.defs b/core/shadow/login.defs index 653e14e4f..2500ee447 100644 --- a/core/shadow/login.defs +++ b/core/shadow/login.defs @@ -187,27 +187,6 @@ DEFAULT_HOME yes #USERDEL_CMD /usr/sbin/userdel_local # -# When prompting for password without echo, getpass() can optionally -# display a random number (in the range 1 to GETPASS_ASTERISKS) of '*' -# characters for each character typed. This feature is designed to -# confuse people looking over your shoulder when you enter a password :-). -# Also, the new getpass() accepts both Backspace (8) and Delete (127) -# keys to delete previous character (to cope with different terminal -# types), Control-U to delete all characters, and beeps when there are -# no more characters to delete, or too many characters entered. -# -# Setting GETPASS_ASTERISKS to 1 results in more traditional behaviour - -# exactly one '*' displayed for each character typed. -# -# Setting GETPASS_ASTERISKS to 0 disables the '*' characters (Backspace, -# Delete, Control-U and beep continue to work as described above). -# -# Setting GETPASS_ASTERISKS to -1 reverts to the traditional getpass() -# without any new features. This is the default. -# -#GETPASS_ASTERISKS 1 - -# # Enable setting of the umask group bits to be the same as owner bits # (examples: 022 -> 002, 077 -> 007) for non-root users, if the uid is # the same as gid, and username is the same as the primary group name. diff --git a/core/shadow/shadow b/core/shadow/shadow deleted file mode 100644 index a7bf8a4a5..000000000 --- a/core/shadow/shadow +++ /dev/null @@ -1,6 +0,0 @@ -#%PAM-1.0 -auth sufficient pam_rootok.so -auth required pam_unix.so -account required pam_unix.so -session required pam_unix.so -password required pam_permit.so diff --git a/core/shadow/shadow-4.1.4.2-groupmod-pam-check.patch b/core/shadow/shadow-4.1.4.2-groupmod-pam-check.patch deleted file mode 100644 index f25c4e10f..000000000 --- a/core/shadow/shadow-4.1.4.2-groupmod-pam-check.patch +++ /dev/null @@ -1,21 +0,0 @@ -http://bugs.gentoo.org/300790 -http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/2009-November/007850.html - -2009-11-05 Nicolas François <nicolas.francois@centraliens.net> - - * NEWS, src/groupmod.c: Fixed groupmod when configured with - --enable-account-tools-setuid. - -diff --git a/src/groupmod.c b/src/groupmod.c -index 4205df2..da6d77f 100644 ---- a/src/groupmod.c -+++ b/src/groupmod.c -@@ -724,7 +724,7 @@ int main (int argc, char **argv) - { - struct passwd *pampw; - pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */ -- if (NULL == pamh) { -+ if (NULL == pampw) { - fprintf (stderr, - _("%s: Cannot determine your user name.\n"), - Prog); diff --git a/core/shadow/shadow-add-missing-include.patch b/core/shadow/shadow-add-missing-include.patch new file mode 100644 index 000000000..5c9e946ef --- /dev/null +++ b/core/shadow/shadow-add-missing-include.patch @@ -0,0 +1,11 @@ +diff -Naur shadow-4.1.4.2+svn3283/libmisc/copydir.c shadow-4.1.4.2+svn3283.new/libmisc/copydir.c +--- shadow-4.1.4.2+svn3283/libmisc/copydir.c 2010-09-05 11:35:26.000000000 -0400 ++++ shadow-4.1.4.2+svn3283.new/libmisc/copydir.c 2011-06-26 01:26:52.000000000 -0400 +@@ -34,6 +34,7 @@ + + #ident "$Id: copydir.c 3283 2010-09-05 15:34:42Z nekral-guest $" + ++#include <stdarg.h> + #include <assert.h> + #include <sys/stat.h> + #include <sys/types.h> diff --git a/core/shadow/shadow-strncpy-usage.patch b/core/shadow/shadow-strncpy-usage.patch new file mode 100644 index 000000000..46df74ace --- /dev/null +++ b/core/shadow/shadow-strncpy-usage.patch @@ -0,0 +1,27 @@ +diff -ur shadow-4.1.4.3.orig/src/login.c shadow-4.1.4.3/src/login.c +--- shadow-4.1.4.3.orig/src/login.c 2011-03-05 22:17:10.032524948 -0800 ++++ shadow-4.1.4.3/src/login.c 2011-03-05 22:17:59.154342059 -0800 +@@ -748,8 +748,9 @@ + sizeof (loginprompt), + _("%s login: "), hostn); + } else { ++ loginprompt[sizeof (loginprompt) - 1] = '\0'; + strncpy (loginprompt, _("login: "), +- sizeof (loginprompt)); ++ sizeof (loginprompt) - 1); + } + + retcode = pam_set_item (pamh, PAM_USER_PROMPT, loginprompt); +diff -ur shadow-4.1.4.3.orig/src/usermod.c shadow-4.1.4.3/src/usermod.c +--- shadow-4.1.4.3.orig/src/usermod.c 2011-03-05 22:17:10.029191265 -0800 ++++ shadow-4.1.4.3/src/usermod.c 2011-03-05 22:18:42.665576968 -0800 +@@ -182,7 +182,8 @@ + struct tm *tp; + + if ((negativ != NULL) && (date < 0)) { +- strncpy (buf, negativ, maxsize); ++ buf[maxsize - 1] = '\0'; ++ strncpy (buf, negativ, maxsize - 1); + } else { + time_t t = (time_t) date; + tp = gmtime (&t); diff --git a/core/shadow/shadow_CVE-2011-0721.patch b/core/shadow/shadow_CVE-2011-0721.patch new file mode 100644 index 000000000..eb9ad80a2 --- /dev/null +++ b/core/shadow/shadow_CVE-2011-0721.patch @@ -0,0 +1,57 @@ +Goal: Input sanitization for chfn and chsh + +Fixes: CVE-2011-0721 + +Status wrt upstream: Already applied upstream (4.1.4.3) + +--- a/src/chfn.c ++++ b/src/chfn.c +@@ -551,14 +551,14 @@ + static void check_fields (void) + { + int err; +- err = valid_field (fullnm, ":,="); ++ err = valid_field (fullnm, ":,=\n"); + if (err > 0) { + fprintf (stderr, _("%s: name with non-ASCII characters: '%s'\n"), Prog, fullnm); + } else if (err < 0) { + fprintf (stderr, _("%s: invalid name: '%s'\n"), Prog, fullnm); + fail_exit (E_NOPERM); + } +- err = valid_field (roomno, ":,="); ++ err = valid_field (roomno, ":,=\n"); + if (err > 0) { + fprintf (stderr, _("%s: room number with non-ASCII characters: '%s'\n"), Prog, roomno); + } else if (err < 0) { +@@ -566,17 +566,17 @@ + Prog, roomno); + fail_exit (E_NOPERM); + } +- if (valid_field (workph, ":,=") != 0) { ++ if (valid_field (workph, ":,=\n") != 0) { + fprintf (stderr, _("%s: invalid work phone: '%s'\n"), + Prog, workph); + fail_exit (E_NOPERM); + } +- if (valid_field (homeph, ":,=") != 0) { ++ if (valid_field (homeph, ":,=\n") != 0) { + fprintf (stderr, _("%s: invalid home phone: '%s'\n"), + Prog, homeph); + fail_exit (E_NOPERM); + } +- err = valid_field (slop, ":"); ++ err = valid_field (slop, ":\n"); + if (err > 0) { + fprintf (stderr, _("%s: '%s' contains non-ASCII characters\n"), Prog, slop); + } else if (err < 0) { +--- a/src/chsh. ++++ b/src/chsh.c +@@ -528,7 +528,7 @@ + * users are restricted to using the shells in /etc/shells. + * The shell must be executable by the user. + */ +- if (valid_field (loginsh, ":,=") != 0) { ++ if (valid_field (loginsh, ":,=\n") != 0) { + fprintf (stderr, _("%s: Invalid entry: %s\n"), Prog, loginsh); + fail_exit (1); + } diff --git a/core/syslog-ng/PKGBUILD b/core/syslog-ng/PKGBUILD index 164496502..9f2c2281f 100644 --- a/core/syslog-ng/PKGBUILD +++ b/core/syslog-ng/PKGBUILD @@ -1,10 +1,11 @@ -# $Id: PKGBUILD 123085 2011-05-08 03:28:44Z eric $ +# $Id: PKGBUILD 129498 2011-06-28 13:40:42Z dreisner $ +# Maintainer: Dave Reisner <dreisner@archlinux.org> # Maintainer: Eric Bélanger <eric@archlinux.org> # Maintainer: Aaron Griffin <aaron@archlinux.org> pkgname=syslog-ng pkgver=3.2.4 -pkgrel=1 +pkgrel=2 pkgdesc="Next-generation syslogd with advanced networking and filtering capabilities" arch=('i686' 'x86_64' 'mips64el') license=('GPL2') @@ -17,14 +18,17 @@ provides=('logger') options=('!libtool') backup=('etc/syslog-ng/modules.conf' 'etc/syslog-ng/scl.conf' \ 'etc/syslog-ng/syslog-ng.conf' 'etc/logrotate.d/syslog-ng') -source=(http://www.balabit.com/downloads/files/syslog-ng/sources/${pkgver}/source/${pkgname}_${pkgver}.tar.gz \ +source=(http://www.balabit.com/downloads/files/syslog-ng/sources/${pkgver}/source/${pkgname}_${pkgver}.tar.gz + non-blocking-systemd-fds.patch syslog-ng.conf syslog-ng.logrotate syslog-ng.rc cap_syslog.patch) md5sums=('5995f7dad0053a478b60a63f6f754203' + '25e43afe51eb2223c25168e3c3e7aaf6' '344dddfff946300f5576b13a7e8ea19f' '735636090be4582885974542d2a75855' '8b4441343d859c2f01c2cf799a7e6f98' '46e5dcff71f820d497898331a3f608fe') sha1sums=('ff732f7223bd2bd0424d4b9028b523cf62133af1' + '73b83deae9a8b945dfb13adf331e6bf6f119b83e' 'b9eb8c61f7cccda543fc5c97fe1d40a8d15e713f' 'ac997b25d7d8e69e66782d3771a0e12aff55ae7f' '4481819762fd1b6f25903016a8878e63c0058fcb' @@ -32,13 +36,21 @@ sha1sums=('ff732f7223bd2bd0424d4b9028b523cf62133af1' build() { cd "${srcdir}/${pkgname}-${pkgver}" -# fix #22555 for kernels >=2.6.38 - patch -p1 -i ../cap_syslog.patch + + # fix #22555 for kernels >=2.6.38 + patch -p1 -i ../cap_syslog.patch + + # fix systemd blocking FD bug + # https://bugzilla.balabit.com/show_bug.cgi?id=125 + patch -Np1 < "$srcdir/non-blocking-systemd-fds.patch" + ./configure --prefix=/usr --sysconfdir=/etc/syslog-ng \ --libexecdir=/usr/lib --localstatedir=/var/lib/syslog-ng \ --enable-tcp-wrapper \ --with-pidfile-dir=/var/run \ - --disable-spoof-source + --disable-spoof-source \ + --enable-systemd + make } @@ -49,4 +61,5 @@ package() { install -Dm644 "${srcdir}/syslog-ng.conf" "${pkgdir}/etc/syslog-ng/syslog-ng.conf" install -Dm644 "${srcdir}/syslog-ng.logrotate" "${pkgdir}/etc/logrotate.d/syslog-ng" install -Dm755 "${srcdir}/syslog-ng.rc" "${pkgdir}/etc/rc.d/syslog-ng" + install -Dm644 "doc/examples/syslog-ng.service" "$pkgdir/lib/systemd/system/syslog-ng.service" } diff --git a/core/syslog-ng/non-blocking-systemd-fds.patch b/core/syslog-ng/non-blocking-systemd-fds.patch new file mode 100644 index 000000000..bd056088b --- /dev/null +++ b/core/syslog-ng/non-blocking-systemd-fds.patch @@ -0,0 +1,32 @@ +From 2f214c4f87d944aa28d53e331a67b1fd88d9840f Mon Sep 17 00:00:00 2001 +From: Balazs Scheidler <bazsi@balabit.hu> +Date: Wed, 22 Jun 2011 12:50:53 +0200 +Subject: [PATCH] systemd: make sure the acquired fd is in non-blocking mode + +The fd acquired from systemd is in blocking mode, and syslog-ng +didn't explicitly set it to non-blocking, causing syslog-ng +to stall. This patch changes that, explicitly enables +O_NONBLOCK and O_CLOEXEC on systemd acquired fds. + +Reported-By: Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> +Signed-off-by: Balazs Scheidler <bazsi@balabit.hu> +--- + modules/afsocket/afunix.c | 2 ++ + 1 files changed, 2 insertions(+), 0 deletions(-) + +diff --git a/modules/afsocket/afunix.c b/modules/afsocket/afunix.c +index cd9c205..9a4e37b 100644 +--- a/modules/afsocket/afunix.c ++++ b/modules/afsocket/afunix.c +@@ -108,6 +108,8 @@ afunix_sd_acquire_socket(AFSocketSourceDriver *s, gint *result_fd) + + if (*result_fd != -1) + { ++ g_fd_set_nonblock(*result_fd, TRUE); ++ g_fd_set_cloexec(*result_fd, TRUE); + msg_verbose("Acquired systemd socket", + evt_tag_str("filename", self->filename), + evt_tag_int("systemd-sock-fd", *result_fd), +-- +1.7.5.4 + diff --git a/core/tar/PKGBUILD b/core/tar/PKGBUILD index 82f55b52f..5bc4add28 100644 --- a/core/tar/PKGBUILD +++ b/core/tar/PKGBUILD @@ -1,4 +1,4 @@ -# $Id: PKGBUILD 114404 2011-03-13 10:37:30Z allan $ +# $Id: PKGBUILD 129859 2011-06-29 04:33:10Z allan $ # Maintainer: Allan McRae <allan@archlinux.org> # Contributor: Andreas Radke <andyrtr@archlinux.org> @@ -23,6 +23,10 @@ build() { ./configure --prefix=/usr --libexecdir=/usr/lib/tar --bindir=/bin make +} + +check() { + cd ${srcdir}/$pkgname-$pkgver make check } |