diff options
| author |   Mike Gilbert <floppym@gentoo.org> | 2015-11-24 11:25:56 -0500 |
|---|---|---|
| committer | Mike Gilbert <floppym@gentoo.org> | 2015-11-24 11:26:09 -0500 |
| commit | 7f59a94c88c938260171d6b5327ea8ae79a032c1 (patch) | |
| tree | 168031dd3ef5b84bb8cbbfac4e8dd0550ec90c42 /sys-apps | |
| parent | app-backup/duply: Version Bump (diff) | |
| download | gentoo-7f59a94c88c938260171d6b5327ea8ae79a032c1.tar.gz gentoo-7f59a94c88c938260171d6b5327ea8ae79a032c1.tar.bz2 gentoo-7f59a94c88c938260171d6b5327ea8ae79a032c1.zip | |
sys-apps/systemd: Backport fix for CVE-2015-7510
Bug: https://bugs.gentoo.org/566716
Package-Manager: portage-2.2.25_p7
Diffstat (limited to 'sys-apps')
| -rw-r--r-- | sys-apps/systemd/files/CVE-2015-7510.patch | 37 | ||||
| -rw-r--r-- | sys-apps/systemd/systemd-226-r2.ebuild (renamed from sys-apps/systemd/systemd-226-r1.ebuild) | 1 | ||||
| -rw-r--r-- | sys-apps/systemd/systemd-228-r1.ebuild (renamed from sys-apps/systemd/systemd-228.ebuild) | 1 |
3 files changed, 39 insertions, 0 deletions
diff --git a/sys-apps/systemd/files/CVE-2015-7510.patch b/sys-apps/systemd/files/CVE-2015-7510.patch new file mode 100644 index 000000000000..088adbb1b683 --- /dev/null +++ b/sys-apps/systemd/files/CVE-2015-7510.patch @@ -0,0 +1,37 @@ +From cb31827d62066a04b02111df3052949fda4b6888 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Mon, 23 Nov 2015 13:59:43 -0500 +Subject: [PATCH] nss-mymachines: do not allow overlong machine names + +https://github.com/systemd/systemd/issues/2002 +--- + src/nss-mymachines/nss-mymachines.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/nss-mymachines/nss-mymachines.c b/src/nss-mymachines/nss-mymachines.c +index 969fa96..c98a959 100644 +--- a/src/nss-mymachines/nss-mymachines.c ++++ b/src/nss-mymachines/nss-mymachines.c +@@ -416,6 +416,9 @@ enum nss_status _nss_mymachines_getpwnam_r( + if (!e || e == p) + goto not_found; + ++ if (e - p > HOST_NAME_MAX - 1) /* -1 for the last dash */ ++ goto not_found; ++ + r = parse_uid(e + 1, &uid); + if (r < 0) + goto not_found; +@@ -573,6 +576,9 @@ enum nss_status _nss_mymachines_getgrnam_r( + if (!e || e == p) + goto not_found; + ++ if (e - p > HOST_NAME_MAX - 1) /* -1 for the last dash */ ++ goto not_found; ++ + r = parse_gid(e + 1, &gid); + if (r < 0) + goto not_found; +-- +2.6.3 + diff --git a/sys-apps/systemd/systemd-226-r1.ebuild b/sys-apps/systemd/systemd-226-r2.ebuild index 9a7bc968ace4..10471ac5466f 100644 --- a/sys-apps/systemd/systemd-226-r1.ebuild +++ b/sys-apps/systemd/systemd-226-r2.ebuild @@ -146,6 +146,7 @@ src_prepare() { sed -i -e 's/GROUP="dialout"/GROUP="uucp"/' rules/*.rules || die epatch "${FILESDIR}/218-Dont-enable-audit-by-default.patch" epatch "${FILESDIR}/226-noclean-tmp.patch" + epatch "${FILESDIR}/CVE-2015-7510.patch" epatch_user eautoreconf } diff --git a/sys-apps/systemd/systemd-228.ebuild b/sys-apps/systemd/systemd-228-r1.ebuild index 440c35f86df0..1ca11dabc10e 100644 --- a/sys-apps/systemd/systemd-228.ebuild +++ b/sys-apps/systemd/systemd-228-r1.ebuild @@ -146,6 +146,7 @@ src_prepare() { sed -i -e 's/GROUP="dialout"/GROUP="uucp"/' rules/*.rules || die epatch "${FILESDIR}/218-Dont-enable-audit-by-default.patch" epatch "${FILESDIR}/228-noclean-tmp.patch" + epatch "${FILESDIR}/CVE-2015-7510.patch" epatch_user eautoreconf } |