[gentoo-commits] repo/gentoo:master commit in: sys-apps/man-db/files/, sys-apps/man-db/

[Lars Wendler]

commit: 5f96b31dfd4738313f0ffbde83945f64c2b46ca2
Author: Lars Wendler  gentoo  org>
AuthorDate: Tue Apr 21 07:37:32 2020 +
Commit: Lars Wendler  gentoo  org>
CommitDate: Tue Apr 21 07:37:32 2020 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5f96b31d

sys-apps/man-db: Removed old

Package-Manager: Portage-2.3.99, Repoman-2.3.22
Signed-off-by: Lars Wendler  gentoo.org>

 sys-apps/man-db/Manifest |   2 -
 sys-apps/man-db/files/man-db.cron|  11 ---
 sys-apps/man-db/man-db-2.7.6.1-r2.ebuild | 110 --
 sys-apps/man-db/man-db-2.9.0.ebuild  | 157 ---
 4 files changed, 280 deletions(-)

diff --git a/sys-apps/man-db/Manifest b/sys-apps/man-db/Manifest
index 6e12ba7270a..071f45cf4b9 100644
--- a/sys-apps/man-db/Manifest
+++ b/sys-apps/man-db/Manifest
@@ -1,4 +1,2 @@
-DIST man-db-2.7.6.1.tar.xz 1541316 BLAKE2B 
ea3aa7e90ea8af4882bd99d99374cc37d9c0c7f70bb970973eb3f2178aa4323bcdebc7f39f142ec0144dbe55a9f86aba15d9fe281d2662d280b8e6dca9452f24
 SHA512 
623c5e7f8b7c289908b2c926f8777293b8d39aeceef0d2509d701a8b0bfa81408650f655c8608318221786c751a79ee91124b07993de5298cd7fa6d8bb737301
 DIST man-db-2.8.7.tar.xz 1839012 BLAKE2B 
19b438b1083cfd838421f29ed053fe85686929bc9f2105fe399ea99622f138bca2ca17cddb9223362db2d5f9c4bb3669865ecf749fe845ea8e4223027f67
 SHA512 
9f9d6f3b776c0b35f95c179fb668f2dc3db3d3e63a162cfda98c5d126fe147f2418e1a1503037ebe28314f57d9b6f48b7f7674d611df14424973a866a61ff2d9
-DIST man-db-2.9.0.tar.xz 1857216 BLAKE2B 
b797c1bc48027346114d35f00624686daa7e139cf5836e207b482d645009b95577bc13cbad3f1b2498e8c7e8c2f530d43aa8dec96ebad6bb84e6cc77064319d1
 SHA512 
7deb4421c7944276c6edf974b1336ee2f6605ee470c98d374544e2fcaa32ec2afe077c5fd020fc1f74df058384a293b8ad5a92d86b1c15a949573af46ba09cda
 DIST man-db-2.9.1.tar.xz 1875456 BLAKE2B 
42d7d5f49bf19e031bde18dd60cbf18a7656e8756f2cc5d3789cab6ea82283115ed0303ae2f7f7ffd3e32310302b7b70b4e39704bd5c2a08ab60a38905d8c448
 SHA512 
ae2d1e9f293795c63f5a9a1a765478a9a59cbe5fe6f759647be5057c1ae53f90baee8d5467921f3d0102300f2111a5026eeb25f78401bcb16ce45ad790634977

diff --git a/sys-apps/man-db/files/man-db.cron 
b/sys-apps/man-db/files/man-db.cron
deleted file mode 100644
index b3794f25573..000
--- a/sys-apps/man-db/files/man-db.cron
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/bin/sh
-
-# Use same perms/settings as the ebuild.
-cachedir="/var/cache/man"
-if [ ! -d "${cachedir}" ]; then
-   mkdir -p "${cachedir}"
-   chown man:man "${cachedir}"
-   chmod 0755 "${cachedir}"
-fi
-
-exec nice mandb --quiet

diff --git a/sys-apps/man-db/man-db-2.7.6.1-r2.ebuild 
b/sys-apps/man-db/man-db-2.7.6.1-r2.ebuild
deleted file mode 100644
index a4faae26809..000
--- a/sys-apps/man-db/man-db-2.7.6.1-r2.ebuild
+++ /dev/null
@@ -1,110 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=5
-
-inherit eutils ltprune user versionator
-
-DESCRIPTION="a man replacement that utilizes berkdb instead of flat files"
-HOMEPAGE="http://www.nongnu.org/man-db/;
-SRC_URI="mirror://nongnu/${PN}/${P}.tar.xz"
-
-LICENSE="GPL-3"
-SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv s390 
sparc x86 ~amd64-linux ~x86-linux"
-IUSE="berkdb +gdbm +manpager nls selinux static-libs zlib"
-
-CDEPEND=">=dev-libs/libpipeline-1.4.0
-   berkdb? ( sys-libs/db:= )
-   gdbm? ( sys-libs/gdbm:= )
-   !berkdb? ( !gdbm? ( sys-libs/gdbm:= ) )
-   sys-apps/groff
-   zlib? ( sys-libs/zlib )
-   !sys-apps/man"
-DEPEND="${CDEPEND}
-   app-arch/xz-utils
-   virtual/pkgconfig
-   nls? (
-   >=app-text/po4a-0.45
-   sys-devel/gettext
-   )"
-RDEPEND="${CDEPEND}
-   selinux? ( sec-policy/selinux-mandb )
-"
-PDEPEND="manpager? ( app-text/manpager )"
-
-pkg_setup() {
-   # Create user now as Makefile in src_install does setuid/chown
-   enewgroup man 15
-   enewuser man 13 -1 /usr/share/man man
-
-   if (use gdbm && use berkdb) || (use !gdbm && use !berkdb) ; then #496150
-   ewarn "Defaulting to USE=gdbm due to ambiguous berkdb/gdbm USE 
flag settings"
-   fi
-}
-
-src_configure() {
-   export ac_cv_lib_z_gzopen=$(usex zlib)
-   local myeconfargs=(
-   --docdir='$(datarootdir)'/doc/${PF}
-   --with-systemdtmpfilesdir="${EPREFIX}"/usr/lib/tmpfiles.d
-   --enable-setuid
-   --enable-cache-owner=man
-   --with-sections="1 1p 8 2 3 3p 4 5 6 7 9 0p tcl n l p o 1x 2x 
3x 4x 5x 6x 7x 8x"
-   $(use_enable nls)
-   $(use_enable static-libs static)
-   --with-db=$(usex gdbm gdbm $(usex berkdb db gdbm))
-   )
-   econf "${myeconfargs[@]}"
-
-   # Disable color output from groff so that the manpager can add it. 
#184604
-   sed -i \
-   -e '/^#DEFINE.*\<[nt]roff\>/{s:^#::;s:$: -c:}' \
-   src/man_db.conf 

[gentoo-commits] repo/gentoo:master commit in: sys-apps/man-db/files/, sys-apps/man-db/

[Lars Wendler]

commit: 8607cad379185ee6b427dc78dcf7c5fcd90de541
Author: Lars Wendler  gentoo  org>
AuthorDate: Thu Feb  8 11:56:06 2018 +
Commit: Lars Wendler  gentoo  org>
CommitDate: Thu Feb  8 11:56:55 2018 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8607cad3

sys-apps/man-db: Revump to drop seccomp again. It segfaults.

Might re-add seccomp once 2.8.1 has been released.

Package-Manager: Portage-2.3.24, Repoman-2.3.6

 .../files/man-db-2.8.0-refactor_drop_privs.patch   | 120 
 .../man-db/files/man-db-2.8.0-seccomp_suid.patch   | 126 -
 ...n-db-2.8.0-r1.ebuild => man-db-2.8.0-r2.ebuild} |   7 +-
 3 files changed, 2 insertions(+), 251 deletions(-)

diff --git a/sys-apps/man-db/files/man-db-2.8.0-refactor_drop_privs.patch 
b/sys-apps/man-db/files/man-db-2.8.0-refactor_drop_privs.patch
deleted file mode 100644
index 87db57afb9e..000
--- a/sys-apps/man-db/files/man-db-2.8.0-refactor_drop_privs.patch
+++ /dev/null
@@ -1,120 +0,0 @@
-From 24624eaf853158856b8fd0a6f78c873475a16686 Mon Sep 17 00:00:00 2001
-From: Colin Watson 
-Date: Wed, 7 Feb 2018 12:23:15 +
-Subject: Refactor do_system_drop_privs
-
-Now that we have pipecmd_pre_exec, this can be simplified quite a bit.
-
-* lib/security.c (drop_privs): New function.
-(do_system_drop_privs_child, do_system_drop_privs): Remove.
-* lib/security.h (drop_privs): Add prototype.
-(do_system_drop_privs): Remove prototype.
-* src/man.c (make_browser): Add drop_privs pre-exec hook to browser
-command.
-(format_display): Call browser using pipeline_run rather than
-do_system_drop_privs, since it now has a pre-exec hook to drop
-privileges.

- lib/security.c | 37 +++--
- lib/security.h |  2 +-
- src/man.c  |  7 +--
- 3 files changed, 9 insertions(+), 37 deletions(-)
-
-diff --git a/lib/security.c b/lib/security.c
-index 6e84de8..c9b365d 100644
 a/lib/security.c
-+++ b/lib/security.c
-@@ -158,42 +158,11 @@ void regain_effective_privs (void)
- #endif /* MAN_OWNER */
- }
- 
--#ifdef MAN_OWNER
--void do_system_drop_privs_child (void *data)
-+/* Pipeline command pre-exec hook to permanently drop privileges. */
-+void drop_privs (void *data ATTRIBUTE_UNUSED)
- {
--  pipeline *p = data;
--
-+#ifdef MAN_OWNER
-   if (idpriv_drop ())
-   gripe_set_euid ();
--  exit (pipeline_run (p));
--}
--#endif /* MAN_OWNER */
--
--/* The safest way to execute a pipeline with no effective privileges is to
-- * fork, permanently drop privileges in the child, run the pipeline from the
-- * child, and wait for it to die.
-- *
-- * It is possible to use saved IDs to avoid the fork, since effective IDs
-- * are copied to saved IDs on execve; we used to do this.  However, forking
-- * is not expensive enough to justify the extra code.
-- *
-- * Note that this frees the supplied pipeline.
-- */
--int do_system_drop_privs (pipeline *p)
--{
--#ifdef MAN_OWNER
--  pipecmd *child_cmd;
--  pipeline *child;
--  int status;
--
--  child_cmd = pipecmd_new_function ("unprivileged child",
--do_system_drop_privs_child, NULL, p);
--  child = pipeline_new_commands (child_cmd, NULL);
--  status = pipeline_run (child);
--
--  pipeline_free (p);
--  return status;
--#else  /* !MAN_OWNER */
--  return pipeline_run (p);
- #endif /* MAN_OWNER */
- }
-diff --git a/lib/security.h b/lib/security.h
-index 7545502..851127d 100644
 a/lib/security.h
-+++ b/lib/security.h
-@@ -27,7 +27,7 @@
- /* security.c */
- extern void drop_effective_privs (void);
- extern void regain_effective_privs (void);
--extern int do_system_drop_privs (struct pipeline *p);
-+extern void drop_privs (void *data);
- extern void init_security (void);
- extern int running_setuid (void);
- extern struct passwd *get_man_owner (void);
-diff --git a/src/man.c b/src/man.c
-index 959d6cc..ff7ebc7 100644
 a/src/man.c
-+++ b/src/man.c
-@@ -1481,6 +1481,7 @@ static pipeline *make_roff_command (const char *dir, 
const char *file,
- static pipeline *make_browser (const char *pattern, const char *file)
- {
-   pipeline *p;
-+  pipecmd *cmd;
-   char *browser = xmalloc (1);
-   int found_percent_s = 0;
-   char *percent;
-@@ -1526,7 +1527,9 @@ static pipeline *make_browser (const char *pattern, 
const char *file)
-   free (esc_file);
-   }
- 
--  p = pipeline_new_command_args ("/bin/sh", "-c", browser, NULL);
-+  cmd = pipecmd_new_args ("/bin/sh", "-c", browser, NULL);
-+  pipecmd_pre_exec (cmd, drop_privs, NULL, NULL);
-+  p = pipeline_new_commands (cmd, NULL);
-   pipeline_ignore_signals (p, 1);
-   free (browser);
- 
-@@ -2021,7 +2024,7 @@ static void format_display (pipeline *decomp,
-   pipeline *browser;
-   debug ("Trying browser: %s\n", candidate);
-   browser = make_browser (candidate, 

[gentoo-commits] repo/gentoo:master commit in: sys-apps/man-db/files/, sys-apps/man-db/

[Lars Wendler]

commit: 66af02c4670b0c8547c27810c1e2ddbe60c5788c
Author: Lars Wendler  gentoo  org>
AuthorDate: Thu Feb  8 07:53:09 2018 +
Commit: Lars Wendler  gentoo  org>
CommitDate: Thu Feb  8 07:59:22 2018 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=66af02c4

sys-apps/man-db: Revbump adding seccomp support. Removed old.

Package-Manager: Portage-2.3.24, Repoman-2.3.6

 .../files/man-db-2.8.0-libseccomp_automagic.patch  |  99 +---
 .../files/man-db-2.8.0-refactor_drop_privs.patch   | 120 
 .../man-db/files/man-db-2.8.0-seccomp_suid.patch   | 126 +
 ...{man-db-2.8.0.ebuild => man-db-2.8.0-r1.ebuild} |  19 ++--
 4 files changed, 335 insertions(+), 29 deletions(-)

diff --git a/sys-apps/man-db/files/man-db-2.8.0-libseccomp_automagic.patch 
b/sys-apps/man-db/files/man-db-2.8.0-libseccomp_automagic.patch
index 333bc5fe295..cf9c1257317 100644
--- a/sys-apps/man-db/files/man-db-2.8.0-libseccomp_automagic.patch
+++ b/sys-apps/man-db/files/man-db-2.8.0-libseccomp_automagic.patch
@@ -1,42 +1,107 @@
-From c693c0d6c41e777def51984035710779697d1989 Mon Sep 17 00:00:00 2001
+From 3d4ab15670079aa8e898f80a650b3be941230486 Mon Sep 17 00:00:00 2001
 From: Lars Wendler 
-Date: Tue, 6 Feb 2018 14:41:22 +0100
-Subject: [PATCH] Change libseccomp logic to not be automagic only.
+Date: Tue, 6 Feb 2018 15:30:21 +0100
+Subject: [PATCH] Change libseccomp logic to not be automagic only
 
-Introduce --with-libseccomp configure option so that users can disable
-seccomp even if libseccomp is available on the system.
-The default is unchanged to before this patch. If no --with(out)-libseccomp
-has been given on command line, the macro looks for presence of libseccomp
-and uses that if found.
+Introduce --without-libseccomp configure option so that users can
+disable seccomp even if libseccomp is available on the system.
+
+The default is unchanged from before this patch.  If no
+--with(out)-libseccomp has been given on the command line, the macro
+looks for presence of libseccomp and uses that if found.
+
+* m4/man-libseccomp.m4: Guard pkg-config test with a command-line
+option.
 ---
- m4/man-libseccomp.m4 | 19 ++-
- 1 file changed, 14 insertions(+), 5 deletions(-)
 
+diff --git a/configure b/configure
+index 3f949306..8eaca64e 100755
+--- a/configure
 b/configure
+@@ -1718,6 +1718,7 @@ with_included_regex
+ enable_nls
+ with_libiconv_prefix
+ with_libintl_prefix
++with_libseccomp
+ '
+   ac_precious_vars='build_alias
+ host_alias
+@@ -2459,6 +2460,7 @@ Optional Packages:
+   --without-libiconv-prefix don't search for libiconv in includedir and 
libdir
+   --with-libintl-prefix[=DIR]  search for libintl in DIR/include and DIR/lib
+   --without-libintl-prefix don't search for libintl in includedir and 
libdir
++  --without-libseccompdo not confine subprocesses using seccomp
+ 
+ Some influential environment variables:
+   CC  C compiler command
+@@ -47295,6 +47297,15 @@ fi
+ 
+ # Check for libseccomp library.
+ 
++# Check whether --with-libseccomp was given.
++if test "${with_libseccomp+set}" = set; then :
++  withval=$with_libseccomp;
++else
++  with_libseccomp=check
++fi
++
++  if test "x$with_libseccomp" != "xno"; then
++
+ pkg_failed=no
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for libseccomp" >&5
+ $as_echo_n "checking for libseccomp... " >&6; }
+@@ -47353,11 +47364,15 @@ fi
+   # Put the nasty error message in config.log where it belongs
+   echo "$libseccomp_PKG_ERRORS" >&5
+ 
+-  :
++  if test "x$with_libseccomp" = "xyes"; then
++  as_fn_error $? "--with-libseccomp given but 
cannot find libseccomp" "$LINENO" 5
++   fi
+ elif test $pkg_failed = untried; then
+   { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+ $as_echo "no" >&6; }
+-  :
++  if test "x$with_libseccomp" = "xyes"; then
++  as_fn_error $? "--with-libseccomp given but 
cannot find libseccomp" "$LINENO" 5
++   fi
+ else
+   libseccomp_CFLAGS=$pkg_cv_libseccomp_CFLAGS
+   libseccomp_LIBS=$pkg_cv_libseccomp_LIBS
+@@ -47367,6 +47382,7 @@ $as_echo "yes" >&6; }
+ $as_echo "#define HAVE_LIBSECCOMP 1" >>confdefs.h
+ 
+ fi
++  fi
+ 
+ 
+ { $as_echo "$as_me:${as_lineno-$LINENO}: default CC = \"$CC\"" >&5
 diff --git a/m4/man-libseccomp.m4 b/m4/man-libseccomp.m4
-index a9377317..17a52f72 100644
+index a9377317..c90e3aa4 100644
 --- a/m4/man-libseccomp.m4
 +++ b/m4/man-libseccomp.m4
 @@ -1,9 +1,18 @@
- # man-libseccomp.m4 serial 1
+-# man-libseccomp.m4 serial 1
++# man-libseccomp.m4 serial 2
  dnl MAN_LIBSECCOMP
 -dnl Check for the libseccomp library.
-+dnl Add a --with-libseccomp option.
++dnl Add a --without-libseccomp option; check for the libseccomp library.
  AC_DEFUN([MAN_LIBSECCOMP],
 -[PKG_CHECK_MODULES([libseccomp], [libseccomp],
 -  

[gentoo-commits] repo/gentoo:master commit in: sys-apps/man-db/files/, sys-apps/man-db/

[Robin H. Johnson]

commit: aaa42799b39bd2ad5a345ab28c71dac1a7a94664
Author: Robin H. Johnson  gentoo  org>
AuthorDate: Tue Feb 21 21:45:35 2017 +
Commit: Robin H. Johnson  gentoo  org>
CommitDate: Tue Feb 21 21:46:15 2017 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=aaa42799

sys-apps/man-db: re-fix security bug #602588 because of comment #18.

Package-Manager: portage-2.3.3
Signed-off-by: Robin H. Johnson  gentoo.org>

 sys-apps/man-db/files/man-db.cron|   9 +--
 sys-apps/man-db/man-db-2.7.6.1-r2.ebuild | 109 +++
 2 files changed, 114 insertions(+), 4 deletions(-)

diff --git a/sys-apps/man-db/files/man-db.cron 
b/sys-apps/man-db/files/man-db.cron
index ced63900fc..d94e594d1a 100644
--- a/sys-apps/man-db/files/man-db.cron
+++ b/sys-apps/man-db/files/man-db.cron
@@ -1,10 +1,11 @@
 #!/bin/sh
 
 # Use same perms/settings as the ebuild.
-if [ ! -d /var/cache/man ]; then
-   mkdir -p /var/cache/man
-   chown man:root /var/cache/man
-   chmod 2755 /var/cache/man
+cachedir="/var/cache/man"
+if [ ! -d ${cachedir} ]; then
+   mkdir -p "${cachedir}"
+   chown man:man "${cachedir}"
+   chmod 0755 "${cachedir}"
 fi
 
 exec nice mandb --quiet

diff --git a/sys-apps/man-db/man-db-2.7.6.1-r2.ebuild 
b/sys-apps/man-db/man-db-2.7.6.1-r2.ebuild
new file mode 100644
index 00..176e09719e
--- /dev/null
+++ b/sys-apps/man-db/man-db-2.7.6.1-r2.ebuild
@@ -0,0 +1,109 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+inherit eutils user versionator
+
+DESCRIPTION="a man replacement that utilizes berkdb instead of flat files"
+HOMEPAGE="http://www.nongnu.org/man-db/;
+SRC_URI="mirror://nongnu/${PN}/${P}.tar.xz"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 
~sh ~sparc ~x86 ~amd64-linux ~arm-linux ~x86-linux"
+IUSE="berkdb +gdbm +manpager nls selinux static-libs zlib"
+
+CDEPEND=">=dev-libs/libpipeline-1.4.0
+   berkdb? ( sys-libs/db:= )
+   gdbm? ( sys-libs/gdbm )
+   !berkdb? ( !gdbm? ( sys-libs/gdbm ) )
+   sys-apps/groff
+   zlib? ( sys-libs/zlib )
+   !sys-apps/man"
+DEPEND="${CDEPEND}
+   app-arch/xz-utils
+   virtual/pkgconfig
+   nls? (
+   >=app-text/po4a-0.45
+   sys-devel/gettext
+   )"
+RDEPEND="${CDEPEND}
+   selinux? ( sec-policy/selinux-mandb )
+"
+PDEPEND="manpager? ( app-text/manpager )"
+
+pkg_setup() {
+   # Create user now as Makefile in src_install does setuid/chown
+   enewgroup man 15
+   enewuser man 13 -1 /usr/share/man man
+
+   if (use gdbm && use berkdb) || (use !gdbm && use !berkdb) ; then #496150
+   ewarn "Defaulting to USE=gdbm due to ambiguous berkdb/gdbm USE 
flag settings"
+   fi
+}
+
+src_configure() {
+   export ac_cv_lib_z_gzopen=$(usex zlib)
+   econf \
+   --docdir='$(datarootdir)'/doc/${PF} \
+   --with-systemdtmpfilesdir="${EPREFIX}"/usr/lib/tmpfiles.d \
+   --enable-setuid \
+   --enable-cache-owner=man \
+   --with-sections="1 1p 8 2 3 3p 4 5 6 7 9 0p tcl n l p o 1x 2x 
3x 4x 5x 6x 7x 8x" \
+   $(use_enable nls) \
+   $(use_enable static-libs static) \
+   --with-db=$(usex gdbm gdbm $(usex berkdb db gdbm))
+
+   # Disable color output from groff so that the manpager can add it. 
#184604
+   sed -i \
+   -e '/^#DEFINE.*\<[nt]roff\>/{s:^#::;s:$: -c:}' \
+   src/man_db.conf || die
+}
+
+src_install() {
+   default
+   dodoc docs/{HACKING,TODO}
+   prune_libtool_files
+
+   exeinto /etc/cron.daily
+   newexe "${FILESDIR}"/man-db.cron man-db #289884
+}
+
+pkg_preinst() {
+   local cachedir="${EROOT}var/cache/man"
+   # If the system was already exploited, and the attacker is hiding in the
+   # cachedir of the old man-db, let's wipe them out.
+   # see bug  #602588 comment 18
+   local _replacing_version=
+   local _setgid_vuln=0
+   for _replacing_version in ${REPLACING_VERSIONS}; do
+   if version_is_at_least '2.7.6.1-r2' "${_replacing_version}"; 
then
+   debug-print "Skipping security bug #602588 ... existing 
installation (${_replacing_version}) should not be affected!"
+   else
+   _setgid_vuln=1
+   debug-print "Applying cleanup for security bug #602588"
+   fi
+   done
+   [[ ${_setgid_vuln} -eq 1 ]] && rm -rf "${cachedir}"
+
+   # Fall back to recreating the cachedir
+   if [[ ! -d ${cachedir} ]] ; then
+   mkdir -p "${cachedir}" || die
+   chown man:man "${cachedir}" || die
+   fi
+
+   # Update the whatis cache
+   if [[ -f ${cachedir}/whatis ]] ; then
+   einfo "Cleaning ${cachedir} from sys-apps/man"
+