.
OBS-URL: https://build.opensuse.org/package/show/Base:System/man?expand=0&rev=158
This commit is contained in:
parent
5d8a6d1ef2
commit
59aabc4876
60
man-db-2.13.0-no_abort.patch
Normal file
60
man-db-2.13.0-no_abort.patch
Normal file
@ -0,0 +1,60 @@
|
|||||||
|
Avoid abort() in regain_effective_privs() if mandb is called by root
|
||||||
|
that is always initialize saved_uid and saved_gid!
|
||||||
|
|
||||||
|
--- gl/lib/idpriv-droptemp.c 2024-08-29 13:17:12.000000000 +0200
|
||||||
|
+++ gl/lib/idpriv-droptemp.c 2024-11-11 09:55:45.539212073 +0100
|
||||||
|
@@ -31,19 +31,24 @@
|
||||||
|
static gid_t saved_gid = -1;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
-int
|
||||||
|
-idpriv_temp_drop (void)
|
||||||
|
+void
|
||||||
|
+idpriv_initial (void)
|
||||||
|
{
|
||||||
|
-#if HAVE_GETEUID && HAVE_GETEGID && (HAVE_SETRESUID || HAVE_SETREUID) && (HAVE_SETRESGID || HAVE_SETREGID)
|
||||||
|
- uid_t uid = getuid ();
|
||||||
|
- gid_t gid = getgid ();
|
||||||
|
-
|
||||||
|
/* Find out about the privileged uid and gid at the first call. */
|
||||||
|
if (saved_uid == -1)
|
||||||
|
saved_uid = geteuid ();
|
||||||
|
if (saved_gid == -1)
|
||||||
|
saved_gid = getegid ();
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+int
|
||||||
|
+idpriv_temp_drop (void)
|
||||||
|
+{
|
||||||
|
+#if HAVE_GETEUID && HAVE_GETEGID && (HAVE_SETRESUID || HAVE_SETREUID) && (HAVE_SETRESGID || HAVE_SETREGID)
|
||||||
|
+ uid_t uid = getuid ();
|
||||||
|
+ gid_t gid = getgid ();
|
||||||
|
|
||||||
|
+ idpriv_initial ();
|
||||||
|
/* Drop the gid privilege first, because in some cases the gid privilege
|
||||||
|
cannot be dropped after the uid privilege has been dropped. */
|
||||||
|
|
||||||
|
--- gl/lib/idpriv.h 2024-08-29 13:17:12.000000000 +0200
|
||||||
|
+++ gl/lib/idpriv.h 2024-11-11 09:50:35.047999910 +0100
|
||||||
|
@@ -95,6 +95,9 @@
|
||||||
|
|
||||||
|
/* For approach 3. */
|
||||||
|
|
||||||
|
+/* Initialize internal variable saved_uid as well as saved_gid */
|
||||||
|
+extern void idpriv_initial (void);
|
||||||
|
+
|
||||||
|
/* Drop the uid and gid privileges of the current process in a way that allows
|
||||||
|
them to be restored later.
|
||||||
|
Return 0 if successful, or -1 with errno set upon failure. The recommended
|
||||||
|
--- lib/security.c 2024-11-11 09:10:13.044830286 +0100
|
||||||
|
+++ lib/security.c 2024-11-11 09:51:16.688162468 +0100
|
||||||
|
@@ -138,7 +138,8 @@
|
||||||
|
gripe_set_euid ();
|
||||||
|
uid = ruid;
|
||||||
|
gid = rgid;
|
||||||
|
- }
|
||||||
|
+ } else
|
||||||
|
+ idpriv_initial ();
|
||||||
|
|
||||||
|
priv_drop_count++;
|
||||||
|
#endif /* MAN_OWNER */
|
@ -1,11 +1,11 @@
|
|||||||
---
|
---
|
||||||
config.h.in | 3 ++
|
config.h.in | 3 +
|
||||||
configure.ac | 52 +++++++++++++++++++++++++++++++++++++++++
|
configure.ac | 52 +++++++++++++++++++++++++++++++++
|
||||||
src/decompress.c | 69 ++++++++++++++++++++++++++++++++++++++++++++++++++++++-
|
src/decompress.c | 86 +++++++++++++++++++++++++++++++++++++++++++++++++++++--
|
||||||
3 files changed, 123 insertions(+), 1 deletion(-)
|
3 files changed, 138 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
--- config.h.in
|
--- config.h.in
|
||||||
+++ config.h.in 2024-10-18 12:05:43.927063826 +0000
|
+++ config.h.in 2024-11-11 10:43:01.369880933 +0000
|
||||||
@@ -1148,6 +1148,9 @@
|
@@ -1148,6 +1148,9 @@
|
||||||
/* Define to 1 if you have the `z' library (-lz). */
|
/* Define to 1 if you have the `z' library (-lz). */
|
||||||
#undef HAVE_LIBZ
|
#undef HAVE_LIBZ
|
||||||
@ -17,7 +17,7 @@
|
|||||||
#undef HAVE_LIB_BCRYPT
|
#undef HAVE_LIB_BCRYPT
|
||||||
|
|
||||||
--- configure.ac
|
--- configure.ac
|
||||||
+++ configure.ac 2024-10-18 12:05:43.927063826 +0000
|
+++ configure.ac 2024-11-11 10:43:01.369880933 +0000
|
||||||
@@ -35,6 +35,18 @@ MAN_ARG_DEVICE
|
@@ -35,6 +35,18 @@ MAN_ARG_DEVICE
|
||||||
MAN_ARG_DB
|
MAN_ARG_DB
|
||||||
MAN_ARG_CONFIG_FILE
|
MAN_ARG_CONFIG_FILE
|
||||||
@ -85,7 +85,7 @@
|
|||||||
|
|
||||||
# Check for various header files and associated libraries.
|
# Check for various header files and associated libraries.
|
||||||
--- src/decompress.c
|
--- src/decompress.c
|
||||||
+++ src/decompress.c 2024-10-18 12:11:37.516631374 +0000
|
+++ src/decompress.c 2024-11-11 10:44:24.036386441 +0000
|
||||||
@@ -40,12 +40,17 @@
|
@@ -40,12 +40,17 @@
|
||||||
|
|
||||||
#include "pipeline.h"
|
#include "pipeline.h"
|
||||||
@ -104,12 +104,68 @@
|
|||||||
#include "manconfig.h"
|
#include "manconfig.h"
|
||||||
|
|
||||||
#include "compression.h"
|
#include "compression.h"
|
||||||
@@ -189,6 +194,32 @@ static decompress *decompress_try_zlib (
|
@@ -146,7 +151,11 @@ static void decompress_zlib (void *data
|
||||||
|
|
||||||
|
static decompress *decompress_try_zlib (const char *filename)
|
||||||
|
{
|
||||||
|
+#ifdef HAVE_ZIO
|
||||||
|
+ FILE *file;
|
||||||
|
+#else
|
||||||
|
gzFile zlibfile;
|
||||||
|
+#endif
|
||||||
|
/* We only ever call this from the parent process (and don't
|
||||||
|
* currently use threads), and this lets us skip per-file memory
|
||||||
|
* allocation.
|
||||||
|
@@ -154,18 +163,32 @@ static decompress *decompress_try_zlib (
|
||||||
|
static char buffer[MAX_INPROCESS];
|
||||||
|
int len = 0;
|
||||||
|
|
||||||
|
+#ifdef HAVE_ZIO
|
||||||
|
+ file = fzopen(filename, "r");
|
||||||
|
+ if (!file)
|
||||||
|
+ return NULL;
|
||||||
|
+#else
|
||||||
|
zlibfile = gzopen (filename, "r");
|
||||||
|
if (!zlibfile)
|
||||||
|
return NULL;
|
||||||
|
+#endif
|
||||||
|
|
||||||
|
while (len < MAX_INPROCESS) {
|
||||||
|
/* Read one more byte than we're prepared to return, in
|
||||||
|
* order to detect EOF at the right position. The "len >=
|
||||||
|
* MAX_INPROCESS" check below catches the boundary case.
|
||||||
|
*/
|
||||||
|
+#ifdef HAVE_ZIO
|
||||||
|
+ int r = fread(buffer + len, sizeof(char), MAX_INPROCESS - len, file);
|
||||||
|
+#else
|
||||||
|
int r = gzread (zlibfile, buffer + len, MAX_INPROCESS - len);
|
||||||
|
+#endif
|
||||||
|
if (r < 0) {
|
||||||
|
+#ifdef HAVE_ZIO
|
||||||
|
+ fclose(file);
|
||||||
|
+#else
|
||||||
|
gzclose (zlibfile);
|
||||||
|
+#endif
|
||||||
|
return NULL;
|
||||||
|
} else if (r == 0)
|
||||||
|
break;
|
||||||
|
@@ -173,7 +196,11 @@ static decompress *decompress_try_zlib (
|
||||||
|
len += r;
|
||||||
|
}
|
||||||
|
|
||||||
|
+#ifdef HAVE_ZIO
|
||||||
|
+ fclose(file);
|
||||||
|
+#else
|
||||||
|
gzclose (zlibfile);
|
||||||
|
+#endif
|
||||||
|
if (len >= MAX_INPROCESS)
|
||||||
|
return NULL;
|
||||||
|
/* Copy input data so that we don't have potential data corruption
|
||||||
|
@@ -189,33 +216,86 @@ static decompress *decompress_try_zlib (
|
||||||
# define OPEN_FLAGS_UNUSED MAYBE_UNUSED
|
# define OPEN_FLAGS_UNUSED MAYBE_UNUSED
|
||||||
#endif /* HAVE_LIBZ */
|
#endif /* HAVE_LIBZ */
|
||||||
|
|
||||||
+#ifdef HAVE_ZIO
|
+#ifdef HAVE_ZIO
|
||||||
+
|
|
||||||
+static void decompress_zio (void *data)
|
+static void decompress_zio (void *data)
|
||||||
+{
|
+{
|
||||||
+ const char *what = (const char*)data;
|
+ const char *what = (const char*)data;
|
||||||
@ -131,64 +187,70 @@
|
|||||||
+ fclose(file);
|
+ fclose(file);
|
||||||
+ return;
|
+ return;
|
||||||
+}
|
+}
|
||||||
+
|
|
||||||
+#endif /* HAVE_ZIO */
|
+#endif /* HAVE_ZIO */
|
||||||
+
|
+
|
||||||
decompress *decompress_open (const char *filename, int flags OPEN_FLAGS_UNUSED)
|
decompress *decompress_open (const char *filename, int flags OPEN_FLAGS_UNUSED)
|
||||||
{
|
{
|
||||||
pipecmd *cmd;
|
pipecmd *cmd;
|
||||||
@@ -203,6 +234,38 @@ decompress *decompress_open (const char
|
pipeline *p;
|
||||||
|
struct stat st;
|
||||||
|
#ifdef HAVE_LIBZ
|
||||||
|
+# ifdef HAVE_ZIO
|
||||||
|
+ char *ext;
|
||||||
|
+# else
|
||||||
|
size_t filename_len;
|
||||||
|
+# endif
|
||||||
|
#endif /* HAVE_LIBZ */
|
||||||
|
- char *ext;
|
||||||
|
struct compression *comp;
|
||||||
|
|
||||||
if (stat (filename, &st) < 0 || S_ISDIR (st.st_mode))
|
if (stat (filename, &st) < 0 || S_ISDIR (st.st_mode))
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
||||||
+#ifdef HAVE_ZIO
|
#ifdef HAVE_LIBZ
|
||||||
|
+# ifdef HAVE_ZIO
|
||||||
+ ext = strrchr (filename, '.');
|
+ ext = strrchr (filename, '.');
|
||||||
+ if (ext) {
|
+ if (ext && (
|
||||||
+ const char *opt;
|
+ STREQ (ext, ".gz") ||
|
||||||
|
+ STREQ (ext, ".z") ||
|
||||||
|
+ STREQ (ext, ".bz2") ||
|
||||||
|
+ STREQ (ext, ".xz") ||
|
||||||
|
+ STREQ (ext, ".lzma") ||
|
||||||
|
+ STREQ (ext, ".Z")
|
||||||
|
+ )) {
|
||||||
|
+# else
|
||||||
|
filename_len = strlen (filename);
|
||||||
|
if (filename_len > 3 && STREQ (filename + filename_len - 3, ".gz")) {
|
||||||
|
+# endif
|
||||||
|
if (flags & DECOMPRESS_ALLOW_INPROCESS) {
|
||||||
|
decompress *d = decompress_try_zlib (filename);
|
||||||
|
if (d)
|
||||||
|
return d;
|
||||||
|
}
|
||||||
|
-
|
||||||
|
+# ifdef HAVE_ZIO
|
||||||
|
+ static char opt[2] = {'\0','\0'};
|
||||||
+ char *name = NULL;
|
+ char *name = NULL;
|
||||||
+
|
+
|
||||||
+ if (STREQ (ext, ".gz"))
|
+ opt[0] = ext[1];
|
||||||
+ opt = "g";
|
|
||||||
+ else if (STREQ (ext, ".z"))
|
|
||||||
+ opt = "z";
|
|
||||||
+ else if (STREQ (ext, ".bz2"))
|
|
||||||
+ opt = "b";
|
|
||||||
+ else if (STREQ (ext, ".xz"))
|
|
||||||
+ opt = "x";
|
|
||||||
+ else if (STREQ (ext, ".lzma"))
|
|
||||||
+ opt = "l";
|
|
||||||
+ else if (STREQ (ext, ".Z"))
|
|
||||||
+ opt = "Z";
|
|
||||||
+ else
|
|
||||||
+ goto nozio;
|
|
||||||
+
|
+
|
||||||
+ /* informational only; no shell quoting concerns */
|
+ /* informational only; no shell quoting concerns */
|
||||||
+ name = appendstr (NULL, "libzio < ", filename, (void *) 0);
|
+ name = appendstr (NULL, "libzio < ", filename, (void *) 0);
|
||||||
+ cmd = pipecmd_new_function (name, &decompress_zio, NULL,
|
+ cmd = pipecmd_new_function (name, &decompress_zio, NULL,
|
||||||
+ (void *)opt);
|
+ (void *)opt);
|
||||||
+ pipecmd_pre_exec (cmd, sandbox_load, sandbox_free, sandbox);
|
+# else
|
||||||
+ p = pipeline_new_commands (cmd, (void *) 0);
|
cmd = pipecmd_new_function ("zcat", &decompress_zlib, NULL,
|
||||||
+ free (name);
|
NULL);
|
||||||
+ goto got_pipeline;
|
+# endif
|
||||||
+ }
|
pipecmd_pre_exec (cmd, sandbox_load, sandbox_free, sandbox);
|
||||||
+#endif /* HAVE_ZIO */
|
p = pipeline_new_commands (cmd, nullptr);
|
||||||
+
|
+# ifdef HAVE_ZIO
|
||||||
#ifdef HAVE_LIBZ
|
+ free (name);
|
||||||
filename_len = strlen (filename);
|
+# endif
|
||||||
if (filename_len > 3 && STREQ (filename + filename_len - 3, ".gz")) {
|
goto got_pipeline;
|
||||||
@@ -220,7 +283,11 @@ decompress *decompress_open (const char
|
|
||||||
}
|
}
|
||||||
#endif /* HAVE_LIBZ */
|
#endif /* HAVE_LIBZ */
|
||||||
|
@@ -313,7 +393,7 @@ void decompress_inprocess_replace (decom
|
||||||
+#ifdef HAVE_ZIO
|
|
||||||
+nozio:
|
|
||||||
+#else
|
|
||||||
ext = strrchr (filename, '.');
|
|
||||||
+#endif /* HAVE_LIBZ */
|
|
||||||
if (ext) {
|
|
||||||
++ext;
|
|
||||||
|
|
||||||
@@ -313,7 +380,7 @@ void decompress_inprocess_replace (decom
|
|
||||||
|
|
||||||
void decompress_start (decompress *d)
|
void decompress_start (decompress *d)
|
||||||
{
|
{
|
||||||
|
@ -63,7 +63,7 @@ diff --git a/lib/security.c b/lib/security.c
|
|||||||
#endif /* MAN_OWNER */
|
#endif /* MAN_OWNER */
|
||||||
|
|
||||||
void init_security (void)
|
void init_security (void)
|
||||||
@@ -165,6 +170,31 @@ void regain_effective_privs (void)
|
@@ -166,6 +171,31 @@ void regain_effective_privs (void)
|
||||||
uid = euid;
|
uid = euid;
|
||||||
gid = egid;
|
gid = egid;
|
||||||
}
|
}
|
||||||
|
@ -1,3 +1,11 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Nov 11 10:37:45 UTC 2024 - Dr. Werner Fink <werner@suse.de>
|
||||||
|
|
||||||
|
- Readd patch man-db-2.7.1-zio.dif
|
||||||
|
* Use also in-memory decompression
|
||||||
|
- Add patch man-db-2.13.0-no_abort.patch
|
||||||
|
* Avoid abort of mandb due switching to user man if executed by root
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Nov 8 13:58:23 UTC 2024 - Fabian Vogt <fvogt@suse.com>
|
Fri Nov 8 13:58:23 UTC 2024 - Fabian Vogt <fvogt@suse.com>
|
||||||
|
|
||||||
|
9
man.spec
9
man.spec
@ -43,6 +43,10 @@ Source7: man-db-create.service
|
|||||||
Source8: manpath.csh
|
Source8: manpath.csh
|
||||||
Source9: manpath.sh
|
Source9: manpath.sh
|
||||||
Patch0: man-db-2.3.19deb4.0-groff.dif
|
Patch0: man-db-2.3.19deb4.0-groff.dif
|
||||||
|
# PATCH-FIX-SUSE Fix a crash if mandb is directly executed by root
|
||||||
|
Patch3: man-db-2.13.0-no_abort.patch
|
||||||
|
# PATCH-FEATURE-OPENSUSE man-db-2.7.1-zio.dif -- Allow using libzio for decompression
|
||||||
|
Patch4: man-db-2.7.1-zio.dif
|
||||||
# PATCH-FEATURE-OPENSUSE man-db-2.6.3-listall.dif -- If multiple matching pages are found show a list bnc#786679
|
# PATCH-FEATURE-OPENSUSE man-db-2.6.3-listall.dif -- If multiple matching pages are found show a list bnc#786679
|
||||||
Patch5: man-db-2.6.3-listall.dif
|
Patch5: man-db-2.6.3-listall.dif
|
||||||
# PATCH-FIX-SUSE Fixes build-compare bnc#971922
|
# PATCH-FIX-SUSE Fixes build-compare bnc#971922
|
||||||
@ -92,6 +96,8 @@ printer (using groff).
|
|||||||
%prep
|
%prep
|
||||||
%setup -q -n man-db-%{version}
|
%setup -q -n man-db-%{version}
|
||||||
%patch -P 0 -b .groff
|
%patch -P 0 -b .groff
|
||||||
|
%patch -P3 -b .seteuid
|
||||||
|
%patch -P4 -b .zio
|
||||||
%patch -P5 -b .listall
|
%patch -P5 -b .listall
|
||||||
%patch -P6 -p1 -b .p6
|
%patch -P6 -p1 -b .p6
|
||||||
%patch -P7 -p1 -b .p7
|
%patch -P7 -p1 -b .p7
|
||||||
@ -157,6 +163,7 @@ find -name 'Makefile.*' | xargs \
|
|||||||
%endif
|
%endif
|
||||||
--enable-cache-owner=man \
|
--enable-cache-owner=man \
|
||||||
--with-device=utf8 \
|
--with-device=utf8 \
|
||||||
|
--with-zio \
|
||||||
--with-gnu-ld \
|
--with-gnu-ld \
|
||||||
--disable-rpath \
|
--disable-rpath \
|
||||||
--disable-automatic-create \
|
--disable-automatic-create \
|
||||||
@ -355,7 +362,9 @@ then
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
%post
|
%post
|
||||||
|
%if 0%{?suse_version} < 1500
|
||||||
%{fillup_only -an cron}
|
%{fillup_only -an cron}
|
||||||
|
%endif
|
||||||
/sbin/ldconfig
|
/sbin/ldconfig
|
||||||
%if %{with sdtimer}
|
%if %{with sdtimer}
|
||||||
%service_add_post man-db-create.service
|
%service_add_post man-db-create.service
|
||||||
|
Loading…
Reference in New Issue
Block a user