[arch-commits] Commit in x2goserver/trunk (PKGBUILD revert.patch x2goserver.install)

Andreas Radke andyrtr at nymeria.archlinux.org
Mon May 20 14:08:51 EDT 2013


    Date: Monday, May 20, 2013 @ 20:08:51
  Author: andyrtr
Revision: 186035

upgpkg: x2goserver 4.0.0.2-2

fix session now showing up - FS#35380

Added:
  x2goserver/trunk/revert.patch
Modified:
  x2goserver/trunk/PKGBUILD
  x2goserver/trunk/x2goserver.install

--------------------+
 PKGBUILD           |   18 ++++--
 revert.patch       |  152 +++++++++++++++++++++++++++++++++++++++++++++++++++
 x2goserver.install |    2 
 3 files changed, 165 insertions(+), 7 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2013-05-20 18:03:55 UTC (rev 186034)
+++ PKGBUILD	2013-05-20 18:08:51 UTC (rev 186035)
@@ -8,7 +8,7 @@
 
 pkgname=x2goserver
 pkgver=4.0.0.2
-pkgrel=1
+pkgrel=2
 pkgdesc="Open source terminal server"
 arch=('i686' 'x86_64')
 url="http://www.x2go.org/"
@@ -19,13 +19,20 @@
 options=('emptydirs')
 install=x2goserver.install
 backup=('etc/x2go/x2goserver.conf' 'etc/x2go/x2gosql/sql')
-source=(http://code.x2go.org/releases/source/${pkgname}/${pkgname}-${pkgver}.tar.gz x2goserver.service)
+source=(http://code.x2go.org/releases/source/${pkgname}/${pkgname}-${pkgver}.tar.gz
+        x2goserver.service
+        revert.patch)
 md5sums=('6b8cecfdd31a8877203f50d3666c265f'
-         'f76081c01e40b6206895d194dc949707')
+         'f76081c01e40b6206895d194dc949707'
+         'c487c31e7c0aa9a73323313007497764')
 
 build() {
   cd "${srcdir}/${pkgname}-${pkgver}"
-#return 1
+
+  # revert an upstream commit that breaks sessions showing up
+  # http://code.x2go.org/gitweb?p=x2goserver.git;a=commitdiff;h=011d14ae076ba6fec96cd1e019c4f82444ab0f9f
+  patch -Rp1 -i ${srcdir}/revert.patch
+
   # -r option does not exist in Arch linux
   # (However, html man pages do not get installed anyway...)
   for Makefile in $(find . -type f -name Makefile); do
@@ -49,9 +56,8 @@
   install -Dm 644 "$srcdir/x2goserver.service" "$pkgdir/usr/lib/systemd/system/x2goserver.service"
   
   # X2go homedir + printing spool dir
-  #install -dm 755 $pkgdir/var/lib/x2go
   install -dm 770 $pkgdir/var/lib/x2go
-  install -dm 755 $pkgdir/var/spool/x2go
+  install -dm 770 $pkgdir/var/spool/x2go
   
   # load fuse module at system start
   install -dm755 $pkgdir/lib/modules-load.d

Added: revert.patch
===================================================================
--- revert.patch	                        (rev 0)
+++ revert.patch	2013-05-20 18:08:51 UTC (rev 186035)
@@ -0,0 +1,152 @@
+From 011d14ae076ba6fec96cd1e019c4f82444ab0f9f Mon Sep 17 00:00:00 2001
+From: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
+Date: Sun, 19 May 2013 00:41:32 +0200
+Subject: [PATCH] Security fix for setgid wrapper x2gosqlitewrapper.c.
+ Hard-code path to x2gosqlitewrapper.pl during build via
+ defining a macro in the Makefile. Thanks to Richard
+ Weinberger for spotting this!!!
+
+---
+ Makefile                       |    2 +-
+ debian/changelog               |    3 +++
+ debian/rules                   |    4 +--
+ x2goserver/Makefile            |    4 +--
+ x2goserver/x2gosqlitewrapper.c |   54 +++-------------------------------------
+ 5 files changed, 12 insertions(+), 55 deletions(-)
+
+diff --git a/Makefile b/Makefile
+index 3be40f9..588084f 100755
+--- a/Makefile
++++ b/Makefile
+@@ -4,7 +4,7 @@ RM_FILE=rm -f
+ RM_DIR=rmdir -p --ignore-fail-on-non-empty
+ 
+ DESTDIR=
+-PREFIX=/usr/local
++PREFIX ?= /usr/local
+ ETCDIR=/etc/x2go
+ LIBDIR=$(PREFIX)/lib/x2go
+ SHAREDIR=$(PREFIX)/share/x2go
+diff --git a/debian/changelog b/debian/changelog
+index 470a502..2cf2dde 100644
+--- a/debian/changelog
++++ b/debian/changelog
+@@ -12,6 +12,9 @@ x2goserver (4.0.0.2-0~x2go1) UNRELEASED; urgency=low
+   * New upstream version (4.0.0.2):
+     - Use make_path from File::Path in x2godbadmin to create user directory if
+       not present. (Fixes: #200).
++    - Security fix for setgid wrapper x2gosqlitewrapper.c. Hard-code path to
++      x2gosqlitewrapper.pl during build via defining a macro in the Makefile.
++      Thanks to Richard Weinberger for spotting this!!!
+   /debian/control:
+     + Let x2goserver bin:package depend on xfonts-base and fontconfig. (Fixes:
+       #163).
+diff --git a/debian/rules b/debian/rules
+index b32e08d..5bb94b2 100755
+--- a/debian/rules
++++ b/debian/rules
+@@ -1,10 +1,10 @@
+ #!/usr/bin/make -f
+ 
+ %:
+-	dh $@
++	PREFIX=/usr dh $@
+ 
+ override_dh_auto_install:
+-	make -f Makefile build-arch
++	PREFIX=/usr make -f Makefile build-arch
+ 
+ override_dh_auto_clean:
+ 	rm -fv x2gosqlitewrapper
+diff --git a/x2goserver/Makefile b/x2goserver/Makefile
+index 4287478..e9d56e6 100755
+--- a/x2goserver/Makefile
++++ b/x2goserver/Makefile
+@@ -15,7 +15,7 @@ RM_FILE=rm -f
+ RM_DIR=rmdir -p --ignore-fail-on-non-empty
+ 
+ DESTDIR=
+-PREFIX=/usr/local
++PREFIX ?= /usr/local
+ ETCDIR=/etc/x2go
+ BINDIR=$(PREFIX)/bin
+ SBINDIR=$(PREFIX)/sbin
+@@ -41,7 +41,7 @@ build: build-arch build-indep
+ build-arch: build_setgidwrappers
+ 
+ build_setgidwrappers:
+-	$(CC) $(CFLAGS) $(LDFLAGS) -o x2gosqlitewrapper x2gosqlitewrapper.c
++	$(CC) $(CFLAGS) $(LDFLAGS) -DTRUSTED_BINARY=\"$(DESTDIR)$(LIBDIR)/x2gosqlitewrapper.pl\" -o x2gosqlitewrapper x2gosqlitewrapper.c
+ 
+ build-indep: build_man2html
+ 
+diff --git a/x2goserver/x2gosqlitewrapper.c b/x2goserver/x2gosqlitewrapper.c
+index a134efc..ad95eff 100644
+--- a/x2goserver/x2gosqlitewrapper.c
++++ b/x2goserver/x2gosqlitewrapper.c
+@@ -21,58 +21,12 @@
+  * 
+  */
+ 
+-#include <stdio.h>
+-#include <stdlib.h>
+-#include <unistd.h>
+-#include <libgen.h>
+-#include <errno.h>
+-
+ int main( int argc, char *argv[] ) {
+-	char * x2gosqlitewrapper = NULL;
+-	size_t path_max;
+-	
+-/*
+-	The following snippet is taken from the realpath manpage
+-*/
+-#ifdef PATH_MAX
+-	path_max = PATH_MAX;
+-#else
+-	path_max = pathconf (".", _PC_PATH_MAX);
+-	if (path_max <= 0){
+-		path_max = 4096;
+-	}
+-#endif
+-	{
+-		// allocate dynamic buffer in stack: this needs C99 or gnu??
+-		char buffer[path_max];
+-		ssize_t rvrl;
+-		int rvap;
+-
+-		// resolve link of /proc/self/exe to find out where we are
+-		rvrl = readlink("/proc/self/exe", buffer, path_max);
+-		if(rvrl == -1){
+-			perror("readlink(\"/proc/self/exe\",buffer,path_max)");
+-			exit(EXIT_FAILURE);
+-		}
+-		if(rvrl >= path_max){
+-			fprintf(stderr, "Could not resolve the path of this file using \"/proc/self/exe\". The path is too long (> %i)", path_max);
+-			exit(EXIT_FAILURE);
+-		}
+-
+-		// derive the full path of x2gosqlitewrapper.pl from path of this binary
+-		rvap = asprintf(&x2gosqlitewrapper, "%s/%s", dirname(buffer), "x2gosqlitewrapper.pl");
+-		if(rvap == -1){
+-			fprintf(stderr, "Failed to allocate memory calling asprintf\n");
+-			exit(EXIT_FAILURE);
+-		}
+-
+-		// execute the script, running with user-rights of this binary 
+-		execv(x2gosqlitewrapper, argv);
+ 
+-	}
++	char x2gosqlitewrapper[] = TRUSTED_BINARY;
+ 
+-	// ...fail
+-	fprintf(stderr, "Failed to execute %s: %s\n", x2gosqlitewrapper, strerror(errno));
+-	return EXIT_FAILURE;
++	argv[0] = "x2gosqlitewrapper.pl";
++	// execute the script, running with user-rights of this binary
++	execv(x2gosqlitewrapper, argv);
+ 
+ }
+-- 
+1.7.9.5
+

Modified: x2goserver.install
===================================================================
--- x2goserver.install	2013-05-20 18:03:55 UTC (rev 186034)
+++ x2goserver.install	2013-05-20 18:08:51 UTC (rev 186035)
@@ -39,7 +39,7 @@
   # fix permissions - see INSTALL file
   chown -R x2goprint:x2goprint /var/spool/x2go
   chmod 0770 /var/spool/x2go
-  
+    
   chown root:x2gouser /usr/lib/x2go/x2gosqlitewrapper
   chmod 2755 /usr/lib/x2go/x2gosqlitewrapper
   



More information about the arch-commits mailing list