[crux-commits] ports/core (2.4): slocate: update to 3.1

crux at crux.nu crux at crux.nu
Thu Aug 30 08:41:18 UTC 2007


commit ae3ae2ac7a8b698402386bb75f086a8d6b8bc86d
Author: Juergen Daubert <jue at jue.li>
Date:   Thu Aug 30 10:41:01 2007 +0200

    slocate: update to 3.1

diff --git a/slocate/.footprint b/slocate/.footprint
index 04aa8a3..08c8d5f 100644
--- a/slocate/.footprint
+++ b/slocate/.footprint
@@ -2,14 +2,17 @@ drwxr-xr-x	root/root	etc/
 drwxr-xr-x	root/root	etc/cron/
 drwxr-xr-x	root/root	etc/cron/daily/
 -rwxr-xr-x	root/root	etc/cron/daily/slocate
+-rw-r--r--	root/root	etc/updatedb.conf
 drwxr-xr-x	root/root	usr/
 drwxr-xr-x	root/root	usr/bin/
 lrwxrwxrwx	root/root	usr/bin/locate -> slocate
 -rwxr-sr-x	root/slocate	usr/bin/slocate
+lrwxrwxrwx	root/root	usr/bin/updatedb -> slocate
 drwxr-xr-x	root/root	usr/man/
 drwxr-xr-x	root/root	usr/man/man1/
 lrwxrwxrwx	root/root	usr/man/man1/locate.1.gz -> slocate.1.gz
 -rw-r--r--	root/root	usr/man/man1/slocate.1.gz
+-rw-r--r--	root/root	usr/man/man1/updatedb.1.gz
 drwxr-xr-x	root/root	var/
 drwxr-xr-x	root/root	var/lib/
 drwxr-x---	root/slocate	var/lib/slocate/
diff --git a/slocate/.md5sum b/slocate/.md5sum
index 56173bf..1d528ca 100644
--- a/slocate/.md5sum
+++ b/slocate/.md5sum
@@ -1,3 +1,4 @@
-5cf4f530f0a5b78967bf8f43a3fea617  slocate
-660bf796027941744970242c7cd4ac70  slocate-2.7.patch
-4872830642ea2ed5f9aff932720583c9  slocate-2.7.tar.gz
+7aa005d9c9f39f18896e68af6cb301f0  CVE-2007-0227.patch
+8f0b2571a7a6abf2cb519f85c5225436  slocate
+69b45865ebce0cbfeb430381f0eb8b51  slocate_3.1.orig.tar.gz
+4203633cf028280a596b00b33455c181  updatedb.conf
diff --git a/slocate/CVE-2007-0227.patch b/slocate/CVE-2007-0227.patch
new file mode 100644
index 0000000..4f10992
--- /dev/null
+++ b/slocate/CVE-2007-0227.patch
@@ -0,0 +1,42 @@
+--- slocate-3.1.orig/src/utils.c
++++ slocate-3.1/src/utils.c
+@@ -524,6 +524,7 @@
+ {
+ 	struct stat path_stat;
+ 	int ret = 0;
++	char *path_copy = NULL;
+ 	char *ptr = NULL;
+ 
+ 	if (lstat(path, &path_stat) == -1)
+@@ -532,15 +533,25 @@
+ 	if (!S_ISLNK(path_stat.st_mode)) {
+ 		if (access(path, F_OK) != 0)
+ 		    goto EXIT;
+-	} else if ((ptr = rindex(path, '/'))) {
+-		*ptr = 0;
+-		if (access(path, F_OK) == 0)
+-		    ret = 1;
+-		*ptr = '/';
+-		goto EXIT;
+ 	}
+ 
++	/* "path" is const, so we shouldn't modify it.  Also, for speed,
++	 * I suspect strdup/free is less expensive than the deep access
++	 * checks... */
++	if (!(path_copy = strdup(path)))
++		goto EXIT;
++
+ 	ret = 1;
++
++	/* Each directory leading to the file (symlink or not) must be
++	 * readable for us to allow it to be listed in search results. */
++	while (ret && (ptr=rindex(path_copy,'/'))) {
++		*ptr=0;
++		if (*path_copy && access(path_copy, R_OK) != 0)
++		    ret = 0;
++	}
++	free(path_copy);
++
+ EXIT:
+ 	return ret;
+ }
diff --git a/slocate/Pkgfile b/slocate/Pkgfile
index ac46dab..69b68c2 100644
--- a/slocate/Pkgfile
+++ b/slocate/Pkgfile
@@ -1,28 +1,33 @@
 # Description: Secure version of the GNU locate program
-# URL:         ftp://ftp.geekreview.org/slocate/
+# URL:         http://packages.debian.org/unstable/utils/slocate
 # Maintainer:  CRUX System Team, core-ports at crux dot nu
 
 name=slocate
-version=2.7
-release=3
-source=(http://dl.sourceforge.net/sourceforge/$name/$name-$version.tar.gz \
-	$name-$version.patch slocate)
+version=3.1
+release=1
+source=(http://ftp.debian.org/debian/pool/main/s/$name/${name}_${version}.orig.tar.gz \
+        slocate updatedb.conf CVE-2007-0227.patch)
 
 build() {
     cd $name-$version
-    patch -p1 < ../$name-$version.patch
-    touch Makefile.in
-    ./configure --prefix=/usr
-    make
-    mkdir -p $PKG/usr/bin $PKG/usr/man/man1 \
-	     $PKG/var/lib/slocate $PKG/etc/cron/daily
-    touch slocate.db
-    chmod 0750 $PKG/var/lib/slocate
-    chgrp slocate $PKG/var/lib/slocate
-    install -m 0640 -g slocate slocate.db $PKG/var/lib/slocate/slocate.db
-    install -m 2755 -g slocate slocate $PKG/usr/bin/slocate
-    install -m 0755 ../slocate $PKG/etc/cron/daily/slocate
-    install -m 0644 doc/slocate.1.linux.gz $PKG/usr/man/man1/slocate.1.gz
+
+    patch -p1 -i $SRC/CVE-2007-0227.patch
+    sed -i "s/-O2/$CFLAGS/" src/Makefile
+
+    make -j1
+    
+    install -D -m 2755 -g slocate src/slocate $PKG/usr/bin/slocate
     ln -sf slocate $PKG/usr/bin/locate
+    ln -sf slocate $PKG/usr/bin/updatedb
+
+    touch slocate.db
+    install -d -m 0750 -g slocate $PKG/var/lib/slocate
+    install -m 0640 -g slocate slocate.db $PKG/var/lib/slocate
+    
+    install -D -m 0755 $SRC/slocate $PKG/etc/cron/daily/slocate
+    install -m 0644 $SRC/updatedb.conf $PKG/etc
+    
+    install -D -m 0644 doc/slocate.1 $PKG/usr/man/man1/slocate.1
+    install -m 0644 doc/updatedb.1 $PKG/usr/man/man1
     ln -sf slocate.1.gz $PKG/usr/man/man1/locate.1.gz
 }
diff --git a/slocate/slocate b/slocate/slocate
old mode 100755
new mode 100644
index c5a4b0d..154de76
--- a/slocate/slocate
+++ b/slocate/slocate
@@ -1,9 +1,8 @@
 #!/bin/sh
 #
-# /etc/cron/daily/slocate: update the slocate database
+# /etc/cron/daily/updatedb: update the slocate database
 #
 
-/usr/bin/slocate -u -f proc,nfs,smbfs,autofs,auto,iso9660 \
-		 -e /tmp,/var/tmp,/var/spool,/mnt
+/usr/bin/updatedb
 
 # End of file
diff --git a/slocate/slocate-2.7.patch b/slocate/slocate-2.7.patch
deleted file mode 100644
index ab27bff..0000000
--- a/slocate/slocate-2.7.patch
+++ /dev/null
@@ -1,93 +0,0 @@
-CAN-2003-0848: 'slocate' sgid privileges are now dropped when
-searching databases that are not part of the 'slocate' group. This
-will prevent malicious user supplied databases from giving access to
-the 'slocate' group.  Patch from Kevin Lindsay <klindsay at debian.org>  
-
-diff -ru slocate-2.7/main.c slocate-2.7-new/main.c
---- slocate-2.7/main.c	2003-01-25 05:39:48.000000000 +0100
-+++ slocate-2.7-new/main.c	2004-03-28 12:01:45.256631896 +0200
-@@ -342,6 +342,9 @@
- 	char *part;
- 	int i;
- 	int res_errno;
-+	char *tmp_ptr = NULL;
-+	int last_sgid = 0;
-+	struct stat db_stat;
- 
- 	/* Make sure path is not empty */
- 	if (!path || strlen(path) == 0) return;
-@@ -385,6 +388,28 @@
- 
- 	/* Null terminate array */
- 	SLOCATE_PATH[i] = NULL;
-+	
-+	/* Sort sgid slocate db's to the top */
-+	for (i = 0; SLOCATE_PATH[i]; i++) {
-+		if (stat(SLOCATE_PATH[i], &db_stat) == -1)
-+		    report_error(FATAL, QUIET, "%s: Could not stat DB: %s: %s\n", progname, SLOCATE_PATH[i], strerror(errno));
-+
-+		if (db_stat.st_gid != SLOC_GID)
-+		    continue;
-+		
-+		if (i != last_sgid) {
-+			tmp_ptr = SLOCATE_PATH[last_sgid];
-+			SLOCATE_PATH[last_sgid] = SLOCATE_PATH[i];
-+			SLOCATE_PATH[i] = tmp_ptr;
-+		}
-+		
-+		last_sgid += 1;
-+		
-+	}
-+	
-+	/* for (i = 0; SLOCATE_PATH[i]; i++)
-+	    printf("%s\n", SLOCATE_PATH[i]); */
-+
- }
- 
- /* Parse Dash */
-@@ -1154,6 +1179,22 @@
- 	char *cp=NULL;
- #endif
- 	char *bucket_of_holding=NULL;
-+	gid_t cur_gid;
-+	struct stat db_stat;
-+
-+	cur_gid = getegid();
-+
-+	if (stat(database, &db_stat) == -1)
-+	    report_error(FATAL, QUIET, "%s: Could not stat '%d': %s\n", progname, strerror(errno));
-+	
-+	/* If the database's file group is not apart of the 'slocate' group,
-+	 * drop privileges. When multiple databases are specified, the ones
-+	 * apart of the 'slocate' group will be searched first before the
-+	 * privileges are dropped. */       
-+	if (cur_gid == SLOC_GID && db_stat.st_gid != SLOC_GID) {
-+		if (setgid(GID) == -1)
-+		    report_error(FATAL, QUIET, "%s: Could not drop privileges.", progname);
-+	}
- 
- 	if ((fd = open(database,O_RDONLY)) == -1) {
- 		report_error(WARNING,QUIET,"%s: decode_db(): %s: %s\n",progname,database,strerror(errno));
-@@ -1411,6 +1452,9 @@
- 	/* Get user IDs */
- 	UID = getuid();        
- 	GID = getgid();
-+			
-+	/* Get the 'slocate' group GID */
-+	SLOC_GID = get_gid(GRPFILE);
- 
- 	/* Add the LOCATE_PATH environment variable to the list of databases to search in */
- 	parse_decode_path(getenv("LOCATE_PATH"));
-@@ -1535,11 +1579,7 @@
- 	 * with the -d option, etc */
- 
- 	if (ADD_SLOCATEDB)
--	    parse_decode_path(SLOCATEDB);
--
--	/* Get the 'slocate' group GID */
--	SLOC_GID = get_gid(GRPFILE);
--	
-+	    parse_decode_path(SLOCATEDB);	
- 	
- 	/* if the -U option has been used, start to create the database at specified path */
- 	if (SPECDIR)
diff --git a/slocate/updatedb.conf b/slocate/updatedb.conf
new file mode 100644
index 0000000..875d47e
--- /dev/null
+++ b/slocate/updatedb.conf
@@ -0,0 +1,13 @@
+#
+# /etc/updatedb.conf
+#
+# This file sets environment variables which are 
+# used by updatedb and slocate -u
+
+# filesystems which are pruned from updatedb database
+PRUNEFS="nfs afs proc smbfs autofs auto iso9660"
+export PRUNEFS
+
+# paths which are pruned from updatedb database
+PRUNEPATHS="/tmp /var/tmp /var/spool /mnt"
+export PRUNEPATHS



More information about the crux-commits mailing list