reinit the tree, so we can have metadata

5 files changed, 137 insertions, 0 deletions

diff --git a/net-misc/omniORB/files/change-umask-from-002-to-022-in-CreateDir-macro.patch b/net-misc/omniORB/files/change-umask-from-002-to-022-in-CreateDir-macro.patch
new file mode 100644
index 000000000000..2aaab59ef201
--- /dev/null
+++ b/net-misc/omniORB/files/change-umask-from-002-to-022-in-CreateDir-macro.patch
@@ -0,0 +1,58 @@
+From 2a0ea5621ef7cd9303e49657166dfd04ffa624d7 Mon Sep 17 00:00:00 2001
+From: Michael Orlitzky <michael@orlitzky.com>
+Date: Tue, 16 Aug 2016 13:55:08 -0400
+Subject: [PATCH 1/1] mk: Change umask from 002 to 022 in the CreateDir macro.
+
+The build system has a macro called CreateDir that does more or less
+what you'd expect. But before it creates the directory given to it, it
+sets the umask to 002. This can be a vulnerability, since we don't
+know who the end user will be building the software as; there may be
+untrusted people in his default group. In that case, one of those
+people can overwrite the scripts in the directory created by CreateDir
+before the user executes them.
+
+There is a kernel-level workaround for these types of vulnerabilities
+in the Grsecurity project called Trusted Path Execution (TPE). When
+enabled, users are not allowed to execute files in directories not
+owned by themselves or root. When that restriction is enabled, omniORB
+fails to build (due to the aforementioned umask).
+
+This commit changes the umask to 022 in CreateDir. This should not
+cause any problems (ha ha), and is safer than the previous umask of
+002. It also fixes the build on systems where TPE is enabled.
+
+Gentoo-Bug: 576040
+---
+ mk/beforeauto.mk.in | 2 +-
+ mk/beforedir.mk     | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/mk/beforeauto.mk.in b/mk/beforeauto.mk.in
+index 83d544c..9f65c69 100644
+--- a/mk/beforeauto.mk.in
++++ b/mk/beforeauto.mk.in
+@@ -167,7 +167,7 @@ unexport SUBDIRS
+ 
+ define CreateDir
+ if [ ! -d $$dir ]; then \
+-   (umask 002; set -x; $(MKDIRHIER) $$dir); \
++   (umask 022; set -x; $(MKDIRHIER) $$dir); \
+ fi
+ endef
+ 
+diff --git a/mk/beforedir.mk b/mk/beforedir.mk
+index f804ed3..855bc4d 100644
+--- a/mk/beforedir.mk
++++ b/mk/beforedir.mk
+@@ -187,7 +187,7 @@ unexport SUBDIRS
+ 
+ define CreateDir
+ if [ ! -d $$dir ]; then \
+-   (umask 002; set -x; $(MKDIRHIER) $$dir); \
++   (umask 022; set -x; $(MKDIRHIER) $$dir); \
+ fi
+ endef
+ 
+-- 
+2.7.3
+
diff --git a/net-misc/omniORB/files/ldflags.patch b/net-misc/omniORB/files/ldflags.patch
new file mode 100644
index 000000000000..471df27ae7f4
--- /dev/null
+++ b/net-misc/omniORB/files/ldflags.patch
@@ -0,0 +1,11 @@
+--- mk/beforeauto.mk.in.orig	2010-04-24 21:13:17.000000000 +0200
++++ mk/beforeauto.mk.in	2010-04-24 21:14:24.000000000 +0200
+@@ -541,7 +541,7 @@
+ SharedLibraryLibNameTemplate  	= lib$$1$$2.$(SHAREDLIB_SUFFIX)
+ SharedLibraryImplibNameTemplate = lib$$1$$2.a
+ 
+-SharedLibraryPlatformLinkFlagsTemplate = -shared -Wl,-soname,$$soname
++SharedLibraryPlatformLinkFlagsTemplate = -shared -Wl,-soname,$$soname @LDFLAGS@
+ 
+ define SharedLibraryFullName
+ fn() { \
diff --git a/net-misc/omniORB/files/omniNames b/net-misc/omniORB/files/omniNames
new file mode 100644
index 000000000000..e2e7851fd3a2
--- /dev/null
+++ b/net-misc/omniORB/files/omniNames
@@ -0,0 +1,21 @@
+#!/sbin/openrc-run
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+depend() {
+	need net
+}
+
+start() {
+	ebegin "Starting omniNames"
+	start-stop-daemon --start --background --make-pidfile --pidfile /var/run/omniNames.pid \
+		--exec /usr/bin/omniNames -- -start -always -logdir /var/log/omniORB \
+		-errlog /var/log/omniORB/omniORB.errors
+	eend $? "Error starting omniNames."
+}
+
+stop() {
+	ebegin "Stopping omniNames"
+	start-stop-daemon --stop --pidfile /var/run/omniNames.pid
+	eend $? "Error stopping omniNames."
+}
diff --git a/net-misc/omniORB/files/omniORB-4.1.4-format-security.patch b/net-misc/omniORB/files/omniORB-4.1.4-format-security.patch
new file mode 100644
index 000000000000..2af8d21d308d
--- /dev/null
+++ b/net-misc/omniORB/files/omniORB-4.1.4-format-security.patch
@@ -0,0 +1,16 @@
+ src/tool/omniidl/cxx/cccp/cccp.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/tool/omniidl/cxx/cccp/cccp.c b/src/tool/omniidl/cxx/cccp/cccp.c
+index 0198b1a..64d80ae 100644
+--- a/src/tool/omniidl/cxx/cccp/cccp.c
++++ b/src/tool/omniidl/cxx/cccp/cccp.c
+@@ -8034,7 +8034,7 @@ macroexpand (hp, op)
+       else
+ 	parse_error = macarg (NULL_PTR, 0);
+       if (parse_error) {
+-	error_with_line (line_for_error (start_line), parse_error);
++	error_with_line (line_for_error (start_line), "%s", parse_error);
+ 	break;
+       }
+       i++;
diff --git a/net-misc/omniORB/files/omniORB-4.1.4-openssl-1.patch b/net-misc/omniORB/files/omniORB-4.1.4-openssl-1.patch
new file mode 100644
index 000000000000..968013a25781
--- /dev/null
+++ b/net-misc/omniORB/files/omniORB-4.1.4-openssl-1.patch
@@ -0,0 +1,31 @@
+http://bugs.gentoo.org/326791
+
+--- include/omniORB4/sslContext.h
++++ include/omniORB4/sslContext.h
+@@ -111,7 +111,11 @@
+   virtual ~sslContext();
+ 
+  protected:
+-  virtual SSL_METHOD* set_method(); 
++  #if OPENSSL_VERSION_NUMBER >= 0x10000000L
++  virtual const SSL_METHOD* set_method();
++  #else
++  virtual SSL_METHOD* set_method();
++  #endif
+   // Default to return SSLv23_method().
+ 
+   virtual void set_supported_versions(); 
+--- src/lib/omniORB/orbcore/ssl/sslContext.cc
++++ src/lib/omniORB/orbcore/ssl/sslContext.cc
+@@ -197,7 +197,11 @@
+ }
+ 
+ /////////////////////////////////////////////////////////////////////////
++#if OPENSSL_VERSION_NUMBER >= 0x10000000L
++const SSL_METHOD*
++#else
+ SSL_METHOD*
++#endif
+ sslContext::set_method() {
+   return SSLv23_method();
+ }