15 files changed, 250 insertions, 64 deletions

diff --git a/core/bash/PKGBUILD b/core/bash/PKGBUILD
index c8d6c0c36..6979842b3 100644
--- a/core/bash/PKGBUILD
+++ b/core/bash/PKGBUILD
@@ -1,4 +1,4 @@
-# $Id: PKGBUILD 123077 2011-05-08 02:14:26Z allan $
+# $Id: PKGBUILD 129828 2011-06-29 04:14:18Z allan $
 # Maintainer: Aaron Griffin <aaron@archlinux.org>
 # Maintainer: Allan McRae <allan@archlinux.org>
 
@@ -46,6 +46,10 @@ build() {
     --without-bash-malloc --with-installed-readline \
     --bindir=/bin --mandir=/usr/share/man --infodir=/usr/share/info
   make
+}
+
+check() {
+  cd ${srcdir}/${pkgname}-$_basever
   make check
 }
 
diff --git a/core/flex/PKGBUILD b/core/flex/PKGBUILD
index 039b11897..87ece915f 100644
--- a/core/flex/PKGBUILD
+++ b/core/flex/PKGBUILD
@@ -1,4 +1,4 @@
-# $Id: PKGBUILD 91170 2010-09-23 14:30:47Z allan $
+# $Id: PKGBUILD 129833 2011-06-29 04:16:41Z allan $
 # Maintainer: Allan McRae <allan@archlinux.org>
 # Contributor: judd <jvinet@zeroflux.org>
 
@@ -36,6 +36,10 @@ build() {
   ./configure --prefix=/usr \
     --mandir=/usr/share/man --infodir=/usr/share/info
   make
+}
+
+check() {
+  cd $srcdir/$pkgname-$pkgver
   make check
 }
 
diff --git a/core/libmpc/PKGBUILD b/core/libmpc/PKGBUILD
index f06279f85..58dc50c42 100644
--- a/core/libmpc/PKGBUILD
+++ b/core/libmpc/PKGBUILD
@@ -1,4 +1,4 @@
-# $Id: PKGBUILD 111157 2011-02-24 12:31:09Z allan $
+# $Id: PKGBUILD 129838 2011-06-29 04:23:14Z allan $
 # Maintainer: Allan McRae <allan@archlinux.org>
 
 pkgname=libmpc
@@ -25,6 +25,10 @@ build() {
   
   ./configure --prefix=/usr
   make
+}
+
+check() {
+  cd "${srcdir}/mpc-${pkgver}"
   make check
 }
 
diff --git a/core/m4/PKGBUILD b/core/m4/PKGBUILD
index aec43611b..9d8647bff 100644
--- a/core/m4/PKGBUILD
+++ b/core/m4/PKGBUILD
@@ -1,4 +1,4 @@
-# $Id: PKGBUILD 111924 2011-03-02 03:59:52Z allan $
+# $Id: PKGBUILD 129843 2011-06-29 04:25:22Z allan $
 # Maintainer: Allan McRae <allan@archlinux.org>
 # Contributor: Andreas Radke <andyrtr@archlinux.org>
 
@@ -19,6 +19,10 @@ build() {
   cd ${srcdir}/$pkgname-$pkgver
   ./configure --prefix=/usr
   make
+}
+
+check() {
+  cd ${srcdir}/$pkgname-$pkgver
   make check
 }
 
diff --git a/core/make/PKGBUILD b/core/make/PKGBUILD
index bba3253fc..2db407582 100644
--- a/core/make/PKGBUILD
+++ b/core/make/PKGBUILD
@@ -1,4 +1,4 @@
-# $Id: PKGBUILD 110342 2011-02-18 22:21:30Z allan $
+# $Id: PKGBUILD 129849 2011-06-29 04:28:30Z allan $
 # Maintainer: Allan McRae <allan@archlinux.org>
 # Contributor: judd <jvinet@zeroflux.org>
 
@@ -36,6 +36,10 @@ build() {
   
   ./configure --prefix=/usr
   make
+}
+
+check() {
+  cd ${srcdir}/${pkgname}-${pkgver}
   make check
 }
 
diff --git a/core/ppl/PKGBUILD b/core/ppl/PKGBUILD
index 230b48de4..ba8477680 100644
--- a/core/ppl/PKGBUILD
+++ b/core/ppl/PKGBUILD
@@ -1,4 +1,4 @@
-# $Id: PKGBUILD 111674 2011-02-28 10:47:00Z allan $
+# $Id: PKGBUILD 129854 2011-06-29 04:31:09Z allan $
 # Maintainer: Allan McRae <allan@archlinux.org>
 # Contributor: ezzetabi <ezzetabi at gawab dot com>
 
@@ -18,6 +18,10 @@ build() {
   cd $srcdir/ppl-$pkgver
   ./configure --prefix=/usr --enable-interfaces="c,cxx"
   make
+}
+
+check() {
+  cd $srcdir/ppl-$pkgver
   make check
 }
 
diff --git a/core/shadow/LICENSE b/core/shadow/LICENSE
new file mode 100644
index 000000000..c5ab15a56
--- /dev/null
+++ b/core/shadow/LICENSE
@@ -0,0 +1,31 @@
+/*
+ * Copyright (c) 1990 - 1994, Julianne Frances Haugh
+ * Copyright (c) 1996 - 2000, Marek Michałkiewicz
+ * Copyright (c) 2001 - 2006, Tomasz Kłoczko
+ * Copyright (c) 2007 - 2009, Nicolas François
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the copyright holders or contributors may not be used to
+ *    endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
diff --git a/core/shadow/PKGBUILD b/core/shadow/PKGBUILD
index 738acfdf9..b3a130166 100644
--- a/core/shadow/PKGBUILD
+++ b/core/shadow/PKGBUILD
@@ -1,15 +1,15 @@
-# $Id: PKGBUILD 111984 2011-03-02 21:59:18Z eric $
+# $Id: PKGBUILD 129320 2011-06-26 16:36:48Z eric $
 # Maintainer: Aaron Griffin <aaron@archlinux.org>
 
 pkgname=shadow
 pkgver=4.1.4.3
-pkgrel=1
-pkgdesc="Shadow password file utilities"
+pkgrel=2
+pkgdesc="Password and account management tool suite with support for shadow files and PAM"
 arch=('i686' 'x86_64')
 url='http://pkg-shadow.alioth.debian.org/'
-license=('custom')
+license=('BSD')
 groups=('base')
-depends=('bash' 'pam')
+depends=('bash' 'pam' 'acl')
 backup=(etc/login.defs
         etc/pam.d/{chage,login,passwd,shadow,useradd,usermod,userdel}
         etc/pam.d/{chpasswd,newusers,groupadd,groupdel,groupmod}
@@ -17,26 +17,32 @@ backup=(etc/login.defs
         etc/default/useradd)
 options=('!libtool')
 install=shadow.install
-source=(ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-$pkgver.tar.bz2
-        useradd.defaults login passwd chgpasswd chpasswd newusers defaults.pam
-	login.defs adduser shadow.cron.daily xstrdup.patch shadow-4.1.4.2-groupmod-pam-check.patch)
-md5sums=('b8608d8294ac88974f27b20f991c0e79' 'beb64d09256ea46a4d96a783f096447f'\
-         'bf137fac19884d71dc55c24b6d08e16c' 'b84204ab731bd02dca49d0637d44ebec'\
-         '65e9ebce249a5b9ed021e2790452b9e1' '453a98456b297d2a69ca7e9b5f40d10b'\
-         '453a98456b297d2a69ca7e9b5f40d10b' 'a31374fef2cba0ca34dfc7078e2969e4'\
-         'fad9a7116366f7775b1099290be840da' '6ce67e423ee19c87ae64f661310b2408'\
-         '1d64b4113e1d402746d9dd65f28a2c6f' '0eebe9d13065bec4b5d7ccf3bf46c509'\
-         '7b747f7dca38b0b6e8ee56434378baae')
-sha1sums=('ad9b85b5531ce8e68f4695efc4ac53ba7266269e' '9ae93de5987dd0ae428f0cc1a5a5a5cd53583f19'\
-         '0b2d98a0ee3bfde8551ade48d4d35cc20ec702a1' '6f183bc7709b0a8d20ad17481a4ad025cf6e5056'\
-         '4ad0e059406a305c8640ed30d93c2a1f62c2f4ad' 'd66096ed9477bd7242e8d2cc28eaa23170269788'\
-         'd66096ed9477bd7242e8d2cc28eaa23170269788' '0e56fed7fc93572c6bf0d8f3b099166558bb46f1'\
-         'fceb6defbf959f9bee5598e89378a49297968d1a' '78ec184a499f9708adcfcf0b7a3b22a60bf39f91'\
-         '5d83ba7e11c765c951867cbe00b0ae7ff57148fa' '6010fffeed1fc6673ad9875492e1193b1a847b53'\
-         '5823f38c0085b27e7e4327ab17ecc13563a43650')
+#http://pkg-shadow.alioth.debian.org/releases/shadow-$pkgver.tar.bz2
+# shadow 4.1.4.3 is just shadow 4.1.4.2 with shadow_CVE-2011-0721.patch applied
+source=(ftp://ftp.archlinux.org/other/shadow/shadow_4.1.4.2+svn3283.orig.tar.gz
+        adduser chgpasswd chpasswd defaults.pam login login.defs newusers
+        passwd shadow.cron.daily useradd.defaults LICENSE
+        xstrdup.patch shadow_CVE-2011-0721.patch shadow-strncpy-usage.patch
+        shadow-add-missing-include.patch)
+sha1sums=('8b704b8f07718e329205f23d457c3121c0f3679e'
+          '78ec184a499f9708adcfcf0b7a3b22a60bf39f91'
+          '4ad0e059406a305c8640ed30d93c2a1f62c2f4ad'
+          'd66096ed9477bd7242e8d2cc28eaa23170269788'
+          '0e56fed7fc93572c6bf0d8f3b099166558bb46f1'
+          '0b2d98a0ee3bfde8551ade48d4d35cc20ec702a1'
+          'e5cab2118ecb1e61874cde842d7d04d1003f35cb'
+          'd66096ed9477bd7242e8d2cc28eaa23170269788'
+          '6f183bc7709b0a8d20ad17481a4ad025cf6e5056'
+          '5d83ba7e11c765c951867cbe00b0ae7ff57148fa'
+          '9ae93de5987dd0ae428f0cc1a5a5a5cd53583f19'
+          '33a6cf1e44a1410e5c9726c89e5de68b78f5f922'
+          '6010fffeed1fc6673ad9875492e1193b1a847b53'
+          '6bfe6528391eb38d338beacedd620407877b637d'
+          '9db9e62ad173f31e1039121c0124cf60826ffd7e'
+          '0697a21f7519de30821da7772677035652df4ad2')
 
 build() {
-  cd "$srcdir/$pkgname-$pkgver"
+  cd "$srcdir/$pkgname-4.1.4.2+svn3283"
 
   #Ugh, force this to build shared libraries, for god's sake
   sed -i "s/noinst_LTLIBRARIES/lib_LTLIBRARIES/g" lib/Makefile.am
@@ -44,8 +50,10 @@ build() {
   autoreconf
   export LDFLAGS="$LDFLAGS -lcrypt"
 
-  patch -Np1 -i "$srcdir/xstrdup.patch"
-  patch -Np1 -i "$srcdir/shadow-4.1.4.2-groupmod-pam-check.patch"
+  patch -p1 -i "$srcdir/xstrdup.patch"
+  patch -p1 -i "$srcdir/shadow_CVE-2011-0721.patch"
+  patch -p1 -i "$srcdir/shadow-strncpy-usage.patch"
+  patch -p1 -i "$srcdir/shadow-add-missing-include.patch"
 
   # supress etc/pam.d/*, we provide our own
   sed -i '/^SUBDIRS/s/pam.d//' etc/Makefile.in
@@ -59,11 +67,11 @@ build() {
 }
 
 package() {
-  cd "$srcdir/$pkgname-$pkgver"
+  cd "$srcdir/$pkgname-4.1.4.2+svn3283"
   make DESTDIR="$pkgdir" install
 
   # license
-  install -Dm644 COPYING "$pkgdir/usr/share/licenses/shadow/COPYING"
+  install -Dm644 "$srcdir/LICENSE" "$pkgdir/usr/share/licenses/shadow/LICENSE"
 
   # interactive useradd
   install -Dm755 "$srcdir/adduser" "$pkgdir/usr/sbin/adduser"
@@ -77,7 +85,7 @@ package() {
   # login.defs
   install -Dm644 "$srcdir/login.defs" "$pkgdir/etc/login.defs"
 
-  # PAM config - cutsom
+  # PAM config - custom
   install -Dm644 "$srcdir/login" "$pkgdir/etc/pam.d/login"
   install -Dm644 "$srcdir/passwd" "$pkgdir/etc/pam.d/passwd"
   install -Dm644 "$srcdir/chgpasswd" "$pkgdir/etc/pam.d/chgpasswd"
@@ -93,6 +101,6 @@ package() {
   done
 
   # Remove su - using su from coreutils instead
-  rm -v "$pkgdir/bin/su"
-  find "$pkgdir/usr/share/man" -name 'su.1' -exec rm -v {} \;
+  rm "$pkgdir/bin/su"
+  find "$pkgdir/usr/share/man" -name 'su.1' -delete
 }
diff --git a/core/shadow/login.defs b/core/shadow/login.defs
index 653e14e4f..2500ee447 100644
--- a/core/shadow/login.defs
+++ b/core/shadow/login.defs
@@ -187,27 +187,6 @@ DEFAULT_HOME	yes
 #USERDEL_CMD	/usr/sbin/userdel_local
 
 #
-# When prompting for password without echo, getpass() can optionally
-# display a random number (in the range 1 to GETPASS_ASTERISKS) of '*'
-# characters for each character typed.  This feature is designed to
-# confuse people looking over your shoulder when you enter a password :-).
-# Also, the new getpass() accepts both Backspace (8) and Delete (127)
-# keys to delete previous character (to cope with different terminal
-# types), Control-U to delete all characters, and beeps when there are
-# no more characters to delete, or too many characters entered.
-#
-# Setting GETPASS_ASTERISKS to 1 results in more traditional behaviour -
-# exactly one '*' displayed for each character typed.
-#
-# Setting GETPASS_ASTERISKS to 0 disables the '*' characters (Backspace,
-# Delete, Control-U and beep continue to work as described above).
-#
-# Setting GETPASS_ASTERISKS to -1 reverts to the traditional getpass()
-# without any new features.  This is the default.
-#
-#GETPASS_ASTERISKS 1
-
-#
 # Enable setting of the umask group bits to be the same as owner bits
 # (examples: 022 -> 002, 077 -> 007) for non-root users, if the uid is
 # the same as gid, and username is the same as the primary group name.
diff --git a/core/shadow/shadow-add-missing-include.patch b/core/shadow/shadow-add-missing-include.patch
new file mode 100644
index 000000000..5c9e946ef
--- /dev/null
+++ b/core/shadow/shadow-add-missing-include.patch
@@ -0,0 +1,11 @@
+diff -Naur shadow-4.1.4.2+svn3283/libmisc/copydir.c shadow-4.1.4.2+svn3283.new/libmisc/copydir.c
+--- shadow-4.1.4.2+svn3283/libmisc/copydir.c	2010-09-05 11:35:26.000000000 -0400
++++ shadow-4.1.4.2+svn3283.new/libmisc/copydir.c	2011-06-26 01:26:52.000000000 -0400
+@@ -34,6 +34,7 @@
+ 
+ #ident "$Id: copydir.c 3283 2010-09-05 15:34:42Z nekral-guest $"
+ 
++#include <stdarg.h>
+ #include <assert.h>
+ #include <sys/stat.h>
+ #include <sys/types.h>
diff --git a/core/shadow/shadow-strncpy-usage.patch b/core/shadow/shadow-strncpy-usage.patch
new file mode 100644
index 000000000..46df74ace
--- /dev/null
+++ b/core/shadow/shadow-strncpy-usage.patch
@@ -0,0 +1,27 @@
+diff -ur shadow-4.1.4.3.orig/src/login.c shadow-4.1.4.3/src/login.c
+--- shadow-4.1.4.3.orig/src/login.c	2011-03-05 22:17:10.032524948 -0800
++++ shadow-4.1.4.3/src/login.c	2011-03-05 22:17:59.154342059 -0800
+@@ -748,8 +748,9 @@
+ 			          sizeof (loginprompt),
+ 			          _("%s login: "), hostn);
+ 		} else {
++		        loginprompt[sizeof (loginprompt) - 1] = '\0';
+ 			strncpy (loginprompt, _("login: "),
+-			         sizeof (loginprompt));
++			         sizeof (loginprompt) - 1);
+ 		}
+ 
+ 		retcode = pam_set_item (pamh, PAM_USER_PROMPT, loginprompt);
+diff -ur shadow-4.1.4.3.orig/src/usermod.c shadow-4.1.4.3/src/usermod.c
+--- shadow-4.1.4.3.orig/src/usermod.c	2011-03-05 22:17:10.029191265 -0800
++++ shadow-4.1.4.3/src/usermod.c	2011-03-05 22:18:42.665576968 -0800
+@@ -182,7 +182,8 @@
+ 	struct tm *tp;
+ 
+ 	if ((negativ != NULL) && (date < 0)) {
+-		strncpy (buf, negativ, maxsize);
++	        buf[maxsize - 1] = '\0';
++		strncpy (buf, negativ, maxsize - 1);
+ 	} else {
+ 		time_t t = (time_t) date;
+ 		tp = gmtime (&t);
diff --git a/core/shadow/shadow_CVE-2011-0721.patch b/core/shadow/shadow_CVE-2011-0721.patch
new file mode 100644
index 000000000..eb9ad80a2
--- /dev/null
+++ b/core/shadow/shadow_CVE-2011-0721.patch
@@ -0,0 +1,57 @@
+Goal: Input sanitization for chfn and chsh
+
+Fixes: CVE-2011-0721
+
+Status wrt upstream: Already applied upstream (4.1.4.3)
+
+--- a/src/chfn.c
++++ b/src/chfn.c
+@@ -551,14 +551,14 @@
+ static void check_fields (void)
+ {
+ 	int err;
+-	err = valid_field (fullnm, ":,=");
++	err = valid_field (fullnm, ":,=\n");
+ 	if (err > 0) {
+ 		fprintf (stderr, _("%s: name with non-ASCII characters: '%s'\n"), Prog, fullnm);
+ 	} else if (err < 0) {
+ 		fprintf (stderr, _("%s: invalid name: '%s'\n"), Prog, fullnm);
+ 		fail_exit (E_NOPERM);
+ 	}
+-	err = valid_field (roomno, ":,=");
++	err = valid_field (roomno, ":,=\n");
+ 	if (err > 0) {
+ 		fprintf (stderr, _("%s: room number with non-ASCII characters: '%s'\n"), Prog, roomno);
+ 	} else if (err < 0) {
+@@ -566,17 +566,17 @@
+ 		         Prog, roomno);
+ 		fail_exit (E_NOPERM);
+ 	}
+-	if (valid_field (workph, ":,=") != 0) {
++	if (valid_field (workph, ":,=\n") != 0) {
+ 		fprintf (stderr, _("%s: invalid work phone: '%s'\n"),
+ 		         Prog, workph);
+ 		fail_exit (E_NOPERM);
+ 	}
+-	if (valid_field (homeph, ":,=") != 0) {
++	if (valid_field (homeph, ":,=\n") != 0) {
+ 		fprintf (stderr, _("%s: invalid home phone: '%s'\n"),
+ 		         Prog, homeph);
+ 		fail_exit (E_NOPERM);
+ 	}
+-	err = valid_field (slop, ":");
++	err = valid_field (slop, ":\n");
+ 	if (err > 0) {
+ 		fprintf (stderr, _("%s: '%s' contains non-ASCII characters\n"), Prog, slop);
+ 	} else if (err < 0) {
+--- a/src/chsh.
++++ b/src/chsh.c
+@@ -528,7 +528,7 @@
+ 	 * users are restricted to using the shells in /etc/shells.
+ 	 * The shell must be executable by the user.
+ 	 */
+-	if (valid_field (loginsh, ":,=") != 0) {
++	if (valid_field (loginsh, ":,=\n") != 0) {
+ 		fprintf (stderr, _("%s: Invalid entry: %s\n"), Prog, loginsh);
+ 		fail_exit (1);
+ 	}
diff --git a/core/syslog-ng/PKGBUILD b/core/syslog-ng/PKGBUILD
index 3a25d87e4..c54007652 100644
--- a/core/syslog-ng/PKGBUILD
+++ b/core/syslog-ng/PKGBUILD
@@ -1,10 +1,11 @@
-# $Id: PKGBUILD 123085 2011-05-08 03:28:44Z eric $
+# $Id: PKGBUILD 129498 2011-06-28 13:40:42Z dreisner $
+# Maintainer: Dave Reisner <dreisner@archlinux.org>
 # Maintainer: Eric Bélanger <eric@archlinux.org>
 # Maintainer: Aaron Griffin <aaron@archlinux.org>
 
 pkgname=syslog-ng
 pkgver=3.2.4
-pkgrel=1
+pkgrel=2
 pkgdesc="Next-generation syslogd with advanced networking and filtering capabilities"
 arch=('i686' 'x86_64')
 license=('GPL2')
@@ -17,14 +18,17 @@ provides=('logger')
 options=('!libtool')
 backup=('etc/syslog-ng/modules.conf' 'etc/syslog-ng/scl.conf' \
         'etc/syslog-ng/syslog-ng.conf' 'etc/logrotate.d/syslog-ng')
-source=(http://www.balabit.com/downloads/files/syslog-ng/sources/${pkgver}/source/${pkgname}_${pkgver}.tar.gz \
+source=(http://www.balabit.com/downloads/files/syslog-ng/sources/${pkgver}/source/${pkgname}_${pkgver}.tar.gz
+        non-blocking-systemd-fds.patch
         syslog-ng.conf syslog-ng.logrotate syslog-ng.rc cap_syslog.patch)
 md5sums=('5995f7dad0053a478b60a63f6f754203'
+         '25e43afe51eb2223c25168e3c3e7aaf6'
          '344dddfff946300f5576b13a7e8ea19f'
          '735636090be4582885974542d2a75855'
          '8b4441343d859c2f01c2cf799a7e6f98'
          '46e5dcff71f820d497898331a3f608fe')
 sha1sums=('ff732f7223bd2bd0424d4b9028b523cf62133af1'
+          '73b83deae9a8b945dfb13adf331e6bf6f119b83e'
           'b9eb8c61f7cccda543fc5c97fe1d40a8d15e713f'
           'ac997b25d7d8e69e66782d3771a0e12aff55ae7f'
           '4481819762fd1b6f25903016a8878e63c0058fcb'
@@ -32,13 +36,21 @@ sha1sums=('ff732f7223bd2bd0424d4b9028b523cf62133af1'
 
 build() {
   cd "${srcdir}/${pkgname}-${pkgver}"
-# fix #22555 for kernels >=2.6.38
-  patch -p1 -i ../cap_syslog.patch 
+
+  # fix #22555 for kernels >=2.6.38
+  patch -p1 -i ../cap_syslog.patch
+
+  # fix systemd blocking FD bug
+  # https://bugzilla.balabit.com/show_bug.cgi?id=125
+  patch -Np1 < "$srcdir/non-blocking-systemd-fds.patch"
+
   ./configure --prefix=/usr --sysconfdir=/etc/syslog-ng \
     --libexecdir=/usr/lib --localstatedir=/var/lib/syslog-ng \
     --enable-tcp-wrapper \
     --with-pidfile-dir=/var/run \
-    --disable-spoof-source
+    --disable-spoof-source \
+    --enable-systemd
+
   make
 }
 
@@ -49,4 +61,5 @@ package() {
   install -Dm644 "${srcdir}/syslog-ng.conf" "${pkgdir}/etc/syslog-ng/syslog-ng.conf"
   install -Dm644 "${srcdir}/syslog-ng.logrotate" "${pkgdir}/etc/logrotate.d/syslog-ng"
   install -Dm755 "${srcdir}/syslog-ng.rc" "${pkgdir}/etc/rc.d/syslog-ng"
+  install -Dm644 "doc/examples/syslog-ng.service" "$pkgdir/lib/systemd/system/syslog-ng.service"
 }
diff --git a/core/syslog-ng/non-blocking-systemd-fds.patch b/core/syslog-ng/non-blocking-systemd-fds.patch
new file mode 100644
index 000000000..bd056088b
--- /dev/null
+++ b/core/syslog-ng/non-blocking-systemd-fds.patch
@@ -0,0 +1,32 @@
+From 2f214c4f87d944aa28d53e331a67b1fd88d9840f Mon Sep 17 00:00:00 2001
+From: Balazs Scheidler <bazsi@balabit.hu>
+Date: Wed, 22 Jun 2011 12:50:53 +0200
+Subject: [PATCH] systemd: make sure the acquired fd is in non-blocking mode
+
+The fd acquired from systemd is in blocking mode, and syslog-ng
+didn't explicitly set it to non-blocking, causing syslog-ng
+to stall. This patch changes that, explicitly enables
+O_NONBLOCK and O_CLOEXEC on systemd acquired fds.
+
+Reported-By: Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de>
+Signed-off-by: Balazs Scheidler <bazsi@balabit.hu>
+---
+ modules/afsocket/afunix.c |    2 ++
+ 1 files changed, 2 insertions(+), 0 deletions(-)
+
+diff --git a/modules/afsocket/afunix.c b/modules/afsocket/afunix.c
+index cd9c205..9a4e37b 100644
+--- a/modules/afsocket/afunix.c
++++ b/modules/afsocket/afunix.c
+@@ -108,6 +108,8 @@ afunix_sd_acquire_socket(AFSocketSourceDriver *s, gint *result_fd)
+ 
+   if (*result_fd != -1)
+     {
++      g_fd_set_nonblock(*result_fd, TRUE);
++      g_fd_set_cloexec(*result_fd, TRUE);
+       msg_verbose("Acquired systemd socket",
+ 		  evt_tag_str("filename", self->filename),
+ 		  evt_tag_int("systemd-sock-fd", *result_fd),
+-- 
+1.7.5.4
+
diff --git a/core/tar/PKGBUILD b/core/tar/PKGBUILD
index de8610670..1ddcafe09 100644
--- a/core/tar/PKGBUILD
+++ b/core/tar/PKGBUILD
@@ -1,4 +1,4 @@
-# $Id: PKGBUILD 114404 2011-03-13 10:37:30Z allan $
+# $Id: PKGBUILD 129859 2011-06-29 04:33:10Z allan $
 # Maintainer: Allan McRae <allan@archlinux.org>
 # Contributor: Andreas Radke <andyrtr@archlinux.org>
 
@@ -23,6 +23,10 @@ build() {
 
   ./configure --prefix=/usr --libexecdir=/usr/lib/tar --bindir=/bin
   make
+}
+
+check() {
+  cd ${srcdir}/$pkgname-$pkgver
   make check
 }