[gentoo-commits] repo/gentoo:master commit in: net-vpn/peervpn/

[Zac Medico]

commit:     41725d13927f9012e1758ef662f3e5ba351423ac
Author:     Zac Medico <zmedico <AT> gentoo <DOT> org>
AuthorDate: Mon May  4 04:00:28 2020 +0000
Commit:     Zac Medico <zmedico <AT> gentoo <DOT> org>
CommitDate: Mon May  4 04:02:01 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=41725d13

net-vpn/peervpn: 0.044-r5 revbump for bug 630972

Tighten up permission adjustments related to bug 629418.

Bug: https://bugs.gentoo.org/630972
Package-Manager: Portage-2.3.99, Repoman-2.3.22
Signed-off-by: Zac Medico <zmedico <AT> gentoo.org>

 ...eervpn-0.044-r4.ebuild => peervpn-0.044-r5.ebuild} | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/net-vpn/peervpn/peervpn-0.044-r4.ebuild 
b/net-vpn/peervpn/peervpn-0.044-r5.ebuild
similarity index 67%
rename from net-vpn/peervpn/peervpn-0.044-r4.ebuild
rename to net-vpn/peervpn/peervpn-0.044-r5.ebuild
index 0415a2741e1..a768d8ee2ef 100644
--- a/net-vpn/peervpn/peervpn-0.044-r4.ebuild
+++ b/net-vpn/peervpn/peervpn-0.044-r5.ebuild
@@ -1,7 +1,7 @@
-# Copyright 1999-2019 Gentoo Authors
+# Copyright 1999-2020 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
-EAPI=6
+EAPI=7
 
 inherit systemd toolchain-funcs user
 
@@ -57,12 +57,19 @@ src_install() {
 
 pkg_preinst() {
        if ! has_version '>=net-vpn/peervpn-0.044-r4' && \
-               [[ -d ${EROOT}etc/${PN} &&
-               $(find "${EROOT}etc/${PN}" -user "${PN}" ! -type l -print) ]]; 
then
-               ewarn "Tightening '${EROOT}etc/${PN}' permissions for bug 
629418"
+               [[ -d ${EROOT}/etc/${PN} && ! -L ${EROOT}/etc/${PN} &&
+               $(find "${EROOT}/etc/${PN}" -maxdepth 1 -user "${PN}" ! -type l 
-print) ]]; then
+               ewarn "Tightening '${EROOT}/etc/${PN}' permissions for bug 
629418"
+               # Tighten the parent directory permissions first, in
+               # order to protect against race conditions involving a
+               # less-privileged user.
+               chown root:${PN} "${EROOT}/etc/${PN}"
+               chmod g+rX-w,o-rwx "${EROOT}/etc/${PN}"
+               # Don't chown/chmod the referent of a symlink
+               # owned by a less-privileged user.
                while read -r -d ''; do
                        chown root:${PN} "${REPLY}" || die
                        chmod g+rX-w,o-rwx "${REPLY}" || die
-               done < <(find "${EROOT}etc/${PN}" -user "${PN}" ! -type l 
-print0)
+               done < <(find "${EROOT}/etc/${PN}" -mindepth 1 -maxdepth 1 
-user "${PN}" ! -type l -print0)
        fi
 }