Date: Friday, February 9, 2018 @ 18:19:24 Author: andyrtr Revision: 316533
archrelease: copy trunk to testing-x86_64 Added: man-db/repos/testing-x86_64/PKGBUILD (from rev 316532, man-db/trunk/PKGBUILD) man-db/repos/testing-x86_64/convert-mans (from rev 316532, man-db/trunk/convert-mans) man-db/repos/testing-x86_64/man-db.install (from rev 316532, man-db/trunk/man-db.install) man-db/repos/testing-x86_64/man-db.service (from rev 316532, man-db/trunk/man-db.service) man-db/repos/testing-x86_64/man-db.timer (from rev 316532, man-db/trunk/man-db.timer) Deleted: man-db/repos/testing-x86_64/PKGBUILD man-db/repos/testing-x86_64/convert-mans man-db/repos/testing-x86_64/fix_manconv_under_seccomp_when_man_is_setuid.diff man-db/repos/testing-x86_64/man-db.install man-db/repos/testing-x86_64/man-db.service man-db/repos/testing-x86_64/man-db.timer man-db/repos/testing-x86_64/refactor_do_system_drop_privs.diff ---------------------------------------------------+ PKGBUILD | 144 +++++++++----------- convert-mans | 22 +-- fix_manconv_under_seccomp_when_man_is_setuid.diff | 127 ----------------- man-db.install | 22 +-- man-db.service | 24 +-- man-db.timer | 14 - refactor_do_system_drop_privs.diff | 121 ---------------- 7 files changed, 108 insertions(+), 366 deletions(-) Deleted: PKGBUILD =================================================================== --- PKGBUILD 2018-02-09 18:19:03 UTC (rev 316532) +++ PKGBUILD 2018-02-09 18:19:24 UTC (rev 316533) @@ -1,77 +0,0 @@ -# $Id$ -# Maintainer: Andreas Radke <andy...@archlinux.org> -# Contributor: Sergej Pupykin <ser...@aur.archlinux.org> - -pkgname=man-db -pkgver=2.8.0 -pkgrel=2 -pkgdesc="A utility for reading man pages" -arch=('x86_64') -url="http://www.nongnu.org/man-db/" -license=('GPL' 'LGPL') -groups=('base') -depends=( 'bash' 'gdbm' 'zlib' 'groff' 'libpipeline' 'less' 'libseccomp') -makedepends=('po4a') -optdepends=('gzip') -backup=('etc/man_db.conf') -conflicts=('man') -provides=('man') -replaces=('man') -install=${pkgname}.install -source=(https://download-mirror.savannah.gnu.org/releases/man-db/$pkgname-$pkgver.tar.xz{,.sig} - fix_manconv_under_seccomp_when_man_is_setuid.diff - refactor_do_system_drop_privs.diff - convert-mans - man-db.{timer,service}) -sha512sums=('06f52ecd6e7ced858a32117ea4be3ed5fc3d4428cb810d31b85dd75556e999f5badc6eb81f642b56afe2a697462ccca9fd8cc5ecfbd40f132d5a74f84f316d39' - 'SKIP' - 'd9a16db27cb6bf4d6d134f2e18d8eedf136ac258a2ad76fdd59ff617bf532fe474eef39856d623c7773eb6e0f8de76f0eaaee846ef4dc02a84b6f62e449821d7' - '1ab8fc3a88dec9dae05fdbfaac8d1c8d37be203f0d37734ef7fbe802590a8d682a9c55ec84608e42e34b2b7cf1640c63c094c733a7f7c21b07e0c9d0e891db03' - '0b159285da20008f0fc0afb21f1eaebd39e8df5b0594880aa0e8a913b656608b8d16bb8d279d9e62d7aae52f62cb9b2fc49e237c6711f4a5170972b38d345535' - '2ed529500fbe18ba00ac7a6fc4c9da59e396464afb256db33f462b1127e497916602370e65e485c8d788c839f5b1b1130028502f61e1cc9ec8571ad6dd993738' - '76f8d51866418b612a72deaf3b07134d416a6d014dd3883fa78e08683c6b08553f483a4384ac87da25ac9896faa4807842fc69c42950cefe3c1c0590883aa600') -validpgpkeys=('AC0A4FF12611B6FCCF01C111393587D97D86500B') # Colin Watson <cjwat...@debian.org> - -prepare() { - cd ${pkgname}-${pkgver} - patch -Np1 -i $srcdir/refactor_do_system_drop_privs.diff - # FS#57436 - patch -Np1 -i $srcdir/fix_manconv_under_seccomp_when_man_is_setuid.diff -} - -build() { - cd ${pkgname}-${pkgver} - ./configure --prefix=/usr \ - --sbindir=/usr/bin \ - --sysconfdir=/etc \ - --libexecdir=/usr/lib \ - --with-db=gdbm \ - --disable-setuid \ - --enable-cache-owner=root \ - --enable-mandirs=GNU \ - --with-sections="1 n l 8 3 0 2 5 4 9 6 7" - make -} - -check() { - cd ${pkgname}-${pkgver} - make check -} - -package() { - cd ${pkgname}-${pkgver} - make DESTDIR=${pkgdir} install - - # part of groff pkg - rm -f ${pkgdir}/usr/bin/zsoelim - - # script from LFS to convert manpages, see - # http://www.linuxfromscratch.org/lfs/view/6.4/chapter06/man-db.html - install -D -m755 ${srcdir}/convert-mans ${pkgdir}/usr/bin/convert-mans - - # install man-db update timer - install -D -m644 ${srcdir}/man-db.timer ${pkgdir}/usr/lib/systemd/system/man-db.timer - install -D -m644 ${srcdir}/man-db.service ${pkgdir}/usr/lib/systemd/system/man-db.service - install -d -m755 ${pkgdir}/usr/lib/systemd/system/multi-user.target.wants - ln -s ../man-db.timer ${pkgdir}//usr/lib/systemd/system/multi-user.target.wants/man-db.timer -} Copied: man-db/repos/testing-x86_64/PKGBUILD (from rev 316532, man-db/trunk/PKGBUILD) =================================================================== --- PKGBUILD (rev 0) +++ PKGBUILD 2018-02-09 18:19:24 UTC (rev 316533) @@ -0,0 +1,67 @@ +# $Id$ +# Maintainer: Andreas Radke <andy...@archlinux.org> +# Contributor: Sergej Pupykin <ser...@aur.archlinux.org> + +pkgname=man-db +pkgver=2.8.1 +pkgrel=1 +pkgdesc="A utility for reading man pages" +arch=('x86_64') +url="http://www.nongnu.org/man-db/" +license=('GPL' 'LGPL') +groups=('base') +depends=( 'bash' 'gdbm' 'zlib' 'groff' 'libpipeline' 'less' 'libseccomp') +makedepends=('po4a') +optdepends=('gzip') +backup=('etc/man_db.conf') +conflicts=('man') +provides=('man') +replaces=('man') +install=${pkgname}.install +source=(#https://download-mirror.savannah.gnu.org/releases/man-db/$pkgname-$pkgver.tar.xz{,.sig} + https://savannah.nongnu.org/download/man-db/$pkgname-$pkgver.tar.xz{,.asc} + convert-mans + man-db.{timer,service}) +validpgpkeys=('AC0A4FF12611B6FCCF01C111393587D97D86500B') # Colin Watson <cjwat...@debian.org> +sha512sums=('82e75df32eb8575f47c3f36b5f2bbc827776747abfa39af589802e6566636c0771df0ee3197cb2bec3318c3055ff4e9d04c7da13b3bc6ea8a1ea1b1340554ef0' + 'SKIP' + '0b159285da20008f0fc0afb21f1eaebd39e8df5b0594880aa0e8a913b656608b8d16bb8d279d9e62d7aae52f62cb9b2fc49e237c6711f4a5170972b38d345535' + '2ed529500fbe18ba00ac7a6fc4c9da59e396464afb256db33f462b1127e497916602370e65e485c8d788c839f5b1b1130028502f61e1cc9ec8571ad6dd993738' + '76f8d51866418b612a72deaf3b07134d416a6d014dd3883fa78e08683c6b08553f483a4384ac87da25ac9896faa4807842fc69c42950cefe3c1c0590883aa600') + +build() { + cd ${pkgname}-${pkgver} + ./configure --prefix=/usr \ + --sbindir=/usr/bin \ + --sysconfdir=/etc \ + --libexecdir=/usr/lib \ + --with-db=gdbm \ + --disable-setuid \ + --enable-cache-owner=root \ + --enable-mandirs=GNU \ + --with-sections="1 n l 8 3 0 2 5 4 9 6 7" + make +} + +check() { + cd ${pkgname}-${pkgver} + make check +} + +package() { + cd ${pkgname}-${pkgver} + make DESTDIR=${pkgdir} install + + # part of groff pkg + rm -f ${pkgdir}/usr/bin/zsoelim + + # script from LFS to convert manpages, see + # http://www.linuxfromscratch.org/lfs/view/6.4/chapter06/man-db.html + install -D -m755 ${srcdir}/convert-mans ${pkgdir}/usr/bin/convert-mans + + # install man-db update timer + install -D -m644 ${srcdir}/man-db.timer ${pkgdir}/usr/lib/systemd/system/man-db.timer + install -D -m644 ${srcdir}/man-db.service ${pkgdir}/usr/lib/systemd/system/man-db.service + install -d -m755 ${pkgdir}/usr/lib/systemd/system/multi-user.target.wants + ln -s ../man-db.timer ${pkgdir}//usr/lib/systemd/system/multi-user.target.wants/man-db.timer +} Deleted: convert-mans =================================================================== --- convert-mans 2018-02-09 18:19:03 UTC (rev 316532) +++ convert-mans 2018-02-09 18:19:24 UTC (rev 316533) @@ -1,11 +0,0 @@ -#!/bin/sh -e -FROM="$1" -TO="$2" -shift ; shift -while [ $# -gt 0 ] -do - FILE="$1" - shift - iconv -f "$FROM" -t "$TO" "$FILE" >.tmp.iconv - mv .tmp.iconv "$FILE" -done Copied: man-db/repos/testing-x86_64/convert-mans (from rev 316532, man-db/trunk/convert-mans) =================================================================== --- convert-mans (rev 0) +++ convert-mans 2018-02-09 18:19:24 UTC (rev 316533) @@ -0,0 +1,11 @@ +#!/bin/sh -e +FROM="$1" +TO="$2" +shift ; shift +while [ $# -gt 0 ] +do + FILE="$1" + shift + iconv -f "$FROM" -t "$TO" "$FILE" >.tmp.iconv + mv .tmp.iconv "$FILE" +done Deleted: fix_manconv_under_seccomp_when_man_is_setuid.diff =================================================================== --- fix_manconv_under_seccomp_when_man_is_setuid.diff 2018-02-09 18:19:03 UTC (rev 316532) +++ fix_manconv_under_seccomp_when_man_is_setuid.diff 2018-02-09 18:19:24 UTC (rev 316533) @@ -1,127 +0,0 @@ -From 10027a400d6a05f463f3981e1191a2f35d0cc02b Mon Sep 17 00:00:00 2001 -From: Colin Watson <cjwat...@debian.org> -Date: Wed, 7 Feb 2018 13:44:30 +0000 -Subject: Fix manconv under seccomp when man is setuid - -We must drop privileges before loading the sandbox. - -Reported by Lars Wendler. - -* src/manconv_client.c (manconv_pre_exec): New function. -(manconv_stdin): Move setuid hack to ... -(add_manconv): ... here, now implemented using a custom pre-exec hook. -We no longer have a fall-through if dropping privileges fails, since -that's now harder to do and wasn't really necessary in the first place. ---- - src/manconv_client.c | 80 +++++++++++++++++++++++++++++----------------------- - 1 file changed, 45 insertions(+), 35 deletions(-) - -diff --git a/src/manconv_client.c b/src/manconv_client.c -index d6e010b..41ce479 100644 ---- a/src/manconv_client.c -+++ b/src/manconv_client.c -@@ -56,41 +56,6 @@ static void manconv_stdin (void *data) - struct manconv_codes *codes = data; - pipeline *p; - --#ifdef MAN_OWNER -- /* iconv_open may not work correctly in setuid processes; in GNU -- * libc, gconv modules may be linked against other gconv modules and -- * rely on RPATH $ORIGIN to load those modules from the correct -- * path, but $ORIGIN is disabled in setuid processes. It is -- * impossible to reset libc's idea of setuidness without creating a -- * whole new process image. Therefore, if the calling process is -- * setuid, we must drop privileges and execute manconv. -- * -- * If dropping privileges fails, fall through to the in-process -- * code, as in some situations it may actually manage to work. -- */ -- if (running_setuid () && !idpriv_drop ()) { -- char **from_code; -- char *sources = NULL; -- pipecmd *cmd; -- -- for (from_code = codes->from; *from_code; ++from_code) { -- sources = appendstr (sources, *from_code, NULL); -- if (*(from_code + 1)) -- sources = appendstr (sources, ":", NULL); -- } -- -- cmd = pipecmd_new_args (MANCONV, "-f", sources, -- "-t", codes->to, NULL); -- free (sources); -- -- if (quiet >= 2) -- pipecmd_arg (cmd, "-q"); -- -- pipecmd_exec (cmd); -- /* never returns */ -- } --#endif /* MAN_OWNER */ -- - p = decompress_fdopen (dup (STDIN_FILENO)); - pipeline_start (p); - manconv (p, codes->from, codes->to); -@@ -98,6 +63,17 @@ static void manconv_stdin (void *data) - pipeline_free (p); - } - -+#ifdef MAN_OWNER -+static void manconv_pre_exec (void *data) -+{ -+ /* We must drop privileges before loading the sandbox, since our -+ * seccomp filter doesn't allow setresuid and friends. -+ */ -+ drop_privs (NULL); -+ sandbox_load (data); -+} -+#endif /* MAN_OWNER */ -+ - static void free_manconv_codes (void *data) - { - struct manconv_codes *codes = data; -@@ -139,6 +115,40 @@ void add_manconv (pipeline *p, const char *source, const char *target) - name = appendstr (name, " -t ", codes->to, NULL); - if (quiet >= 2) - name = appendstr (name, " -q", NULL); -+ -+#ifdef MAN_OWNER -+ /* iconv_open may not work correctly in setuid processes; in GNU -+ * libc, gconv modules may be linked against other gconv modules and -+ * rely on RPATH $ORIGIN to load those modules from the correct -+ * path, but $ORIGIN is disabled in setuid processes. It is -+ * impossible to reset libc's idea of setuidness without creating a -+ * whole new process image. Therefore, if the calling process is -+ * setuid, we must drop privileges and execute manconv. -+ */ -+ if (running_setuid ()) { -+ char **from_code; -+ char *sources = NULL; -+ -+ cmd = pipecmd_new_args (MANCONV, "-f", NULL); -+ for (from_code = codes->from; *from_code; ++from_code) { -+ sources = appendstr (sources, *from_code, NULL); -+ if (*(from_code + 1)) -+ sources = appendstr (sources, ":", NULL); -+ } -+ pipecmd_arg (cmd, sources); -+ free (sources); -+ pipecmd_args (cmd, "-t", codes->to, NULL); -+ if (quiet >= 2) -+ pipecmd_arg (cmd, "-q"); -+ pipecmd_pre_exec (cmd, manconv_pre_exec, sandbox_free, -+ sandbox); -+ free (name); -+ free_manconv_codes (codes); -+ pipeline_command (p, cmd); -+ return; -+ } -+#endif /* MAN_OWNER */ -+ - cmd = pipecmd_new_function (name, &manconv_stdin, &free_manconv_codes, - codes); - free (name); --- -cgit v1.0-41-gc330 - - Deleted: man-db.install =================================================================== --- man-db.install 2018-02-09 18:19:03 UTC (rev 316532) +++ man-db.install 2018-02-09 18:19:24 UTC (rev 316533) @@ -1,11 +0,0 @@ -post_upgrade() { - # force database rebuild as recommended per upstream - if [ "`vercmp $2 2.7.0`" -lt 0 ]; then - echo "(re)building database..." - mandb -c --quiet - fi -} - -post_remove() { - rm -rf /var/cache/man -} Copied: man-db/repos/testing-x86_64/man-db.install (from rev 316532, man-db/trunk/man-db.install) =================================================================== --- man-db.install (rev 0) +++ man-db.install 2018-02-09 18:19:24 UTC (rev 316533) @@ -0,0 +1,11 @@ +post_upgrade() { + # force database rebuild as recommended per upstream + if [ "`vercmp $2 2.7.0`" -lt 0 ]; then + echo "(re)building database..." + mandb -c --quiet + fi +} + +post_remove() { + rm -rf /var/cache/man +} Deleted: man-db.service =================================================================== --- man-db.service 2018-02-09 18:19:03 UTC (rev 316532) +++ man-db.service 2018-02-09 18:19:24 UTC (rev 316533) @@ -1,12 +0,0 @@ -[Unit] -Description=Update man-db cache -RequiresMountsFor=/var/cache/man - -[Service] -Type=oneshot -ExecStart=/usr/bin/mkdir -p /var/cache/man -ExecStart=/usr/bin/mandb -CPUSchedulingPolicy=batch -Nice=19 -IOSchedulingClass=best-effort -IOSchedulingPriority=7 Copied: man-db/repos/testing-x86_64/man-db.service (from rev 316532, man-db/trunk/man-db.service) =================================================================== --- man-db.service (rev 0) +++ man-db.service 2018-02-09 18:19:24 UTC (rev 316533) @@ -0,0 +1,12 @@ +[Unit] +Description=Update man-db cache +RequiresMountsFor=/var/cache/man + +[Service] +Type=oneshot +ExecStart=/usr/bin/mkdir -p /var/cache/man +ExecStart=/usr/bin/mandb +CPUSchedulingPolicy=batch +Nice=19 +IOSchedulingClass=best-effort +IOSchedulingPriority=7 Deleted: man-db.timer =================================================================== --- man-db.timer 2018-02-09 18:19:03 UTC (rev 316532) +++ man-db.timer 2018-02-09 18:19:24 UTC (rev 316533) @@ -1,7 +0,0 @@ -[Unit] -Description=Daily man-db cache update - -[Timer] -OnCalendar=daily -AccuracySec=1d -Persistent=true Copied: man-db/repos/testing-x86_64/man-db.timer (from rev 316532, man-db/trunk/man-db.timer) =================================================================== --- man-db.timer (rev 0) +++ man-db.timer 2018-02-09 18:19:24 UTC (rev 316533) @@ -0,0 +1,7 @@ +[Unit] +Description=Daily man-db cache update + +[Timer] +OnCalendar=daily +AccuracySec=1d +Persistent=true Deleted: refactor_do_system_drop_privs.diff =================================================================== --- refactor_do_system_drop_privs.diff 2018-02-09 18:19:03 UTC (rev 316532) +++ refactor_do_system_drop_privs.diff 2018-02-09 18:19:24 UTC (rev 316533) @@ -1,121 +0,0 @@ -From 24624eaf853158856b8fd0a6f78c873475a16686 Mon Sep 17 00:00:00 2001 -From: Colin Watson <cjwat...@debian.org> -Date: Wed, 7 Feb 2018 12:23:15 +0000 -Subject: Refactor do_system_drop_privs - -Now that we have pipecmd_pre_exec, this can be simplified quite a bit. - -* lib/security.c (drop_privs): New function. -(do_system_drop_privs_child, do_system_drop_privs): Remove. -* lib/security.h (drop_privs): Add prototype. -(do_system_drop_privs): Remove prototype. -* src/man.c (make_browser): Add drop_privs pre-exec hook to browser -command. -(format_display): Call browser using pipeline_run rather than -do_system_drop_privs, since it now has a pre-exec hook to drop -privileges. ---- - lib/security.c | 37 +++---------------------------------- - lib/security.h | 2 +- - src/man.c | 7 +++++-- - 3 files changed, 9 insertions(+), 37 deletions(-) - -diff --git a/lib/security.c b/lib/security.c -index 6e84de8..c9b365d 100644 ---- a/lib/security.c -+++ b/lib/security.c -@@ -158,42 +158,11 @@ void regain_effective_privs (void) - #endif /* MAN_OWNER */ - } - --#ifdef MAN_OWNER --void do_system_drop_privs_child (void *data) -+/* Pipeline command pre-exec hook to permanently drop privileges. */ -+void drop_privs (void *data ATTRIBUTE_UNUSED) - { -- pipeline *p = data; -- -+#ifdef MAN_OWNER - if (idpriv_drop ()) - gripe_set_euid (); -- exit (pipeline_run (p)); --} --#endif /* MAN_OWNER */ -- --/* The safest way to execute a pipeline with no effective privileges is to -- * fork, permanently drop privileges in the child, run the pipeline from the -- * child, and wait for it to die. -- * -- * It is possible to use saved IDs to avoid the fork, since effective IDs -- * are copied to saved IDs on execve; we used to do this. However, forking -- * is not expensive enough to justify the extra code. -- * -- * Note that this frees the supplied pipeline. -- */ --int do_system_drop_privs (pipeline *p) --{ --#ifdef MAN_OWNER -- pipecmd *child_cmd; -- pipeline *child; -- int status; -- -- child_cmd = pipecmd_new_function ("unprivileged child", -- do_system_drop_privs_child, NULL, p); -- child = pipeline_new_commands (child_cmd, NULL); -- status = pipeline_run (child); -- -- pipeline_free (p); -- return status; --#else /* !MAN_OWNER */ -- return pipeline_run (p); - #endif /* MAN_OWNER */ - } -diff --git a/lib/security.h b/lib/security.h -index 7545502..851127d 100644 ---- a/lib/security.h -+++ b/lib/security.h -@@ -27,7 +27,7 @@ - /* security.c */ - extern void drop_effective_privs (void); - extern void regain_effective_privs (void); --extern int do_system_drop_privs (struct pipeline *p); -+extern void drop_privs (void *data); - extern void init_security (void); - extern int running_setuid (void); - extern struct passwd *get_man_owner (void); -diff --git a/src/man.c b/src/man.c -index 959d6cc..ff7ebc7 100644 ---- a/src/man.c -+++ b/src/man.c -@@ -1481,6 +1481,7 @@ static pipeline *make_roff_command (const char *dir, const char *file, - static pipeline *make_browser (const char *pattern, const char *file) - { - pipeline *p; -+ pipecmd *cmd; - char *browser = xmalloc (1); - int found_percent_s = 0; - char *percent; -@@ -1526,7 +1527,9 @@ static pipeline *make_browser (const char *pattern, const char *file) - free (esc_file); - } - -- p = pipeline_new_command_args ("/bin/sh", "-c", browser, NULL); -+ cmd = pipecmd_new_args ("/bin/sh", "-c", browser, NULL); -+ pipecmd_pre_exec (cmd, drop_privs, NULL, NULL); -+ p = pipeline_new_commands (cmd, NULL); - pipeline_ignore_signals (p, 1); - free (browser); - -@@ -2021,7 +2024,7 @@ static void format_display (pipeline *decomp, - pipeline *browser; - debug ("Trying browser: %s\n", candidate); - browser = make_browser (candidate, htmlfile); -- disp_status = do_system_drop_privs (browser); -+ disp_status = pipeline_run (browser); - if (!disp_status) - break; - } --- -cgit v1.0-41-gc330 - -