diff --git a/man-db-2.13.0-no_abort.patch b/man-db-2.13.0-no_abort.patch new file mode 100644 index 0000000..8750cd6 --- /dev/null +++ b/man-db-2.13.0-no_abort.patch @@ -0,0 +1,60 @@ +Avoid abort() in regain_effective_privs() if mandb is called by root +that is always initialize saved_uid and saved_gid! + +--- gl/lib/idpriv-droptemp.c 2024-08-29 13:17:12.000000000 +0200 ++++ gl/lib/idpriv-droptemp.c 2024-11-11 09:55:45.539212073 +0100 +@@ -31,19 +31,24 @@ + static gid_t saved_gid = -1; + #endif + +-int +-idpriv_temp_drop (void) ++void ++idpriv_initial (void) + { +-#if HAVE_GETEUID && HAVE_GETEGID && (HAVE_SETRESUID || HAVE_SETREUID) && (HAVE_SETRESGID || HAVE_SETREGID) +- uid_t uid = getuid (); +- gid_t gid = getgid (); +- + /* Find out about the privileged uid and gid at the first call. */ + if (saved_uid == -1) + saved_uid = geteuid (); + if (saved_gid == -1) + saved_gid = getegid (); ++} ++ ++int ++idpriv_temp_drop (void) ++{ ++#if HAVE_GETEUID && HAVE_GETEGID && (HAVE_SETRESUID || HAVE_SETREUID) && (HAVE_SETRESGID || HAVE_SETREGID) ++ uid_t uid = getuid (); ++ gid_t gid = getgid (); + ++ idpriv_initial (); + /* Drop the gid privilege first, because in some cases the gid privilege + cannot be dropped after the uid privilege has been dropped. */ + +--- gl/lib/idpriv.h 2024-08-29 13:17:12.000000000 +0200 ++++ gl/lib/idpriv.h 2024-11-11 09:50:35.047999910 +0100 +@@ -95,6 +95,9 @@ + + /* For approach 3. */ + ++/* Initialize internal variable saved_uid as well as saved_gid */ ++extern void idpriv_initial (void); ++ + /* Drop the uid and gid privileges of the current process in a way that allows + them to be restored later. + Return 0 if successful, or -1 with errno set upon failure. The recommended +--- lib/security.c 2024-11-11 09:10:13.044830286 +0100 ++++ lib/security.c 2024-11-11 09:51:16.688162468 +0100 +@@ -138,7 +138,8 @@ + gripe_set_euid (); + uid = ruid; + gid = rgid; +- } ++ } else ++ idpriv_initial (); + + priv_drop_count++; + #endif /* MAN_OWNER */ diff --git a/man-db-2.7.1-zio.dif b/man-db-2.7.1-zio.dif index 57e6754..7007f82 100644 --- a/man-db-2.7.1-zio.dif +++ b/man-db-2.7.1-zio.dif @@ -1,11 +1,11 @@ --- - config.h.in | 3 ++ - configure.ac | 52 +++++++++++++++++++++++++++++++++++++++++ - src/decompress.c | 69 ++++++++++++++++++++++++++++++++++++++++++++++++++++++- - 3 files changed, 123 insertions(+), 1 deletion(-) + config.h.in | 3 + + configure.ac | 52 +++++++++++++++++++++++++++++++++ + src/decompress.c | 86 +++++++++++++++++++++++++++++++++++++++++++++++++++++-- + 3 files changed, 138 insertions(+), 3 deletions(-) --- config.h.in -+++ config.h.in 2024-10-18 12:05:43.927063826 +0000 ++++ config.h.in 2024-11-11 10:43:01.369880933 +0000 @@ -1148,6 +1148,9 @@ /* Define to 1 if you have the `z' library (-lz). */ #undef HAVE_LIBZ @@ -17,7 +17,7 @@ #undef HAVE_LIB_BCRYPT --- configure.ac -+++ configure.ac 2024-10-18 12:05:43.927063826 +0000 ++++ configure.ac 2024-11-11 10:43:01.369880933 +0000 @@ -35,6 +35,18 @@ MAN_ARG_DEVICE MAN_ARG_DB MAN_ARG_CONFIG_FILE @@ -85,7 +85,7 @@ # Check for various header files and associated libraries. --- src/decompress.c -+++ src/decompress.c 2024-10-18 12:11:37.516631374 +0000 ++++ src/decompress.c 2024-11-11 10:44:24.036386441 +0000 @@ -40,12 +40,17 @@ #include "pipeline.h" @@ -104,21 +104,77 @@ #include "manconfig.h" #include "compression.h" -@@ -189,6 +194,32 @@ static decompress *decompress_try_zlib ( +@@ -146,7 +151,11 @@ static void decompress_zlib (void *data + + static decompress *decompress_try_zlib (const char *filename) + { ++#ifdef HAVE_ZIO ++ FILE *file; ++#else + gzFile zlibfile; ++#endif + /* We only ever call this from the parent process (and don't + * currently use threads), and this lets us skip per-file memory + * allocation. +@@ -154,18 +163,32 @@ static decompress *decompress_try_zlib ( + static char buffer[MAX_INPROCESS]; + int len = 0; + ++#ifdef HAVE_ZIO ++ file = fzopen(filename, "r"); ++ if (!file) ++ return NULL; ++#else + zlibfile = gzopen (filename, "r"); + if (!zlibfile) + return NULL; ++#endif + + while (len < MAX_INPROCESS) { + /* Read one more byte than we're prepared to return, in + * order to detect EOF at the right position. The "len >= + * MAX_INPROCESS" check below catches the boundary case. + */ ++#ifdef HAVE_ZIO ++ int r = fread(buffer + len, sizeof(char), MAX_INPROCESS - len, file); ++#else + int r = gzread (zlibfile, buffer + len, MAX_INPROCESS - len); ++#endif + if (r < 0) { ++#ifdef HAVE_ZIO ++ fclose(file); ++#else + gzclose (zlibfile); ++#endif + return NULL; + } else if (r == 0) + break; +@@ -173,7 +196,11 @@ static decompress *decompress_try_zlib ( + len += r; + } + ++#ifdef HAVE_ZIO ++ fclose(file); ++#else + gzclose (zlibfile); ++#endif + if (len >= MAX_INPROCESS) + return NULL; + /* Copy input data so that we don't have potential data corruption +@@ -189,33 +216,86 @@ static decompress *decompress_try_zlib ( # define OPEN_FLAGS_UNUSED MAYBE_UNUSED #endif /* HAVE_LIBZ */ +#ifdef HAVE_ZIO -+ +static void decompress_zio (void *data) +{ + const char *what = (const char*)data; + FILE *file; -+ ++ + file = fdzopen(dup (fileno (stdin)), "r", what); + if (!file) + return; -+ ++ + for (;;) { + char buffer[4096]; + int r = fread(buffer, sizeof(char), sizeof(buffer), file); @@ -127,68 +183,74 @@ + if (fwrite (buffer, 1, (size_t) r, stdout) < (size_t) r) + break; + } -+ ++ + fclose(file); + return; +} -+ +#endif /* HAVE_ZIO */ + decompress *decompress_open (const char *filename, int flags OPEN_FLAGS_UNUSED) { pipecmd *cmd; -@@ -203,6 +234,38 @@ decompress *decompress_open (const char + pipeline *p; + struct stat st; + #ifdef HAVE_LIBZ ++# ifdef HAVE_ZIO ++ char *ext; ++# else + size_t filename_len; ++# endif + #endif /* HAVE_LIBZ */ +- char *ext; + struct compression *comp; + if (stat (filename, &st) < 0 || S_ISDIR (st.st_mode)) return NULL; -+#ifdef HAVE_ZIO + #ifdef HAVE_LIBZ ++# ifdef HAVE_ZIO + ext = strrchr (filename, '.'); -+ if (ext) { -+ const char *opt; ++ if (ext && ( ++ STREQ (ext, ".gz") || ++ STREQ (ext, ".z") || ++ STREQ (ext, ".bz2") || ++ STREQ (ext, ".xz") || ++ STREQ (ext, ".lzma") || ++ STREQ (ext, ".Z") ++ )) { ++# else + filename_len = strlen (filename); + if (filename_len > 3 && STREQ (filename + filename_len - 3, ".gz")) { ++# endif + if (flags & DECOMPRESS_ALLOW_INPROCESS) { + decompress *d = decompress_try_zlib (filename); + if (d) + return d; + } +- ++# ifdef HAVE_ZIO ++ static char opt[2] = {'\0','\0'}; + char *name = NULL; + -+ if (STREQ (ext, ".gz")) -+ opt = "g"; -+ else if (STREQ (ext, ".z")) -+ opt = "z"; -+ else if (STREQ (ext, ".bz2")) -+ opt = "b"; -+ else if (STREQ (ext, ".xz")) -+ opt = "x"; -+ else if (STREQ (ext, ".lzma")) -+ opt = "l"; -+ else if (STREQ (ext, ".Z")) -+ opt = "Z"; -+ else -+ goto nozio; ++ opt[0] = ext[1]; + + /* informational only; no shell quoting concerns */ + name = appendstr (NULL, "libzio < ", filename, (void *) 0); + cmd = pipecmd_new_function (name, &decompress_zio, NULL, + (void *)opt); -+ pipecmd_pre_exec (cmd, sandbox_load, sandbox_free, sandbox); -+ p = pipeline_new_commands (cmd, (void *) 0); -+ free (name); -+ goto got_pipeline; -+ } -+#endif /* HAVE_ZIO */ -+ - #ifdef HAVE_LIBZ - filename_len = strlen (filename); - if (filename_len > 3 && STREQ (filename + filename_len - 3, ".gz")) { -@@ -220,7 +283,11 @@ decompress *decompress_open (const char ++# else + cmd = pipecmd_new_function ("zcat", &decompress_zlib, NULL, + NULL); ++# endif + pipecmd_pre_exec (cmd, sandbox_load, sandbox_free, sandbox); + p = pipeline_new_commands (cmd, nullptr); ++# ifdef HAVE_ZIO ++ free (name); ++# endif + goto got_pipeline; } #endif /* HAVE_LIBZ */ - -+#ifdef HAVE_ZIO -+nozio: -+#else - ext = strrchr (filename, '.'); -+#endif /* HAVE_LIBZ */ - if (ext) { - ++ext; - -@@ -313,7 +380,7 @@ void decompress_inprocess_replace (decom +@@ -313,7 +393,7 @@ void decompress_inprocess_replace (decom void decompress_start (decompress *d) { diff --git a/man-db-2.9.4.patch b/man-db-2.9.4.patch index 7f1f6ce..214019a 100644 --- a/man-db-2.9.4.patch +++ b/man-db-2.9.4.patch @@ -63,7 +63,7 @@ diff --git a/lib/security.c b/lib/security.c #endif /* MAN_OWNER */ void init_security (void) -@@ -165,6 +170,31 @@ void regain_effective_privs (void) +@@ -166,6 +171,31 @@ void regain_effective_privs (void) uid = euid; gid = egid; } diff --git a/man.changes b/man.changes index 3de5792..423df5d 100644 --- a/man.changes +++ b/man.changes @@ -1,3 +1,17 @@ +------------------------------------------------------------------- +Mon Nov 11 10:37:45 UTC 2024 - Dr. Werner Fink + +- Readd patch man-db-2.7.1-zio.dif + * Use also in-memory decompression +- Add patch man-db-2.13.0-no_abort.patch + * Avoid abort of mandb due switching to user man if executed by root + +------------------------------------------------------------------- +Fri Nov 8 13:58:23 UTC 2024 - Fabian Vogt + +- Drop libzio integration (man-db-2.7.1-zio.dif, BuildRequires and flag) + to restore acceptable performance (boo#1232837): + ------------------------------------------------------------------- Fri Oct 18 13:04:09 UTC 2024 - Dr. Werner Fink diff --git a/man.spec b/man.spec index 7140aa3..f340203 100644 --- a/man.spec +++ b/man.spec @@ -43,6 +43,8 @@ Source7: man-db-create.service Source8: manpath.csh Source9: manpath.sh Patch0: man-db-2.3.19deb4.0-groff.dif +# PATCH-FIX-SUSE Fix a crash if mandb is directly executed by root +Patch3: man-db-2.13.0-no_abort.patch # PATCH-FEATURE-OPENSUSE man-db-2.7.1-zio.dif -- Allow using libzio for decompression Patch4: man-db-2.7.1-zio.dif # PATCH-FEATURE-OPENSUSE man-db-2.6.3-listall.dif -- If multiple matching pages are found show a list bnc#786679 @@ -95,6 +97,7 @@ printer (using groff). %prep %setup -q -n man-db-%{version} %patch -P 0 -b .groff +%patch -P3 -b .seteuid %patch -P4 -b .zio %patch -P5 -b .listall %patch -P6 -p1 -b .p6 @@ -360,7 +363,9 @@ then fi %post +%if 0%{?suse_version} < 1500 %{fillup_only -an cron} +%endif /sbin/ldconfig %if %{with sdtimer} %service_add_post man-db-create.service