diff options
Diffstat (limited to 'net-misc/omniORB')
-rw-r--r-- | net-misc/omniORB/Manifest | 3 | ||||
-rw-r--r-- | net-misc/omniORB/files/change-umask-from-002-to-022-in-CreateDir-macro.patch | 58 | ||||
-rw-r--r-- | net-misc/omniORB/omniORB-4.2.1_p2.ebuild | 104 |
3 files changed, 165 insertions, 0 deletions
diff --git a/net-misc/omniORB/Manifest b/net-misc/omniORB/Manifest index 22fb99bff23b..9a00e1ec9706 100644 --- a/net-misc/omniORB/Manifest +++ b/net-misc/omniORB/Manifest @@ -1,9 +1,12 @@ +AUX change-umask-from-002-to-022-in-CreateDir-macro.patch 1985 BLAKE2B a3254e101ed22afc6ee75c680442e59f29f5df65a1cf3a75f21500c4aaa65a28506cd037ce4d6402837a12c948c17b56b9a79255458a197464370ce0a1735f0b SHA512 cc2fb4c3bc9e10aea73b65623b679f930a668ef758392e0d67a0a0a7e46b15df788fa7668b788d0b356fe367399f70f0012e1ca99b0a9e7452608d07d8db9e05 AUX ldflags.patch 452 BLAKE2B c2adba2e1cb395eb2261397acc879ab8cb82ef776cfd5e53411761d1ebf91017cd5bbe14654d814798149d2838efc90979273a406d8ab8c72b343e8453d8ec5d SHA512 472d66b3071de94d4753773092c4781f5b4419041dc23b777bc13e8e4f4a1a40f245931479fc294c43a9e73f322e93b2055fb52a1070423d58dd32f23b0f61ca AUX omniNames 571 BLAKE2B d1a151abb6faf582478e3892b7b057f92263fa0278cb3f3fb82fec20ba60b3e40733fcc2b223286466c9f4eb60fbe49cd9ce239f95e7e1cccb5b5b1df2e88893 SHA512 98f08cd0bef699bdd8da026efbf211c5bf8dfa5bb24bd4438581dd4acf6cbabdb42e19de5a5d8ae9db74bafea86fb316ff75f3278c255cab7277f95681578044 AUX omniORB-4.1.4-format-security.patch 557 BLAKE2B 3aef2fdebedfdaf91cac169aa04715c37509e6d86bfc03a0171af238e232f3d2b9b59e69f2a01c6b35d291a4dba199ec6cf2c80203ee58478318ca0fb5a89f58 SHA512 f2d9ca53f9dcdac7fc0224e435ee7d4eecaf5c948d406f94e81a9ae7770d192b18e846ddd245c5b74e77efb7030902b9f2817b13349f2a685caadb05633e14ee AUX omniORB-4.1.4-openssl-1.patch 770 BLAKE2B ffdb15d5e48ae4cad6ee0c75334c48634f450a9f128fe84b3a345ce72f4be551e203ed21978dbd0381b610b98cc64375dd4bd873a33b9403374980b7e17b1264 SHA512 b43adc69ec30a3a1cf6581e050ca93927b267c67623aafdb53db0135a8d4164c779a9d54249c8672e5d8f1c761681092be3c2908cb772820d019db1e2b1ba396 DIST omniORB-4.1.4.tar.gz 3093814 BLAKE2B 6f85ff31f55533eac779554a165346fa693c41e261650f22c5d1889de731a5ca3b09d178945dee89b80553a81e7a9db3286efd465b4aafcb7c19e5dc5de5d105 SHA512 0ed989dd9a8c024a575ebbe1def137d11c4e52297727883d26cb1fdc87d2965e6d0152ee4b7b90097f2d97eb22501bb968eff0d070e88f80a9fef6b7439e1a1c +DIST omniORB-4.2.1-2.tar.bz2 2663504 BLAKE2B 3a5a48e7d85b5815b576067f16cf602ff9a44e547e4350d25d8ae43d8063e1bccb3da88eed09328224c88420870a64f331e6198f2f8911f4a718322ffcd3a8e0 SHA512 574bbc66f9eee87f06500c798e034a289e6104b3a921c8e956231c5c042a3306016b2aa69699eadef25edb97bed7580f7f27beec3893582a1ba16bb01f934fd6 DIST omniORB-4.2.2.tar.bz2 2673800 BLAKE2B 6afe4759cf19b69bd02d4864e305a0ebd0d11943a54c20d53987d9775f04833d5d2dbeb99e5bdcc59d56f116cfb14b9ae92399323e3980a44d9cef47a012c24f SHA512 3fe6c05d0e7f19455c4cd6702887f91b7d14cdc248008cbc456c103072a37251387877bd64d59a271c6e92703a70bbbb9713f9fa2e45d094628e42564cffd0ad EBUILD omniORB-4.1.4-r2.ebuild 2184 BLAKE2B b35249c5020bb321c91e7327edba33f7325a93352eba985cb695c0d62cf5fd13ed62529900197c43c5eb7aaa7c5ec8a901e67766c2ddae65eb687334ece63c8a SHA512 a4d08d26cdf8b7fbee13bed2a92eee52190ccdba863a46f8b87cd210fb212ef2eb85a0a84ec1e6895f360d3b1ae76d91c2f15a322bf85e0e35759d4c659185af +EBUILD omniORB-4.2.1_p2.ebuild 2868 BLAKE2B 9e04f87b95f12c8c07910bc56a25a69d7896b655283d9e0197b43672ea8138b7cd4bd81997c8aa3e5a8ce2294f3cd70b26b5cbe80abc76eef3c1a3655e7f2214 SHA512 cd5b8534d4a9c6a745e2c6d3d51c69b7c9521ff8d46a93461f09cc5b113645357496ab42f597bc3de45c642c523bb512a70150a336c33c499127864c4f4bda60 EBUILD omniORB-4.2.2.ebuild 2715 BLAKE2B 82966544593b19da2b9db6c8eb723f51d423cc26e2f4b6cae90779c9b8f45078660dd14848993cd78ee4bc8f7b303d868160e5485edca03e96861be39ec91b88 SHA512 6a35c3279d3ce09f462f166cc3c761fc36dae0fa6c30b632af4beebf944a3f4e47699b082696a2dc044982504f94000f3d28a62aaa80af4750a99e3a771a5002 MISC metadata.xml 247 BLAKE2B c2c840442760456aa29eeda2b225baa3eca5af75444074a09d500b1063f59ce978b5053c0d79fb7cd3717a477ef8e8e343dcf731a5a99e27058b0528c5066a4f SHA512 d76af24fd2513c0ed4a1f3066c9e9b9eb6407d1c013f22b3bcc9646fb771560c45c42c3851075ce9aa32bfe6ef68534cf1ccd3fefc9657fdb0b2794424ab8d1f diff --git a/net-misc/omniORB/files/change-umask-from-002-to-022-in-CreateDir-macro.patch b/net-misc/omniORB/files/change-umask-from-002-to-022-in-CreateDir-macro.patch new file mode 100644 index 000000000000..2aaab59ef201 --- /dev/null +++ b/net-misc/omniORB/files/change-umask-from-002-to-022-in-CreateDir-macro.patch @@ -0,0 +1,58 @@ +From 2a0ea5621ef7cd9303e49657166dfd04ffa624d7 Mon Sep 17 00:00:00 2001 +From: Michael Orlitzky <michael@orlitzky.com> +Date: Tue, 16 Aug 2016 13:55:08 -0400 +Subject: [PATCH 1/1] mk: Change umask from 002 to 022 in the CreateDir macro. + +The build system has a macro called CreateDir that does more or less +what you'd expect. But before it creates the directory given to it, it +sets the umask to 002. This can be a vulnerability, since we don't +know who the end user will be building the software as; there may be +untrusted people in his default group. In that case, one of those +people can overwrite the scripts in the directory created by CreateDir +before the user executes them. + +There is a kernel-level workaround for these types of vulnerabilities +in the Grsecurity project called Trusted Path Execution (TPE). When +enabled, users are not allowed to execute files in directories not +owned by themselves or root. When that restriction is enabled, omniORB +fails to build (due to the aforementioned umask). + +This commit changes the umask to 022 in CreateDir. This should not +cause any problems (ha ha), and is safer than the previous umask of +002. It also fixes the build on systems where TPE is enabled. + +Gentoo-Bug: 576040 +--- + mk/beforeauto.mk.in | 2 +- + mk/beforedir.mk | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/mk/beforeauto.mk.in b/mk/beforeauto.mk.in +index 83d544c..9f65c69 100644 +--- a/mk/beforeauto.mk.in ++++ b/mk/beforeauto.mk.in +@@ -167,7 +167,7 @@ unexport SUBDIRS + + define CreateDir + if [ ! -d $$dir ]; then \ +- (umask 002; set -x; $(MKDIRHIER) $$dir); \ ++ (umask 022; set -x; $(MKDIRHIER) $$dir); \ + fi + endef + +diff --git a/mk/beforedir.mk b/mk/beforedir.mk +index f804ed3..855bc4d 100644 +--- a/mk/beforedir.mk ++++ b/mk/beforedir.mk +@@ -187,7 +187,7 @@ unexport SUBDIRS + + define CreateDir + if [ ! -d $$dir ]; then \ +- (umask 002; set -x; $(MKDIRHIER) $$dir); \ ++ (umask 022; set -x; $(MKDIRHIER) $$dir); \ + fi + endef + +-- +2.7.3 + diff --git a/net-misc/omniORB/omniORB-4.2.1_p2.ebuild b/net-misc/omniORB/omniORB-4.2.1_p2.ebuild new file mode 100644 index 000000000000..46b2de01bec8 --- /dev/null +++ b/net-misc/omniORB/omniORB-4.2.1_p2.ebuild @@ -0,0 +1,104 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +# The build system picks one version of python and sticks with it. It +# tries to guess your version (based on /usr/bin/python), but for +# consistency we have to force it to use one that we specify. The +# highest version the configure script will accept is python-3.3, but +# that's on it's way out, so we prefer to stick with python-2.7 for now. +PYTHON_COMPAT=( python2_7 ) + +inherit python-single-r1 + +MY_P="${P/_p/-}" +DESCRIPTION="A robust, high-performance CORBA 2 ORB" +HOMEPAGE="http://omniorb.sourceforge.net/" +SRC_URI="mirror://sourceforge/omniorb/${MY_P}.tar.bz2" + +LICENSE="LGPL-2 GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~ppc ~ppc64 ~sparc ~x86" +IUSE="doc ipv6 ssl" +REQUIRED_USE="${PYTHON_REQUIRED_USE}" + +RDEPEND="${PYTHON_DEPS} + ssl? ( dev-libs/openssl:0= )" +DEPEND="${RDEPEND}" + +S="${WORKDIR}/${PN}-${PV/_p2/}" + +PATCHES=( + "${FILESDIR}/omniORB-4.1.4-format-security.patch" + "${FILESDIR}/change-umask-from-002-to-022-in-CreateDir-macro.patch" +) + +src_prepare() { + default + + # The OPTC(XX)FLAGS variables aren't present in these files, but we + # will set them when we call emake. + sed \ + -e 's/^CXXDEBUGFLAGS.*/CXXDEBUGFLAGS = $(OPTCXXFLAGS)/' \ + -e 's/^CDEBUGFLAGS.*/CDEBUGFLAGS = $(OPTCFLAGS)/' \ + -i mk/beforeauto.mk.in mk/platforms/i586_linux_2.0*.mk || \ + die 'failed to switch CFLAGS variables in the makefile includes' + + # The out-of-source build is suggested by upstream. + mkdir build || die 'failed to create build directory' +} + +src_configure() { + cd build || die 'failed to change into the build directory' + + ECONF_SOURCE=".." econf \ + --disable-static \ + --with-omniORB-config=/etc/omniorb/omniORB.cfg \ + --with-omniNames-logdir=/var/log/omniORB \ + --libdir="/usr/$(get_libdir)" \ + $(use_enable ipv6) \ + $(use_with ssl openssl "/usr") +} + +src_compile() { + cd build || die 'failed to change into the build directory' + emake OPTCFLAGS="${CFLAGS}" OPTCXXFLAGS="${CXXFLAGS}" +} + +src_install() { + cd build || die 'failed to change into the build directory' + default + + rm "${ED}/usr/bin/omniidlrun.py" || \ + die 'failed to remove redundant omniidlrun.py' + + cd "${S}" || die "failed to change into the ${S} directory" + + dodoc CREDITS doc/*.html ReleaseNotes.txt update.log + dodoc -r doc/omniORB + + if use doc; then + dodoc doc/*.pdf + fi + + cat <<- EOF > "${T}/90omniORB" + PATH="/usr/share/omniORB/bin/scripts" + OMNIORB_CONFIG="/etc/omniorb/omniORB.cfg" + EOF + doenvd "${T}/90omniORB" + doinitd "${FILESDIR}"/omniNames + + cp "sample.cfg" "${T}/omniORB.cfg" || die + cat <<- EOF >> "${T}/omniORB.cfg" + # resolve the omniNames running on localhost + InitRef = NameService=corbaname::localhost + EOF + insinto /etc/omniorb + doins "${T}"/omniORB.cfg + + keepdir /var/log/omniORB + + python_optimize + python_fix_shebang "${ED}"/usr/bin/omniidl +} |