commit: 15848c4175bd2c42967e5f09128a600f376febd3 Author: Justin Lecher <jlec <AT> gentoo <DOT> org> AuthorDate: Fri Dec 25 10:38:04 2015 +0000 Commit: Justin Lecher <jlec <AT> gentoo <DOT> org> CommitDate: Fri Dec 25 10:38:04 2015 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=15848c41
sci-biology/t-coffee: Import fix for CVE-2015-8621 Gentoo-Bug: https://bugs.gentoo.org/show_bug.cgi?id=569650 Package-Manager: portage-2.2.26 Signed-off-by: Justin Lecher <jlec <AT> gentoo.org> .../t-coffee/files/t-coffee-11.00-mayhem.patch | 25 ++++++++++++++++ ...t-coffee-11.00-set_proper_dir_permissions.patch | 35 ++++++++++++++++++++++ ...offee-11.00.ebuild => t-coffee-11.00-r1.ebuild} | 3 ++ 3 files changed, 63 insertions(+) diff --git a/sci-biology/t-coffee/files/t-coffee-11.00-mayhem.patch b/sci-biology/t-coffee/files/t-coffee-11.00-mayhem.patch new file mode 100644 index 0000000..cbfeeab --- /dev/null +++ b/sci-biology/t-coffee/files/t-coffee-11.00-mayhem.patch @@ -0,0 +1,25 @@ +Author: Andreas Tille <[email protected]> +Last-Update: Mon, 21 Dec 2015 21:30:36 +0100 +Bug-Debian: https://bugs.debian.org/716373 +Description: Fix Mayhem issue + The idea behind this patch is that if there is a problem to set the HOME + directories no additional processes can exist and so we should *really* + exit. Somehow the printf_exit() function does some logic which ends up + in an endless loop and thus forcing the exit will help here. + . + Unfortunately this does not solve the issue completely since inside the + Exit call a "Segmentation fault" happens - so some broken pointer handling + seems to happen somewhere before. + +--- a/t_coffee_source/util_lib/util.c ++++ b/t_coffee_source/util_lib/util.c +@@ -4642,7 +4642,8 @@ char *get_home_4_tcoffee () + } + else + { +- printf_exit (EXIT_FAILURE, stderr, "ERROR: Could not set a HOME directory.\nSet any of the following environement variables to some suitable location: HOME, HOME_4_TCOFFEE, TMP or TEMP [FATAL:%s]\n", PROGRAM); ++ fprintf(stderr, "ERROR: Could not set a HOME directory.\nSet any of the following environement variables to some suitable location: HOME, HOME_4_TCOFFEE, TMP or TEMP [FATAL:%s]\n", PROGRAM); ++ exit(EXIT_FAILURE); + } + + diff --git a/sci-biology/t-coffee/files/t-coffee-11.00-set_proper_dir_permissions.patch b/sci-biology/t-coffee/files/t-coffee-11.00-set_proper_dir_permissions.patch new file mode 100644 index 0000000..a3f47cd --- /dev/null +++ b/sci-biology/t-coffee/files/t-coffee-11.00-set_proper_dir_permissions.patch @@ -0,0 +1,35 @@ +Author: Andreas Tille <[email protected]> +Last-Update: Mon, 21 Dec 2015 21:30:36 +0100 +Bug-Debian: https://bugs.debian.org/751579 +Description: When creating subdirectories in $HOME do not + make these world writable but keep users umask + +--- a/t_coffee_source/util_lib/util.c ++++ b/t_coffee_source/util_lib/util.c +@@ -7714,6 +7714,10 @@ int my_mkdir ( char *dir_in) + int a, buf; + char *dir; + ++ static char *home = getenv ("HOME"); ++ static mode_t oldmask = umask(0); ++ int change_umask = 0; ++ if (strncmp (dir_in, home, strlen(home))==0) change_umask = 1; + + dir=(char*)vcalloc ( strlen (dir_in)+strlen (get_home_4_tcoffee())+100, sizeof (char)); + sprintf ( dir, "%s", dir_in); +@@ -7733,10 +7737,11 @@ int my_mkdir ( char *dir_in) + + if (access(dir, F_OK)==-1) + { +- mode_t oldmask = umask(0); +- mkdir (dir, S_IRWXU | S_IRWXG | S_IRWXO); +- umask(oldmask); +- ++ if ( change_umask == 1 ) mkdir (dir, 0777-oldmask); ++ else { ++ mkdir (dir, S_IRWXU | S_IRWXG | S_IRWXO); ++ umask(oldmask); ++ } + if ( access (dir, F_OK)==-1) + { + myexit(fprintf_error ( stderr, "\nERROR: Could Not Create Directory %s [FATAL:%s]", dir, PROGRAM)); } diff --git a/sci-biology/t-coffee/t-coffee-11.00.ebuild b/sci-biology/t-coffee/t-coffee-11.00-r1.ebuild similarity index 92% rename from sci-biology/t-coffee/t-coffee-11.00.ebuild rename to sci-biology/t-coffee/t-coffee-11.00-r1.ebuild index 62e8b70..3f2861c 100644 --- a/sci-biology/t-coffee/t-coffee-11.00.ebuild +++ b/sci-biology/t-coffee/t-coffee-11.00-r1.ebuild @@ -31,6 +31,9 @@ src_prepare() { -e '/@/s:.*;:\t:g' \ -e '/Linking/s:$(CC):$(CC) $(CFLAGS) $(LDFLAGS):g' \ -i t_coffee_source/makefile || die + epatch \ + "${FILESDIR}"/${P}-mayhem.patch \ + "${FILESDIR}"/${P}-set_proper_dir_permissions.patch } src_compile() {
