[gentoo-commits] repo/gentoo:master commit in: net-misc/peervpn/files/, net-misc/peervpn/

2016-12-13 Thread Zac Medico 
commit: f36646ec19b50b45cbf6def47e8e34ac2237b3c8
Author: Zac Medico  gentoo  org>
AuthorDate: Tue Dec 13 17:50:33 2016 +
Commit: Zac Medico  gentoo  org>
CommitDate: Tue Dec 13 17:55:11 2016 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f36646ec

net-misc/peervpn: 0.044-r2 revbump for bug 602550

Remove the chown call from the openrc init script start_post function,
in order to prevent privilege escalation attacks. It is unsafe to call
chown in a directory that is not owned by root, since the target file
could be a hardlink to a root-owned file.

X-Gentoo-bug: 602550
X-Gentoo-bug-url: https://bugs.gentoo.org/show_bug.cgi?id=602550

Package-Manager: portage-2.3.3

 net-misc/peervpn/files/peervpn.initd | 5 -
 net-misc/peervpn/files/peervpn.logrotated| 1 -
 .../peervpn/{peervpn-0.044-r1.ebuild => peervpn-0.044-r2.ebuild} | 1 -
 3 files changed, 7 deletions(-)

diff --git a/net-misc/peervpn/files/peervpn.initd 
b/net-misc/peervpn/files/peervpn.initd
index b607ec3..d90043f 100644
--- a/net-misc/peervpn/files/peervpn.initd
+++ b/net-misc/peervpn/files/peervpn.initd
@@ -25,8 +25,3 @@ depend() {
 start_pre() {
checkpath -d -m 0755 -o "${user}":"${group}" "${pidfile%/*}"
 }
-
-start_post() {
-   # Use -h to prevent privilege escalation attacks. Fixes bug #602550.
-   chown -h "${user}":"${group}" "${logfile}"
-}

diff --git a/net-misc/peervpn/files/peervpn.logrotated 
b/net-misc/peervpn/files/peervpn.logrotated
index 5de0a24..e99669c 100644
--- a/net-misc/peervpn/files/peervpn.logrotated
+++ b/net-misc/peervpn/files/peervpn.logrotated
@@ -1,5 +1,4 @@
 /var/log/peervpn/peervpn.log {
-   su peervpn peervpn
missingok
size 5M
rotate 3

diff --git a/net-misc/peervpn/peervpn-0.044-r1.ebuild 
b/net-misc/peervpn/peervpn-0.044-r2.ebuild
similarity index 96%
rename from net-misc/peervpn/peervpn-0.044-r1.ebuild
rename to net-misc/peervpn/peervpn-0.044-r2.ebuild
index 52e1451..be45231 100644
--- a/net-misc/peervpn/peervpn-0.044-r1.ebuild
+++ b/net-misc/peervpn/peervpn-0.044-r2.ebuild
@@ -46,7 +46,6 @@ src_install() {
systemd_dounit "${FILESDIR}/${PN}.service"
 
keepdir /var/log/${PN}
-   fowners ${PN}:${PN} /var/log/${PN}
insinto /etc/logrotate.d
newins "${FILESDIR}/${PN}.logrotated" "${PN}"
 }

[gentoo-commits] repo/gentoo:master commit in: net-misc/peervpn/files/

2016-12-13 Thread Zac Medico 
commit: 3f0f8227ade6d70b974b86cc270dfb654b34e7ff
Author: Zac Medico  gentoo  org>
AuthorDate: Tue Dec 13 17:21:18 2016 +
Commit: Zac Medico  gentoo  org>
CommitDate: Tue Dec 13 17:22:12 2016 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3f0f8227

net-misc/peervpn: use chown -h for posix compat

Package-Manager: portage-2.3.3

 net-misc/peervpn/files/peervpn.initd | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/net-misc/peervpn/files/peervpn.initd 
b/net-misc/peervpn/files/peervpn.initd
index 0f891b3..b607ec3 100644
--- a/net-misc/peervpn/files/peervpn.initd
+++ b/net-misc/peervpn/files/peervpn.initd
@@ -27,7 +27,6 @@ start_pre() {
 }
 
 start_post() {
-   # Use --no-dereference to prevent privilege escalation
-   # attacks. Fixes bug #602550.
-   chown --no-dereference "${user}":"${group}" "${logfile}"
+   # Use -h to prevent privilege escalation attacks. Fixes bug #602550.
+   chown -h "${user}":"${group}" "${logfile}"
 }

[gentoo-commits] repo/gentoo:master commit in: net-misc/peervpn/files/

2016-08-28 Thread Zac Medico 
commit: 948892f6199d343899467a727badc41e9a0cafe1
Author: Zac Medico  gentoo  org>
AuthorDate: Mon Aug 29 00:06:07 2016 +
Commit: Zac Medico  gentoo  org>
CommitDate: Mon Aug 29 00:06:07 2016 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=948892f6

net-misc/peervpn: add copytruncate to logrotate config

Package-Manager: portage-2.3.0

 net-misc/peervpn/files/peervpn.logrotated | 1 +
 1 file changed, 1 insertion(+)

diff --git a/net-misc/peervpn/files/peervpn.logrotated 
b/net-misc/peervpn/files/peervpn.logrotated
index d66c2fa..5de0a24 100644
--- a/net-misc/peervpn/files/peervpn.logrotated
+++ b/net-misc/peervpn/files/peervpn.logrotated
@@ -4,4 +4,5 @@
size 5M
rotate 3
compress
+   copytruncate
 }