.

OBS-URL: https://build.opensuse.org/package/show/Base:System/man?expand=0&rev=158
2024-11-11 10:46:06 +00:00 · 2024-11-11 10:46:06 +00:00 · 59aabc4876
commit 59aabc4876
parent 5d8a6d1ef2
5 changed files with 192 additions and 53 deletions
--- a/man-db-2.13.0-no_abort.patch
+++ b/man-db-2.13.0-no_abort.patch
@ -0,0 +1,60 @@
+Avoid abort() in regain_effective_privs() if mandb is called by root
+that is always initialize saved_uid and saved_gid!
+
+--- gl/lib/idpriv-droptemp.c	2024-08-29 13:17:12.000000000 +0200
+++ gl/lib/idpriv-droptemp.c	2024-11-11 09:55:45.539212073 +0100
+@@ -31,19 +31,24 @@
+ static gid_t saved_gid = -1;
+ #endif
+ 
+-int
+-idpriv_temp_drop (void)
+void
+idpriv_initial (void)
+ {
+-#if HAVE_GETEUID && HAVE_GETEGID && (HAVE_SETRESUID || HAVE_SETREUID) && (HAVE_SETRESGID || HAVE_SETREGID)
+-  uid_t uid = getuid ();
+-  gid_t gid = getgid ();
+-
+   /* Find out about the privileged uid and gid at the first call.  */
+   if (saved_uid == -1)
+     saved_uid = geteuid ();
+   if (saved_gid == -1)
+     saved_gid = getegid ();
+}
+
+int
+idpriv_temp_drop (void)
+{
+#if HAVE_GETEUID && HAVE_GETEGID && (HAVE_SETRESUID || HAVE_SETREUID) && (HAVE_SETRESGID || HAVE_SETREGID)
+  uid_t uid = getuid ();
+  gid_t gid = getgid ();
+ 
+  idpriv_initial ();
+   /* Drop the gid privilege first, because in some cases the gid privilege
+      cannot be dropped after the uid privilege has been dropped.  */
+ 
+--- gl/lib/idpriv.h	2024-08-29 13:17:12.000000000 +0200
+++ gl/lib/idpriv.h	2024-11-11 09:50:35.047999910 +0100
+@@ -95,6 +95,9 @@
+ 
+ /* For approach 3.  */
+ 
+/* Initialize internal variable saved_uid as well as saved_gid */
+extern void idpriv_initial (void);
+
+ /* Drop the uid and gid privileges of the current process in a way that allows
+    them to be restored later.
+    Return 0 if successful, or -1 with errno set upon failure. The recommended
+--- lib/security.c	2024-11-11 09:10:13.044830286 +0100
+++ lib/security.c	2024-11-11 09:51:16.688162468 +0100
+@@ -138,7 +138,8 @@
+ 			gripe_set_euid ();
+ 		uid = ruid;
+ 		gid = rgid;
+-	}
+	} else
+		idpriv_initial ();
+ 
+ 	priv_drop_count++;
+ #endif /* MAN_OWNER */
--- a/man-db-2.7.1-zio.dif
+++ b/man-db-2.7.1-zio.dif
@ -1,11 +1,11 @@
 ---
- config.h.in      |    3 ++
- configure.ac     |   52 +++++++++++++++++++++++++++++++++++++++++
- src/decompress.c |   69 ++++++++++++++++++++++++++++++++++++++++++++++++++++++-
- 3 files changed, 123 insertions(+), 1 deletion(-)
+ config.h.in      |    3 +
+ configure.ac     |   52 +++++++++++++++++++++++++++++++++
+ src/decompress.c |   86 +++++++++++++++++++++++++++++++++++++++++++++++++++++--
+ 3 files changed, 138 insertions(+), 3 deletions(-)

 --- config.h.in
-+++ config.h.in	2024-10-18 12:05:43.927063826 +0000
+++ config.h.in	2024-11-11 10:43:01.369880933 +0000
@@ -1148,6 +1148,9 @@
 /* Define to 1 if you have the `z' library (-lz). */
 #undef HAVE_LIBZ
@ -17,7 +17,7 @@
 #undef HAVE_LIB_BCRYPT
 
 --- configure.ac
-+++ configure.ac	2024-10-18 12:05:43.927063826 +0000
+++ configure.ac	2024-11-11 10:43:01.369880933 +0000
@@ -35,6 +35,18 @@ MAN_ARG_DEVICE
 MAN_ARG_DB
 MAN_ARG_CONFIG_FILE
@ -85,7 +85,7 @@
 
 # Check for various header files and associated libraries.
 --- src/decompress.c
-+++ src/decompress.c	2024-10-18 12:11:37.516631374 +0000
+++ src/decompress.c	2024-11-11 10:44:24.036386441 +0000
@@ -40,12 +40,17 @@
 
 #include "pipeline.h"
@ -104,12 +104,68 @@
 #include "manconfig.h"
 
 #include "compression.h"
-@@ -189,6 +194,32 @@ static decompress *decompress_try_zlib (
+@@ -146,7 +151,11 @@ static void decompress_zlib (void *data
+ 
+ static decompress *decompress_try_zlib (const char *filename)
+ {
+#ifdef HAVE_ZIO
+	FILE *file;
+#else
+ 	gzFile zlibfile;
+#endif
+ 	/* We only ever call this from the parent process (and don't
+ 	 * currently use threads), and this lets us skip per-file memory
+ 	 * allocation.
+@@ -154,18 +163,32 @@ static decompress *decompress_try_zlib (
+ 	static char buffer[MAX_INPROCESS];
+ 	int len = 0;
+ 
+#ifdef HAVE_ZIO
+	file = fzopen(filename, "r");
+	if (!file)
+		return NULL;
+#else
+ 	zlibfile = gzopen (filename, "r");
+ 	if (!zlibfile)
+ 		return NULL;
+#endif
+ 
+ 	while (len < MAX_INPROCESS) {
+ 		/* Read one more byte than we're prepared to return, in
+ 		 * order to detect EOF at the right position.  The "len >=
+ 		 * MAX_INPROCESS" check below catches the boundary case.
+ 		 */
+#ifdef HAVE_ZIO
+		int r = fread(buffer + len, sizeof(char), MAX_INPROCESS - len, file);
+#else
+ 		int r = gzread (zlibfile, buffer + len, MAX_INPROCESS - len);
+#endif
+ 		if (r < 0) {
+#ifdef HAVE_ZIO
+			fclose(file);
+#else
+ 			gzclose (zlibfile);
+#endif
+ 			return NULL;
+ 		} else if (r == 0)
+ 			break;
+@@ -173,7 +196,11 @@ static decompress *decompress_try_zlib (
+ 			len += r;
+ 	}
+ 
+#ifdef HAVE_ZIO
+	fclose(file);
+#else
+ 	gzclose (zlibfile);
+#endif
+ 	if (len >= MAX_INPROCESS)
+ 		return NULL;
+ 	/* Copy input data so that we don't have potential data corruption
+@@ -189,33 +216,86 @@ static decompress *decompress_try_zlib (
 #  define OPEN_FLAGS_UNUSED MAYBE_UNUSED
 #endif /* HAVE_LIBZ */
 
 +#ifdef HAVE_ZIO
-+
 +static void decompress_zio (void *data)
 +{
 +	const char *what = (const char*)data;
@ -131,64 +187,70 @@
 +	fclose(file);
 +	return;
 +}
-+
 +#endif /* HAVE_ZIO */
 +
 decompress *decompress_open (const char *filename, int flags OPEN_FLAGS_UNUSED)
 {
 	pipecmd *cmd;
-@@ -203,6 +234,38 @@ decompress *decompress_open (const char
+ 	pipeline *p;
+ 	struct stat st;
+ #ifdef HAVE_LIBZ
+# ifdef HAVE_ZIO
+	char *ext;
+# else
+ 	size_t filename_len;
+# endif
+ #endif /* HAVE_LIBZ */
+-	char *ext;
+ 	struct compression *comp;
+ 
 	if (stat (filename, &st) < 0 || S_ISDIR (st.st_mode))
 		return NULL;
 
+ #ifdef HAVE_LIBZ
 +# ifdef HAVE_ZIO
 +	ext = strrchr (filename, '.');
-+	if (ext) {
-+		const char *opt;
+	if (ext && (
+		STREQ (ext, ".gz")      ||
+		STREQ (ext, ".z")       ||
+		STREQ (ext, ".bz2")     ||
+		STREQ (ext, ".xz")      ||
+		STREQ (ext, ".lzma")    ||
+		STREQ (ext, ".Z")
+		)) {
+# else
+ 	filename_len = strlen (filename);
+ 	if (filename_len > 3 && STREQ (filename + filename_len - 3, ".gz")) {
+# endif
+ 		if (flags & DECOMPRESS_ALLOW_INPROCESS) {
+ 			decompress *d = decompress_try_zlib (filename);
+ 			if (d)
+ 				return d;
+ 		}
+-
+# ifdef HAVE_ZIO
+		static char opt[2] = {'\0','\0'};
 +		char *name = NULL;
 +
-+		if (STREQ (ext, ".gz"))
-+			opt = "g";
-+		else if (STREQ (ext, ".z"))
-+			opt = "z";
-+		else if (STREQ (ext, ".bz2"))
-+			opt = "b";
-+		else if (STREQ (ext, ".xz"))
-+			opt = "x";
-+		else if (STREQ (ext, ".lzma"))
-+			opt = "l";
-+		else if (STREQ (ext, ".Z"))
-+			opt = "Z";
-+		else
-+			goto nozio;
+		opt[0] = ext[1];
 +
 +		/* informational only; no shell quoting concerns */
 +		name = appendstr (NULL, "libzio < ", filename, (void *) 0);
 +		cmd = pipecmd_new_function (name, &decompress_zio, NULL,
 +					    (void *)opt);
-+		pipecmd_pre_exec (cmd, sandbox_load, sandbox_free, sandbox);
-+		p = pipeline_new_commands (cmd, (void *) 0);
+# else
+ 		cmd = pipecmd_new_function ("zcat", &decompress_zlib, NULL,
+ 		                            NULL);
+# endif
+ 		pipecmd_pre_exec (cmd, sandbox_load, sandbox_free, sandbox);
+ 		p = pipeline_new_commands (cmd, nullptr);
+# ifdef HAVE_ZIO
 +                free (name);
-+		goto got_pipeline;
-+	}
-+#endif /* HAVE_ZIO */
-+
- #ifdef HAVE_LIBZ
- 	filename_len = strlen (filename);
- 	if (filename_len > 3 && STREQ (filename + filename_len - 3, ".gz")) {
-@@ -220,7 +283,11 @@ decompress *decompress_open (const char
+# endif
+ 		goto got_pipeline;
 	}
 #endif /* HAVE_LIBZ */
- 
-+#ifdef HAVE_ZIO
-+nozio:
-+#else
- 	ext = strrchr (filename, '.');
-+#endif /* HAVE_LIBZ */
- 	if (ext) {
- 		++ext;
- 
-@@ -313,7 +380,7 @@ void decompress_inprocess_replace (decom
+@@ -313,7 +393,7 @@ void decompress_inprocess_replace (decom
 
 void decompress_start (decompress *d)
 {
--- a/man-db-2.9.4.patch
+++ b/man-db-2.9.4.patch
@ -63,7 +63,7 @@ diff --git a/lib/security.c b/lib/security.c
 #endif /* MAN_OWNER */
 
 void init_security (void)
-@@ -165,6 +170,31 @@ void regain_effective_privs (void)
+@@ -166,6 +171,31 @@ void regain_effective_privs (void)
 		uid = euid;
 		gid = egid;
 	}
--- a/man.changes
+++ b/man.changes
@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Mon Nov 11 10:37:45 UTC 2024 - Dr. Werner Fink <werner@suse.de>
+
+- Readd patch man-db-2.7.1-zio.dif
+  * Use also in-memory decompression 
+- Add patch man-db-2.13.0-no_abort.patch
+  * Avoid abort of mandb due switching to user man if executed by root
+
 -------------------------------------------------------------------
 Fri Nov  8 13:58:23 UTC 2024 - Fabian Vogt <fvogt@suse.com>

--- a/man.spec
+++ b/man.spec
@ -43,6 +43,10 @@ Source7:        man-db-create.service
 Source8:        manpath.csh
 Source9:        manpath.sh
 Patch0:         man-db-2.3.19deb4.0-groff.dif
+# PATCH-FIX-SUSE Fix a crash if mandb is directly executed by root
+Patch3:         man-db-2.13.0-no_abort.patch
+# PATCH-FEATURE-OPENSUSE man-db-2.7.1-zio.dif -- Allow using libzio for decompression
+Patch4:         man-db-2.7.1-zio.dif
 # PATCH-FEATURE-OPENSUSE man-db-2.6.3-listall.dif -- If multiple matching pages are found show a list bnc#786679
 Patch5:         man-db-2.6.3-listall.dif
 # PATCH-FIX-SUSE Fixes build-compare bnc#971922
@ -92,6 +96,8 @@ printer (using groff).
 %prep
 %setup -q -n man-db-%{version}
 %patch -P 0 -b .groff
+%patch -P3 -b .seteuid
+%patch -P4 -b .zio
 %patch -P5 -b .listall
 %patch -P6 -p1 -b .p6
 %patch -P7 -p1 -b .p7
@ -157,6 +163,7 @@ find -name 'Makefile.*' | xargs \
 %endif
 	--enable-cache-owner=man \
 	--with-device=utf8		\
+	--with-zio			\
 	--with-gnu-ld			\
 	--disable-rpath			\
 	--disable-automatic-create	\
@ -355,7 +362,9 @@ then
 fi

 %post
+%if 0%{?suse_version} < 1500
 %{fillup_only -an cron}
+%endif
 /sbin/ldconfig
 %if %{with sdtimer}
 %service_add_post man-db-create.service