.

OBS-URL: https://build.opensuse.org/package/show/Base:System/man?expand=0&rev=158

man-db-2.13.0-no_abort.patch

@@ -0,0 +1,60 @@
+Avoid abort() in regain_effective_privs() if mandb is called by root
+that is always initialize saved_uid and saved_gid!
+
+--- gl/lib/idpriv-droptemp.c	2024-08-29 13:17:12.000000000 +0200
++++ gl/lib/idpriv-droptemp.c	2024-11-11 09:55:45.539212073 +0100
+@@ -31,19 +31,24 @@
+ static gid_t saved_gid = -1;
+ #endif
+ 
+-int
+-idpriv_temp_drop (void)
++void
++idpriv_initial (void)
+ {
+-#if HAVE_GETEUID && HAVE_GETEGID && (HAVE_SETRESUID || HAVE_SETREUID) && (HAVE_SETRESGID || HAVE_SETREGID)
+-  uid_t uid = getuid ();
+-  gid_t gid = getgid ();
+-
+   /* Find out about the privileged uid and gid at the first call.  */
+   if (saved_uid == -1)
+     saved_uid = geteuid ();
+   if (saved_gid == -1)
+     saved_gid = getegid ();
++}
++
++int
++idpriv_temp_drop (void)
++{
++#if HAVE_GETEUID && HAVE_GETEGID && (HAVE_SETRESUID || HAVE_SETREUID) && (HAVE_SETRESGID || HAVE_SETREGID)
++  uid_t uid = getuid ();
++  gid_t gid = getgid ();
+ 
++  idpriv_initial ();
+   /* Drop the gid privilege first, because in some cases the gid privilege
+      cannot be dropped after the uid privilege has been dropped.  */
+ 
+--- gl/lib/idpriv.h	2024-08-29 13:17:12.000000000 +0200
++++ gl/lib/idpriv.h	2024-11-11 09:50:35.047999910 +0100
+@@ -95,6 +95,9 @@
+ 
+ /* For approach 3.  */
+ 
++/* Initialize internal variable saved_uid as well as saved_gid */
++extern void idpriv_initial (void);
++
+ /* Drop the uid and gid privileges of the current process in a way that allows
+    them to be restored later.
+    Return 0 if successful, or -1 with errno set upon failure. The recommended
+--- lib/security.c	2024-11-11 09:10:13.044830286 +0100
++++ lib/security.c	2024-11-11 09:51:16.688162468 +0100
+@@ -138,7 +138,8 @@
+ 			gripe_set_euid ();
+ 		uid = ruid;
+ 		gid = rgid;
+-	}
++	} else
++		idpriv_initial ();
+ 
+ 	priv_drop_count++;
+ #endif /* MAN_OWNER */

man-db-2.7.1-zio.dif

@@ -1,11 +1,11 @@
 ---
- config.h.in      |    3 ++
+ config.h.in      |    3 +
- configure.ac     |   52 +++++++++++++++++++++++++++++++++++++++++
+ configure.ac     |   52 +++++++++++++++++++++++++++++++++
- src/decompress.c |   69 ++++++++++++++++++++++++++++++++++++++++++++++++++++++-
+ src/decompress.c |   86 +++++++++++++++++++++++++++++++++++++++++++++++++++++--
- 3 files changed, 123 insertions(+), 1 deletion(-)
+ 3 files changed, 138 insertions(+), 3 deletions(-)
 
 --- config.h.in
-+++ config.h.in	2024-10-18 12:05:43.927063826 +0000
++++ config.h.in	2024-11-11 10:43:01.369880933 +0000
 @@ -1148,6 +1148,9 @@
  /* Define to 1 if you have the `z' library (-lz). */
  #undef HAVE_LIBZ
@@ -17,7 +17,7 @@
  #undef HAVE_LIB_BCRYPT
  
 --- configure.ac
-+++ configure.ac	2024-10-18 12:05:43.927063826 +0000
++++ configure.ac	2024-11-11 10:43:01.369880933 +0000
 @@ -35,6 +35,18 @@ MAN_ARG_DEVICE
  MAN_ARG_DB
  MAN_ARG_CONFIG_FILE
@@ -85,7 +85,7 @@
  
  # Check for various header files and associated libraries.
 --- src/decompress.c
-+++ src/decompress.c	2024-10-18 12:11:37.516631374 +0000
++++ src/decompress.c	2024-11-11 10:44:24.036386441 +0000
 @@ -40,12 +40,17 @@
  
  #include "pipeline.h"
@@ -104,21 +104,77 @@
  #include "manconfig.h"
  
  #include "compression.h"
-@@ -189,6 +194,32 @@ static decompress *decompress_try_zlib (
+@@ -146,7 +151,11 @@ static void decompress_zlib (void *data
+ 
+ static decompress *decompress_try_zlib (const char *filename)
+ {
++#ifdef HAVE_ZIO
++	FILE *file;
++#else
+ 	gzFile zlibfile;
++#endif
+ 	/* We only ever call this from the parent process (and don't
+ 	 * currently use threads), and this lets us skip per-file memory
+ 	 * allocation.
+@@ -154,18 +163,32 @@ static decompress *decompress_try_zlib (
+ 	static char buffer[MAX_INPROCESS];
+ 	int len = 0;
+ 
++#ifdef HAVE_ZIO
++	file = fzopen(filename, "r");
++	if (!file)
++		return NULL;
++#else
+ 	zlibfile = gzopen (filename, "r");
+ 	if (!zlibfile)
+ 		return NULL;
++#endif
+ 
+ 	while (len < MAX_INPROCESS) {
+ 		/* Read one more byte than we're prepared to return, in
+ 		 * order to detect EOF at the right position.  The "len >=
+ 		 * MAX_INPROCESS" check below catches the boundary case.
+ 		 */
++#ifdef HAVE_ZIO
++		int r = fread(buffer + len, sizeof(char), MAX_INPROCESS - len, file);
++#else
+ 		int r = gzread (zlibfile, buffer + len, MAX_INPROCESS - len);
++#endif
+ 		if (r < 0) {
++#ifdef HAVE_ZIO
++			fclose(file);
++#else
+ 			gzclose (zlibfile);
++#endif
+ 			return NULL;
+ 		} else if (r == 0)
+ 			break;
+@@ -173,7 +196,11 @@ static decompress *decompress_try_zlib (
+ 			len += r;
+ 	}
+ 
++#ifdef HAVE_ZIO
++	fclose(file);
++#else
+ 	gzclose (zlibfile);
++#endif
+ 	if (len >= MAX_INPROCESS)
+ 		return NULL;
+ 	/* Copy input data so that we don't have potential data corruption
+@@ -189,33 +216,86 @@ static decompress *decompress_try_zlib (
  #  define OPEN_FLAGS_UNUSED MAYBE_UNUSED
  #endif /* HAVE_LIBZ */
  
 +#ifdef HAVE_ZIO
-+
 +static void decompress_zio (void *data)
 +{
 +	const char *what = (const char*)data;
 +	FILE *file;
-+
++ 
 +	file = fdzopen(dup (fileno (stdin)), "r", what);
 +	if (!file)
 +		return;
-+
++ 
 +	for (;;) {
 +		char buffer[4096];
 +		int r = fread(buffer, sizeof(char), sizeof(buffer), file);
@@ -127,68 +183,74 @@
 +		if (fwrite (buffer, 1, (size_t) r, stdout) < (size_t) r)
 +			break;
 +	}
-+
++ 
 +	fclose(file);
 +	return;
 +}
-+
 +#endif /* HAVE_ZIO */
 +
  decompress *decompress_open (const char *filename, int flags OPEN_FLAGS_UNUSED)
  {
  	pipecmd *cmd;
-@@ -203,6 +234,38 @@ decompress *decompress_open (const char
+ 	pipeline *p;
+ 	struct stat st;
+ #ifdef HAVE_LIBZ
++# ifdef HAVE_ZIO
++	char *ext;
++# else
+ 	size_t filename_len;
++# endif
+ #endif /* HAVE_LIBZ */
+-	char *ext;
+ 	struct compression *comp;
+ 
  	if (stat (filename, &st) < 0 || S_ISDIR (st.st_mode))
  		return NULL;
  
-+#ifdef HAVE_ZIO
+ #ifdef HAVE_LIBZ
++# ifdef HAVE_ZIO
 +	ext = strrchr (filename, '.');
-+	if (ext) {
++	if (ext && (
-+		const char *opt;
++		STREQ (ext, ".gz")      ||
++		STREQ (ext, ".z")       ||
++		STREQ (ext, ".bz2")     ||
++		STREQ (ext, ".xz")      ||
++		STREQ (ext, ".lzma")    ||
++		STREQ (ext, ".Z")
++		)) {
++# else
+ 	filename_len = strlen (filename);
+ 	if (filename_len > 3 && STREQ (filename + filename_len - 3, ".gz")) {
++# endif
+ 		if (flags & DECOMPRESS_ALLOW_INPROCESS) {
+ 			decompress *d = decompress_try_zlib (filename);
+ 			if (d)
+ 				return d;
+ 		}
+-
++# ifdef HAVE_ZIO
++		static char opt[2] = {'\0','\0'};
 +		char *name = NULL;
 +
-+		if (STREQ (ext, ".gz"))
++		opt[0] = ext[1];
-+			opt = "g";
-+		else if (STREQ (ext, ".z"))
-+			opt = "z";
-+		else if (STREQ (ext, ".bz2"))
-+			opt = "b";
-+		else if (STREQ (ext, ".xz"))
-+			opt = "x";
-+		else if (STREQ (ext, ".lzma"))
-+			opt = "l";
-+		else if (STREQ (ext, ".Z"))
-+			opt = "Z";
-+		else
-+			goto nozio;
 +
 +		/* informational only; no shell quoting concerns */
 +		name = appendstr (NULL, "libzio < ", filename, (void *) 0);
 +		cmd = pipecmd_new_function (name, &decompress_zio, NULL,
 +					    (void *)opt);
-+		pipecmd_pre_exec (cmd, sandbox_load, sandbox_free, sandbox);
++# else
-+		p = pipeline_new_commands (cmd, (void *) 0);
+ 		cmd = pipecmd_new_function ("zcat", &decompress_zlib, NULL,
-+		free (name);
+ 		                            NULL);
-+		goto got_pipeline;
++# endif
-+	}
+ 		pipecmd_pre_exec (cmd, sandbox_load, sandbox_free, sandbox);
-+#endif /* HAVE_ZIO */
+ 		p = pipeline_new_commands (cmd, nullptr);
-+
++# ifdef HAVE_ZIO
- #ifdef HAVE_LIBZ
++                free (name);
- 	filename_len = strlen (filename);
++# endif
- 	if (filename_len > 3 && STREQ (filename + filename_len - 3, ".gz")) {
+ 		goto got_pipeline;
-@@ -220,7 +283,11 @@ decompress *decompress_open (const char
  	}
  #endif /* HAVE_LIBZ */
- 
+@@ -313,7 +393,7 @@ void decompress_inprocess_replace (decom
-+#ifdef HAVE_ZIO
-+nozio:
-+#else
- 	ext = strrchr (filename, '.');
-+#endif /* HAVE_LIBZ */
- 	if (ext) {
- 		++ext;
- 
-@@ -313,7 +380,7 @@ void decompress_inprocess_replace (decom
  
  void decompress_start (decompress *d)
  {

man-db-2.9.4.patch

@@ -63,7 +63,7 @@ diff --git a/lib/security.c b/lib/security.c
  #endif /* MAN_OWNER */
  
  void init_security (void)
-@@ -165,6 +170,31 @@ void regain_effective_privs (void)
+@@ -166,6 +171,31 @@ void regain_effective_privs (void)
  		uid = euid;
  		gid = egid;
  	}

man.changes

@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Mon Nov 11 10:37:45 UTC 2024 - Dr. Werner Fink <werner@suse.de>
+
+- Readd patch man-db-2.7.1-zio.dif
+  * Use also in-memory decompression 
+- Add patch man-db-2.13.0-no_abort.patch
+  * Avoid abort of mandb due switching to user man if executed by root
+
 -------------------------------------------------------------------
 Fri Nov  8 13:58:23 UTC 2024 - Fabian Vogt <fvogt@suse.com>
 

man.spec

@@ -43,6 +43,10 @@ Source7:        man-db-create.service
 Source8:        manpath.csh
 Source9:        manpath.sh
 Patch0:         man-db-2.3.19deb4.0-groff.dif
+# PATCH-FIX-SUSE Fix a crash if mandb is directly executed by root
+Patch3:         man-db-2.13.0-no_abort.patch
+# PATCH-FEATURE-OPENSUSE man-db-2.7.1-zio.dif -- Allow using libzio for decompression
+Patch4:         man-db-2.7.1-zio.dif
 # PATCH-FEATURE-OPENSUSE man-db-2.6.3-listall.dif -- If multiple matching pages are found show a list bnc#786679
 Patch5:         man-db-2.6.3-listall.dif
 # PATCH-FIX-SUSE Fixes build-compare bnc#971922
@@ -92,6 +96,8 @@ printer (using groff).
 %prep
 %setup -q -n man-db-%{version}
 %patch -P 0 -b .groff
+%patch -P3 -b .seteuid
+%patch -P4 -b .zio
 %patch -P5 -b .listall
 %patch -P6 -p1 -b .p6
 %patch -P7 -p1 -b .p7
@@ -157,6 +163,7 @@ find -name 'Makefile.*' | xargs \
 %endif
 	--enable-cache-owner=man \
 	--with-device=utf8		\
+	--with-zio			\
 	--with-gnu-ld			\
 	--disable-rpath			\
 	--disable-automatic-create	\
@@ -355,7 +362,9 @@ then
 fi
 
 %post
+%if 0%{?suse_version} < 1500
 %{fillup_only -an cron}
+%endif
 /sbin/ldconfig
 %if %{with sdtimer}
 %service_add_post man-db-create.service