diff options
Diffstat (limited to 'app-admin/system-tools-backends')
5 files changed, 156 insertions, 0 deletions
diff --git a/app-admin/system-tools-backends/Manifest b/app-admin/system-tools-backends/Manifest new file mode 100644 index 000000000000..d233c00c460e --- /dev/null +++ b/app-admin/system-tools-backends/Manifest @@ -0,0 +1,5 @@ +AUX system-tools-backends-2.8.2-cve-2008-4311.patch 1984 BLAKE2B fdceba11d1f10d200709a7b0a391da459d7d59c69900243cacaeb9f372eb74033d2d7e3be32ba10fbccdf15c8acc04b7a2e2cb524f5c540c06113140a33a6171 SHA512 ec8d2f526ad16f286aeef6d521ae3f2909676b846ad2a715d23c5a30b02f0608e42d550691e0e07493d70d1141093dc59c36a55afa82032c6d28e128ab1fd49b +AUX system-tools-backends-2.8.2-default-permissions.patch 945 BLAKE2B a825942ddf3bb8cf00d9c355f7864fc2aa48c0e2a89cc7098914204a4724e581623cfc798b9e39eb543ec5245b3ef4973798c1a8b3b46233975bd040bdc10102 SHA512 0225f2825928c123cde5781d8d34c64e71ac6c4349e7440bc4e37cbbaaa99b55ca86f14459477a0a4ab3bd60625f95427d3779bd167d10f721a2b2c4ca9a20ae +DIST system-tools-backends-2.10.2.tar.bz2 448939 BLAKE2B 2a9a957b1f5438dd40997eaa2efba634fc21a9b7c3d26c3a48ac714e62d80b0a782582325ef92a3309024f278d73ac93c7611e51eca62a210ab44436e6bf9129 SHA512 9ee3e0643122740493265e532350fed9056334de0ea3d6656daa1d42b97f76f0f85024ac87e732fe5122a1e31ad009a1d2f119720081673a06696b81452fb990 +EBUILD system-tools-backends-2.10.2.ebuild 1460 BLAKE2B c1818feca58411f992b93022bc924a87b1a037b817e7643717dfc5ce113c837eccd3fcc910b3919f5f5e6f281bbbe7bce5a8b466e0ea20540ace9ecb068e5257 SHA512 487b2d0918986e8b35a6af7065d27fbed62b9a0e05fb72e82c96124cb169f6d07fe162fb2374ec781e2fe3d2bf21cd5c98ad6f88491a292bf4e4f66df4e4e115 +MISC metadata.xml 505 BLAKE2B d649c3edba16b67de8e85125083cf3588e4635640533457bbd3d3e64485947e5e568627df60a27f8bc6154c7d50de53bd285abda4744028b3a181816a965ea55 SHA512 e3d52afec42d48a68f30802c50b3e7cb033100acd041706b1bbba6b6168c7dc1b2720a20a346a974acd2b82c530e41868d3bc49f89c1a469ba38e372e459e397 diff --git a/app-admin/system-tools-backends/files/system-tools-backends-2.8.2-cve-2008-4311.patch b/app-admin/system-tools-backends/files/system-tools-backends-2.8.2-cve-2008-4311.patch new file mode 100644 index 000000000000..47f93da74f16 --- /dev/null +++ b/app-admin/system-tools-backends/files/system-tools-backends-2.8.2-cve-2008-4311.patch @@ -0,0 +1,47 @@ +From 544d679c2796602ff277e78e238abd56d30ad633 Mon Sep 17 00:00:00 2001 +From: Gilles Dartiguelongue <eva@gentoo.org> +Date: Mon, 14 Dec 2009 20:37:58 +0100 +Subject: [PATCH 3/4] Gentoo: fix CVE-2008-4311 + +commit fd648907e46017d46c367f59c62d0b0395830903 +Author: Simon McVittie <http://smcv.pseudorandom.co.uk/> +Date: 2009-01-04 19:35:51 +0000 + + Allow root to send messages to all the system tools backends, so + they work even when CVE-2008-4311 has been fixed. + + Also disallow normal user access by destination, not by + interface (fd.o #18961). +--- + org.freedesktop.SystemToolsBackends.conf | 8 ++++---- + 1 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/org.freedesktop.SystemToolsBackends.conf b/org.freedesktop.SystemToolsBackends.conf +index 58972ee..537ef73 100644 +--- a/org.freedesktop.SystemToolsBackends.conf ++++ b/org.freedesktop.SystemToolsBackends.conf +@@ -22,8 +22,10 @@ + <allow send_interface="org.freedesktop.SystemToolsBackends.Platform" send_member="getPlatform"/> + --> + +- <!-- Only allow talking to the dispatcher --> +- <allow send_destination="org.freedesktop.SystemToolsBackends"/> ++ <!-- configuration modules can't be accessed directly... --> ++ <deny send_destination="org.freedesktop.SystemToolsBackends"/> ++ <deny send_destination="org.freedesktop.SystemToolsBackends.Platform"/> ++ <deny send_destination="org.freedesktop.SystemToolsBackends"/> + </policy> + + <policy user="0"> +@@ -45,8 +47,6 @@ + + <!-- be able to speak to configuration modules, + so any message to them has to go through the dispatcher --> +- <allow send_interface="org.freedesktop.SystemToolsBackends"/> +- <allow send_interface="org.freedesktop.SystemToolsBackends.Platform"/> + <allow send_destination="org.freedesktop.SystemToolsBackends"/> + <allow send_destination="org.freedesktop.SystemToolsBackends.Platform"/> + <allow send_destination="org.freedesktop.SystemToolsBackends.GroupsConfig"/> +-- +1.6.5.4 + diff --git a/app-admin/system-tools-backends/files/system-tools-backends-2.8.2-default-permissions.patch b/app-admin/system-tools-backends/files/system-tools-backends-2.8.2-default-permissions.patch new file mode 100644 index 000000000000..bc58ba4fb1f9 --- /dev/null +++ b/app-admin/system-tools-backends/files/system-tools-backends-2.8.2-default-permissions.patch @@ -0,0 +1,25 @@ +From ea88120dac8ba2c2dabf4c393c283f69b3d33b5a Mon Sep 17 00:00:00 2001 +From: Gilles Dartiguelongue <eva@gentoo.org> +Date: Mon, 14 Dec 2009 20:37:15 +0100 +Subject: [PATCH 2/4] Gentoo: restrict access to stb to users in stb-admin group + +--- + org.freedesktop.SystemToolsBackends.conf | 4 ++++ + 1 files changed, 4 insertions(+), 0 deletions(-) + +diff --git a/org.freedesktop.SystemToolsBackends.conf b/org.freedesktop.SystemToolsBackends.conf +index d031525..58972ee 100644 +--- a/org.freedesktop.SystemToolsBackends.conf ++++ b/org.freedesktop.SystemToolsBackends.conf +@@ -60,4 +60,8 @@ + <allow send_destination="org.freedesktop.SystemToolsBackends.UserConfig"/> + <allow send_destination="org.freedesktop.SystemToolsBackends.UsersConfig"/> + </policy> ++ <policy group="stb-admin"> ++ <!-- be able to speak to the dispatcher --> ++ <allow send_destination="org.freedesktop.SystemToolsBackends"/> ++ </policy> + </busconfig> +-- +1.6.5.4 + diff --git a/app-admin/system-tools-backends/metadata.xml b/app-admin/system-tools-backends/metadata.xml new file mode 100644 index 000000000000..a8fccb3731a6 --- /dev/null +++ b/app-admin/system-tools-backends/metadata.xml @@ -0,0 +1,13 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> +<maintainer type="project"> + <email>lxqt@gentoo.org</email> + <name>LXQt</name> +</maintainer> +<longdescription lang="en"> +The System Tools Backends are a set of cross-platform modules for Linux, +FreeBSD, Solaris and other Unix systems. The backends provide an common DBus +interface to all distros for modifying or reading the system configuration. +</longdescription> +</pkgmetadata> diff --git a/app-admin/system-tools-backends/system-tools-backends-2.10.2.ebuild b/app-admin/system-tools-backends/system-tools-backends-2.10.2.ebuild new file mode 100644 index 000000000000..436bb9c06c14 --- /dev/null +++ b/app-admin/system-tools-backends/system-tools-backends-2.10.2.ebuild @@ -0,0 +1,66 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="5" +GCONF_DEBUG="no" +GNOME_TARBALL_SUFFIX="bz2" + +inherit eutils gnome2 readme.gentoo user + +DESCRIPTION="Tools aimed to make easy the administration of UNIX systems" +HOMEPAGE="https://projects.gnome.org/gst/" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="alpha amd64 ~arm ~arm64 ia64 ppc sparc x86" +IUSE="" + +RDEPEND=" + !<app-admin/gnome-system-tools-1.1.91 + >=sys-apps/dbus-1.1.2 + >=dev-libs/dbus-glib-0.74 + >=dev-libs/glib-2.15.2:2 + >=dev-perl/Net-DBus-0.33.4 + dev-lang/perl + >=sys-auth/polkit-0.94 + userland_GNU? ( virtual/shadow ) +" +DEPEND="${RDEPEND} + virtual/pkgconfig + >=dev-util/intltool-0.40" + +DISABLE_AUTOFORMATTING="yes" +DOC_CONTENTS="You need to add yourself to the group stb-admin and +add system-tools-backends to the default runlevel. +You can do this as root like so: +# rc-update add system-tools-backends default +" + +pkg_setup() { + enewgroup stb-admin +} + +src_prepare() { + # Change default permission, only people in stb-admin is allowed + # to speak to the dispatcher. + epatch "${FILESDIR}/${PN}-2.8.2-default-permissions.patch" + + # Apply fix from ubuntu for CVE 2008 4311 + epatch "${FILESDIR}/${PN}-2.8.2-cve-2008-4311.patch" + + gnome2_src_prepare +} + +src_configure() { + gnome2_src_configure --localstatedir=/var +} + +src_install() { + gnome2_src_install + readme.gentoo_create_doc +} + +pkg_postinst() { + gnome2_pkg_postinst + readme.gentoo_print_elog +} |