Fix for CVE-2011-2910. see Bug #379293

Package-Manager: portage-2.1.10.11/cvs/Linux x86_64
author: Thomas Beierlein <tomjbe@gentoo.org> 2011-08-30 16:59:58 +0000
committer: Thomas Beierlein <tomjbe@gentoo.org> 2011-08-30 16:59:58 +0000
commit: 976bcddc5c5ed05601021e0ab02bff0ac746f6da (patch)
tree: 3d5f4777ad54cd2b4bcea9cd2d73d60583d32b90 /media-radio/ax25-tools
parent: [bump] dev-perl/XML-LibXML-1.870.0 (diff)
download: historical-976bcddc5c5ed05601021e0ab02bff0ac746f6da.tar.gz
historical-976bcddc5c5ed05601021e0ab02bff0ac746f6da.tar.bz2
historical-976bcddc5c5ed05601021e0ab02bff0ac746f6da.zip
5 files changed, 142 insertions, 4 deletions
diff --git a/media-radio/ax25-tools/ChangeLog b/media-radio/ax25-tools/ChangeLog
index a885f33ae857..b9739dc48652 100644
--- a/media-radio/ax25-tools/ChangeLog
+++ b/media-radio/ax25-tools/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for media-radio/ax25-tools
 # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/media-radio/ax25-tools/ChangeLog,v 1.9 2011/01/08 18:18:37 tomjbe Exp $
+# $Header: /var/cvsroot/gentoo-x86/media-radio/ax25-tools/ChangeLog,v 1.10 2011/08/30 16:59:58 tomjbe Exp $
+
+*ax25-tools-0.0.10_rc2-r1 (30 Aug 2011)
+
+  30 Aug 2011; Thomas Beierlein <tomjbe@gentoo.org>
+  +ax25-tools-0.0.10_rc2-r1.ebuild,
+  +files/ax25-tools-0.0.10_rc2-cve-2011-2910.patch, metadata.xml:
+  Fix for CVE-2011-2910. see Bug #379293
 
   08 Jan 2011; Thomas Beierlein <tomjbe@gentoo.org> metadata.xml:
   Fix typo in metadata.xml
diff --git a/media-radio/ax25-tools/Manifest b/media-radio/ax25-tools/Manifest
index 1d4dfd9cbc85..96cdb965ed23 100644
--- a/media-radio/ax25-tools/Manifest
+++ b/media-radio/ax25-tools/Manifest
@@ -1,3 +1,7 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+AUX ax25-tools-0.0.10_rc2-cve-2011-2910.patch 2244 RMD160 059d178ab078ca3f29c6416875386ceee977d917 SHA1 6dd4f2ee3284ffca97900faf379d5aa9a1d9d563 SHA256 234f3afbffb3ae6e684fa285a76867878f622c77d495da51df15add6e51f1a7a
 AUX ax25-tools-0.0.10_rc2-parallel-make.patch 1060 RMD160 a237f109b9469605b1ebdc97f37573c3be2c130f SHA1 cb3a937b709b0722c00d6209488acf9c7b464f17 SHA256 71d648a3af02b7da0aaf5cb030bbfba81365eda615b37a590649138355c455fd
 AUX ax25d.rc 482 RMD160 dd74fe17fbf74ac661dae36d0e968be9dade1e68 SHA1 92e140c82f9c3b69c7844aec63647f458cb67c68 SHA256 a2f32c9070c68607a664cad44a54acd13e885758807805c4c71c8bfd27a473fd
 AUX mheardd.rc 492 RMD160 cacfbd7f70b7f2559cefd3cd0cbf5e8973b81223 SHA1 f086a4910f57f74b0441d677c157160543db04ba SHA256 fb470bb033a3064b801a7345db59df669a89c87f224e420484205d879df6ac5c
@@ -6,6 +10,14 @@ AUX rip98d.rc 487 RMD160 45aa9275e4cc207a20675ab43639a3196582a29f SHA1 7290b676b
 AUX rxecho.rc 487 RMD160 72dbdbd41db8db0f4ba20e3d36ad3bd730b6f112 SHA1 b8843aaa71cb04c973d2774c86f89c40b1220148 SHA256 ce5441e16f257ca7a0f231f9bc2837e82e536df59bb031ca40c27a54b9b5d700
 AUX ttylinkd.rc 497 RMD160 ee239c28b7e6d435d22a96fc2a54e43f800c2b57 SHA1 d4f437dd5a70f93a219fa6ca103ff6e955992872 SHA256 375260e871fe39834826ab2c5151452619746f3984f6388f6a8cf3dc9e44c96c
 DIST ax25-tools-0.0.10-rc2.tar.gz 381575 RMD160 2bf2a34ebdc9fcf02583ec8f950313fec7d588a3 SHA1 f06e0b962ffc734658f1ad6be96d40bcaee19587 SHA256 d3a33914c168f6b9b3fef2cc543e5debbf9c95bf06f4c902f06c68eabfe4b4eb
+EBUILD ax25-tools-0.0.10_rc2-r1.ebuild 1652 RMD160 af3d4b0ef899f63c457a9b5c2c7e085205c98cd9 SHA1 905297647ca7c2cc9c2009f440923716b4c63697 SHA256 9326888b20fb4a0ca7593b6a894dd6dcd7b3b50263438a29e66e433884f12432
 EBUILD ax25-tools-0.0.10_rc2.ebuild 1587 RMD160 ab504315895099ddd5939e60c97e965612572e86 SHA1 9bf59a0b7e79afb8cba396237ffebcdb846a6718 SHA256 4ce8647061543e8638d8ac33f0c04e7fc64c3be1e582c828afe46aad6d48ed87
-MISC ChangeLog 673 RMD160 2afca35957d33bb23085a86ecf2ff7c6440b8c1f SHA1 6032120c39a3e96ec7aaf0ab973a23a70ea2198a SHA256 065b4decd5fe87a95a6892056dd1042629436f4ebc31dae9bd61b5239e100310
-MISC metadata.xml 338 RMD160 c4046312bf6f8e0241ad940c00e97b975ab1815f SHA1 7cc056d54b91772e2d4a11c10fa5a3a322ea8b94 SHA256 edfe8d4e418a60d59786a118658ac560fbd85ca3c9eb25d2ecf0b984fe765d06
+MISC ChangeLog 911 RMD160 116c9e5fde374215d344bc6ede00437115e55e23 SHA1 bad960ae7468b6be46e62f899ebf1b9a9276c5bc SHA256 6c8debe55bd7d6f1579820a0bd244ec4a592701a6c8970e4fca95f75875ea3f1
+MISC metadata.xml 337 RMD160 c586729cfa7415d7cd6cfdc6d47b8faaac3377de SHA1 9f4961a43808eae75e6a09e7fd2426f77e38b16d SHA256 fef311db1d583af0215c11f10a1425003603dbf8cbb66c4f7030cc5c6ca91cf9
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.17 (GNU/Linux)
+
+iEYEARECAAYFAk5dFxsACgkQQe4uqXYgU9XivgCgh/5KuDPoD60cdekC4UdEbbYp
+HygAnAlxn3JV/zHYZy0eABIlpnmi6a6i
+=ubRQ
+-----END PGP SIGNATURE-----
diff --git a/media-radio/ax25-tools/ax25-tools-0.0.10_rc2-r1.ebuild b/media-radio/ax25-tools/ax25-tools-0.0.10_rc2-r1.ebuild
new file mode 100644
index 000000000000..0c583c08ceec
--- /dev/null
+++ b/media-radio/ax25-tools/ax25-tools-0.0.10_rc2-r1.ebuild
@@ -0,0 +1,51 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/media-radio/ax25-tools/ax25-tools-0.0.10_rc2-r1.ebuild,v 1.1 2011/08/30 16:59:58 tomjbe Exp $
+
+EAPI="2"
+inherit autotools eutils
+
+MY_P=${P/_/-}
+
+DESCRIPTION="Basic AX.25 (Amateur Radio) administrative tools and daemons"
+HOMEPAGE="http://www.linux-ax25.org/"
+SRC_URI="http://www.linux-ax25.org/pub/${PN}/${MY_P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~ppc ~x86"
+IUSE="X"
+
+S=${WORKDIR}/${MY_P}
+
+DEPEND="dev-libs/libax25
+	X? ( x11-libs/libX11
+		media-libs/mesa )"
+RDEPEND=${DEPEND}
+
+src_prepare() {
+	epatch "${FILESDIR}/${P}-parallel-make.patch" \
+		"${FILESDIR}/${P}-cve-2011-2910.patch" # see bug # 379293
+	eautoreconf
+}
+
+src_configure() {
+	econf $(use_with X x)
+}
+
+src_install() {
+	emake DESTDIR="${D}" install installconf || die "emake install failed"
+
+	# Package does not respect --docdir
+	rm -rf "${D}"/usr/share/doc/ax25-tools || die "clean-up doc failed"
+	dodoc AUTHORS ChangeLog NEWS README tcpip/ttylinkd.README \
+	user_call/README.user_call yamdrv/README.yamdrv dmascc/README.dmascc \
+	tcpip/ttylinkd.INSTALL || die "dodoc failed"
+
+	newinitd "${FILESDIR}"/ax25d.rc ax25d || die "ax25d rc install failed"
+	newinitd "${FILESDIR}"/mheardd.rc mheardd || die "mheardd rc install failed"
+	newinitd "${FILESDIR}"/netromd.rc netromd || die "netromd rc install failed"
+	newinitd "${FILESDIR}"/rip98d.rc rip98d || die "rip98d rc install failed"
+	newinitd "${FILESDIR}"/rxecho.rc rxecho || die "rxecho rc install failed"
+	newinitd "${FILESDIR}"/ttylinkd.rc ttylinkd || die "ttylinkd install failed"
+}
diff --git a/media-radio/ax25-tools/files/ax25-tools-0.0.10_rc2-cve-2011-2910.patch b/media-radio/ax25-tools/files/ax25-tools-0.0.10_rc2-cve-2011-2910.patch
new file mode 100644
index 000000000000..9b5eb608c7bf
--- /dev/null
+++ b/media-radio/ax25-tools/files/ax25-tools-0.0.10_rc2-cve-2011-2910.patch
@@ -0,0 +1,68 @@
+diff -Nur ax25-tools-0.0.10-rc2/ax25/ax25d.c ax25-tools/ax25/ax25d.c
+--- ax25-tools-0.0.10-rc2/ax25/ax25d.c	2009-06-21 20:01:55.000000000 +0200
++++ ax25-tools/ax25/ax25d.c	2011-08-18 11:51:08.000000000 +0200
+@@ -1,5 +1,5 @@
+ /*
+- * $Id: ax25-tools-0.0.10_rc2-cve-2011-2910.patch,v 1.1 2011/08/30 16:59:58 tomjbe Exp $
++ * $Id: ax25-tools-0.0.10_rc2-cve-2011-2910.patch,v 1.1 2011/08/30 16:59:58 tomjbe Exp $
+  *
+  *  This is my version of axl.c, written for the LBBS code to make it
+  *    compatable with the kernel AX25 driver.  It appears to work, with
+@@ -577,7 +577,7 @@
+ 							/* close link */
+ 							/* setproctitle("ax25d [%s]: disconnecting", User); */
+ 							close(new);
+-							return 0;
++							exit(0);
+ 						}
+ login:
+ 						/* setproctitle("ax25d [%s]: login", User); */
+@@ -614,11 +614,15 @@
+ 							closelog();
+ 
+ 						/* Make root secure, before we exec() */
+-						setgroups(0, grps);	/* Strip any supplementary gid's */
+-						setgid(raxl->gid);
+-						setuid(raxl->uid);
++						/* Strip any supplementary gid's */
++						if (setgroups(0, grps) == -1)
++							exit(1);
++						if (setgid(raxl->gid) == -1)
++							exit(1);
++						if (setuid(raxl->uid) == -1)
++							exit(1);
+ 						execve(raxl->exec, argv, NULL);
+-						return 1;
++						exit(1);
+ 
+ 					default:
+ 						close(new);
+diff -Nur ax25-tools-0.0.10-rc2/ax25/axspawn.c ax25-tools/ax25/axspawn.c
+--- ax25-tools-0.0.10-rc2/ax25/axspawn.c	2009-06-21 20:01:55.000000000 +0200
++++ ax25-tools/ax25/axspawn.c	2011-08-18 12:43:49.000000000 +0200
+@@ -1,10 +1,10 @@
+ /*
+  *
+- * $Id: ax25-tools-0.0.10_rc2-cve-2011-2910.patch,v 1.1 2011/08/30 16:59:58 tomjbe Exp $
++ * $Id: ax25-tools-0.0.10_rc2-cve-2011-2910.patch,v 1.1 2011/08/30 16:59:58 tomjbe Exp $
+  *
+  * axspawn.c - run a program from ax25d.
+  *
+- * Copyright (c) 1996 J�rg Reuter DL1BKE (jreuter@poboxes.com)
++ * Copyright (c) 1996 Joerg Reuter DL1BKE (jreuter@poboxes.com)
+  *
+  * This program is a hack.
+  * 
+@@ -1693,7 +1693,11 @@
+                 pututline(&ut_line);
+                 endutent();
+ 
+-		setsid();
++		/* become process group leader, if we not already are */
++		if (getpid() != getsid(0)) {
++			if (setsid() == -1)
++				exit(1);
++		}
+ 
+                 chargc = 0;
+                 envc = 0;
diff --git a/media-radio/ax25-tools/metadata.xml b/media-radio/ax25-tools/metadata.xml
index 0324fc6021af..38613982ebd1 100644
--- a/media-radio/ax25-tools/metadata.xml
+++ b/media-radio/ax25-tools/metadata.xml
@@ -4,7 +4,7 @@
 	<herd>no-herd</herd>
 	<maintainer>
 		<email>tomjbe@gentoo.org</email>
-		<name>Thomaas Beierlein</name>
+		<name>Thomas Beierlein</name>
 	</maintainer>
 	<use>
 		<flag name='X'>Enable some X based configuration tools.</flag>
author	Thomas Beierlein <tomjbe@gentoo.org>	2011-08-30 16:59:58 +0000
committer	Thomas Beierlein <tomjbe@gentoo.org>	2011-08-30 16:59:58 +0000
commit	976bcddc5c5ed05601021e0ab02bff0ac746f6da (patch)
tree	3d5f4777ad54cd2b4bcea9cd2d73d60583d32b90 /media-radio/ax25-tools
parent	[bump] dev-perl/XML-LibXML-1.870.0 (diff)
download	historical-976bcddc5c5ed05601021e0ab02bff0ac746f6da.tar.gz historical-976bcddc5c5ed05601021e0ab02bff0ac746f6da.tar.bz2 historical-976bcddc5c5ed05601021e0ab02bff0ac746f6da.zip