diff options
Diffstat (limited to 'net-misc')
-rw-r--r-- | net-misc/omniORB/Manifest | 1 | ||||
-rw-r--r-- | net-misc/omniORB/files/change-umask-from-002-to-022-in-CreateDir-macro.patch | 58 | ||||
-rw-r--r-- | net-misc/omniORB/omniORB-4.2.1_p2.ebuild | 104 |
3 files changed, 0 insertions, 163 deletions
diff --git a/net-misc/omniORB/Manifest b/net-misc/omniORB/Manifest index 47c456667c2e..1dc9821c0651 100644 --- a/net-misc/omniORB/Manifest +++ b/net-misc/omniORB/Manifest @@ -1,3 +1,2 @@ DIST omniORB-4.1.4.tar.gz 3093814 BLAKE2B 6f85ff31f55533eac779554a165346fa693c41e261650f22c5d1889de731a5ca3b09d178945dee89b80553a81e7a9db3286efd465b4aafcb7c19e5dc5de5d105 SHA512 0ed989dd9a8c024a575ebbe1def137d11c4e52297727883d26cb1fdc87d2965e6d0152ee4b7b90097f2d97eb22501bb968eff0d070e88f80a9fef6b7439e1a1c -DIST omniORB-4.2.1-2.tar.bz2 2663504 BLAKE2B 3a5a48e7d85b5815b576067f16cf602ff9a44e547e4350d25d8ae43d8063e1bccb3da88eed09328224c88420870a64f331e6198f2f8911f4a718322ffcd3a8e0 SHA512 574bbc66f9eee87f06500c798e034a289e6104b3a921c8e956231c5c042a3306016b2aa69699eadef25edb97bed7580f7f27beec3893582a1ba16bb01f934fd6 DIST omniORB-4.2.2.tar.bz2 2673800 BLAKE2B 6afe4759cf19b69bd02d4864e305a0ebd0d11943a54c20d53987d9775f04833d5d2dbeb99e5bdcc59d56f116cfb14b9ae92399323e3980a44d9cef47a012c24f SHA512 3fe6c05d0e7f19455c4cd6702887f91b7d14cdc248008cbc456c103072a37251387877bd64d59a271c6e92703a70bbbb9713f9fa2e45d094628e42564cffd0ad diff --git a/net-misc/omniORB/files/change-umask-from-002-to-022-in-CreateDir-macro.patch b/net-misc/omniORB/files/change-umask-from-002-to-022-in-CreateDir-macro.patch deleted file mode 100644 index 2aaab59ef201..000000000000 --- a/net-misc/omniORB/files/change-umask-from-002-to-022-in-CreateDir-macro.patch +++ /dev/null @@ -1,58 +0,0 @@ -From 2a0ea5621ef7cd9303e49657166dfd04ffa624d7 Mon Sep 17 00:00:00 2001 -From: Michael Orlitzky <michael@orlitzky.com> -Date: Tue, 16 Aug 2016 13:55:08 -0400 -Subject: [PATCH 1/1] mk: Change umask from 002 to 022 in the CreateDir macro. - -The build system has a macro called CreateDir that does more or less -what you'd expect. But before it creates the directory given to it, it -sets the umask to 002. This can be a vulnerability, since we don't -know who the end user will be building the software as; there may be -untrusted people in his default group. In that case, one of those -people can overwrite the scripts in the directory created by CreateDir -before the user executes them. - -There is a kernel-level workaround for these types of vulnerabilities -in the Grsecurity project called Trusted Path Execution (TPE). When -enabled, users are not allowed to execute files in directories not -owned by themselves or root. When that restriction is enabled, omniORB -fails to build (due to the aforementioned umask). - -This commit changes the umask to 022 in CreateDir. This should not -cause any problems (ha ha), and is safer than the previous umask of -002. It also fixes the build on systems where TPE is enabled. - -Gentoo-Bug: 576040 ---- - mk/beforeauto.mk.in | 2 +- - mk/beforedir.mk | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/mk/beforeauto.mk.in b/mk/beforeauto.mk.in -index 83d544c..9f65c69 100644 ---- a/mk/beforeauto.mk.in -+++ b/mk/beforeauto.mk.in -@@ -167,7 +167,7 @@ unexport SUBDIRS - - define CreateDir - if [ ! -d $$dir ]; then \ -- (umask 002; set -x; $(MKDIRHIER) $$dir); \ -+ (umask 022; set -x; $(MKDIRHIER) $$dir); \ - fi - endef - -diff --git a/mk/beforedir.mk b/mk/beforedir.mk -index f804ed3..855bc4d 100644 ---- a/mk/beforedir.mk -+++ b/mk/beforedir.mk -@@ -187,7 +187,7 @@ unexport SUBDIRS - - define CreateDir - if [ ! -d $$dir ]; then \ -- (umask 002; set -x; $(MKDIRHIER) $$dir); \ -+ (umask 022; set -x; $(MKDIRHIER) $$dir); \ - fi - endef - --- -2.7.3 - diff --git a/net-misc/omniORB/omniORB-4.2.1_p2.ebuild b/net-misc/omniORB/omniORB-4.2.1_p2.ebuild deleted file mode 100644 index 46b2de01bec8..000000000000 --- a/net-misc/omniORB/omniORB-4.2.1_p2.ebuild +++ /dev/null @@ -1,104 +0,0 @@ -# Copyright 1999-2017 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI=6 - -# The build system picks one version of python and sticks with it. It -# tries to guess your version (based on /usr/bin/python), but for -# consistency we have to force it to use one that we specify. The -# highest version the configure script will accept is python-3.3, but -# that's on it's way out, so we prefer to stick with python-2.7 for now. -PYTHON_COMPAT=( python2_7 ) - -inherit python-single-r1 - -MY_P="${P/_p/-}" -DESCRIPTION="A robust, high-performance CORBA 2 ORB" -HOMEPAGE="http://omniorb.sourceforge.net/" -SRC_URI="mirror://sourceforge/omniorb/${MY_P}.tar.bz2" - -LICENSE="LGPL-2 GPL-2" -SLOT="0" -KEYWORDS="~amd64 ~ppc ~ppc64 ~sparc ~x86" -IUSE="doc ipv6 ssl" -REQUIRED_USE="${PYTHON_REQUIRED_USE}" - -RDEPEND="${PYTHON_DEPS} - ssl? ( dev-libs/openssl:0= )" -DEPEND="${RDEPEND}" - -S="${WORKDIR}/${PN}-${PV/_p2/}" - -PATCHES=( - "${FILESDIR}/omniORB-4.1.4-format-security.patch" - "${FILESDIR}/change-umask-from-002-to-022-in-CreateDir-macro.patch" -) - -src_prepare() { - default - - # The OPTC(XX)FLAGS variables aren't present in these files, but we - # will set them when we call emake. - sed \ - -e 's/^CXXDEBUGFLAGS.*/CXXDEBUGFLAGS = $(OPTCXXFLAGS)/' \ - -e 's/^CDEBUGFLAGS.*/CDEBUGFLAGS = $(OPTCFLAGS)/' \ - -i mk/beforeauto.mk.in mk/platforms/i586_linux_2.0*.mk || \ - die 'failed to switch CFLAGS variables in the makefile includes' - - # The out-of-source build is suggested by upstream. - mkdir build || die 'failed to create build directory' -} - -src_configure() { - cd build || die 'failed to change into the build directory' - - ECONF_SOURCE=".." econf \ - --disable-static \ - --with-omniORB-config=/etc/omniorb/omniORB.cfg \ - --with-omniNames-logdir=/var/log/omniORB \ - --libdir="/usr/$(get_libdir)" \ - $(use_enable ipv6) \ - $(use_with ssl openssl "/usr") -} - -src_compile() { - cd build || die 'failed to change into the build directory' - emake OPTCFLAGS="${CFLAGS}" OPTCXXFLAGS="${CXXFLAGS}" -} - -src_install() { - cd build || die 'failed to change into the build directory' - default - - rm "${ED}/usr/bin/omniidlrun.py" || \ - die 'failed to remove redundant omniidlrun.py' - - cd "${S}" || die "failed to change into the ${S} directory" - - dodoc CREDITS doc/*.html ReleaseNotes.txt update.log - dodoc -r doc/omniORB - - if use doc; then - dodoc doc/*.pdf - fi - - cat <<- EOF > "${T}/90omniORB" - PATH="/usr/share/omniORB/bin/scripts" - OMNIORB_CONFIG="/etc/omniorb/omniORB.cfg" - EOF - doenvd "${T}/90omniORB" - doinitd "${FILESDIR}"/omniNames - - cp "sample.cfg" "${T}/omniORB.cfg" || die - cat <<- EOF >> "${T}/omniORB.cfg" - # resolve the omniNames running on localhost - InitRef = NameService=corbaname::localhost - EOF - insinto /etc/omniorb - doins "${T}"/omniORB.cfg - - keepdir /var/log/omniORB - - python_optimize - python_fix_shebang "${ED}"/usr/bin/omniidl -} |