[arch-commits] Commit in x2goserver/repos (14 files)

Andreas Radke andyrtr at nymeria.archlinux.org
Mon May 20 14:09:21 EDT 2013


    Date: Monday, May 20, 2013 @ 20:09:21
  Author: andyrtr
Revision: 186036

archrelease: copy trunk to extra-i686, extra-x86_64

Added:
  x2goserver/repos/extra-i686/PKGBUILD
    (from rev 186035, x2goserver/trunk/PKGBUILD)
  x2goserver/repos/extra-i686/revert.patch
    (from rev 186035, x2goserver/trunk/revert.patch)
  x2goserver/repos/extra-i686/x2goserver.install
    (from rev 186035, x2goserver/trunk/x2goserver.install)
  x2goserver/repos/extra-i686/x2goserver.service
    (from rev 186035, x2goserver/trunk/x2goserver.service)
  x2goserver/repos/extra-x86_64/PKGBUILD
    (from rev 186035, x2goserver/trunk/PKGBUILD)
  x2goserver/repos/extra-x86_64/revert.patch
    (from rev 186035, x2goserver/trunk/revert.patch)
  x2goserver/repos/extra-x86_64/x2goserver.install
    (from rev 186035, x2goserver/trunk/x2goserver.install)
  x2goserver/repos/extra-x86_64/x2goserver.service
    (from rev 186035, x2goserver/trunk/x2goserver.service)
Deleted:
  x2goserver/repos/extra-i686/PKGBUILD
  x2goserver/repos/extra-i686/x2goserver.install
  x2goserver/repos/extra-i686/x2goserver.service
  x2goserver/repos/extra-x86_64/PKGBUILD
  x2goserver/repos/extra-x86_64/x2goserver.install
  x2goserver/repos/extra-x86_64/x2goserver.service

---------------------------------+
 /PKGBUILD                       |  138 ++++++++++++++++++++++++++++++++++
 /x2goserver.install             |  122 ++++++++++++++++++++++++++++++
 /x2goserver.service             |   20 +++++
 extra-i686/PKGBUILD             |   63 ---------------
 extra-i686/revert.patch         |  152 ++++++++++++++++++++++++++++++++++++++
 extra-i686/x2goserver.install   |   61 ---------------
 extra-i686/x2goserver.service   |   10 --
 extra-x86_64/PKGBUILD           |   63 ---------------
 extra-x86_64/revert.patch       |  152 ++++++++++++++++++++++++++++++++++++++
 extra-x86_64/x2goserver.install |   61 ---------------
 extra-x86_64/x2goserver.service |   10 --
 11 files changed, 584 insertions(+), 268 deletions(-)

Deleted: extra-i686/PKGBUILD
===================================================================
--- extra-i686/PKGBUILD	2013-05-20 18:08:51 UTC (rev 186035)
+++ extra-i686/PKGBUILD	2013-05-20 18:09:21 UTC (rev 186036)
@@ -1,63 +0,0 @@
-# $Id$
-# Maintainer: AndyRTR <andyrtr at archlinux.org>
-
-# Contributor: Gerhard Brauer <gerbra at archlinux.de>
-# Contributor: Richard Murri <admin at richardmurri.com>
-# Contributor: Markus Opitz <mastero23 at gmail dot com>
-# Contributor: Milan Knížek <knizek at volny.cz>
-
-pkgname=x2goserver
-pkgver=4.0.0.2
-pkgrel=1
-pkgdesc="Open source terminal server"
-arch=('i686' 'x86_64')
-url="http://www.x2go.org/"
-license=('GPL')
-depends=('openssh' 'perl-config-simple' 'perl-dbd-sqlite' 'perl-file-basedir' 'python' 'x2go-agent' 'xorg-xauth')
-makedepends=('man2html')
-#optdepends=('cups-x2go: printing support')
-options=('emptydirs')
-install=x2goserver.install
-backup=('etc/x2go/x2goserver.conf' 'etc/x2go/x2gosql/sql')
-source=(http://code.x2go.org/releases/source/${pkgname}/${pkgname}-${pkgver}.tar.gz x2goserver.service)
-md5sums=('6b8cecfdd31a8877203f50d3666c265f'
-         'f76081c01e40b6206895d194dc949707')
-
-build() {
-  cd "${srcdir}/${pkgname}-${pkgver}"
-#return 1
-  # -r option does not exist in Arch linux
-  # (However, html man pages do not get installed anyway...)
-  for Makefile in $(find . -type f -name Makefile); do
-    sed -i 's@(MAN2HTML_BIN) -r @(MAN2HTML_BIN) < @g' $Makefile
-    sed -i 's@ \$(MAN2HTML_SRC)/@ < \$(MAN2HTML_SRC)/@g' $Makefile
-  done
-
-  # fix some Makefile permission options
-  for Makefile in $(find . -type f -name Makefile); do
-    sed -i "s:-o root -g root ::g" $Makefile
-  done
-
-  make
-}
-
-package() {
-  cd "${srcdir}/${pkgname}-${pkgver}"
-  make -j1 PREFIX=/usr SBINDIR=/usr/bin DESTDIR="$pkgdir" install
-
-  # systemd service file - only runs x2gocleansessions
-  install -Dm 644 "$srcdir/x2goserver.service" "$pkgdir/usr/lib/systemd/system/x2goserver.service"
-  
-  # X2go homedir + printing spool dir
-  #install -dm 755 $pkgdir/var/lib/x2go
-  install -dm 770 $pkgdir/var/lib/x2go
-  install -dm 755 $pkgdir/var/spool/x2go
-  
-  # load fuse module at system start
-  install -dm755 $pkgdir/lib/modules-load.d
-  echo "fuse" > $pkgdir/lib/modules-load.d/x2goserver.conf
-
-  install -dm 755 "${pkgdir}/usr/share/doc/${pkgname}"
-  install -m 644 "debian/changelog" "${pkgdir}/usr/share/doc/${pkgname}/changelog.DEBIAN"
-  install -m 644 "debian/copyright" "${pkgdir}/usr/share/doc/${pkgname}/copyright.DEBIAN"
-}

Copied: x2goserver/repos/extra-i686/PKGBUILD (from rev 186035, x2goserver/trunk/PKGBUILD)
===================================================================
--- extra-i686/PKGBUILD	                        (rev 0)
+++ extra-i686/PKGBUILD	2013-05-20 18:09:21 UTC (rev 186036)
@@ -0,0 +1,69 @@
+# $Id$
+# Maintainer: AndyRTR <andyrtr at archlinux.org>
+
+# Contributor: Gerhard Brauer <gerbra at archlinux.de>
+# Contributor: Richard Murri <admin at richardmurri.com>
+# Contributor: Markus Opitz <mastero23 at gmail dot com>
+# Contributor: Milan Knížek <knizek at volny.cz>
+
+pkgname=x2goserver
+pkgver=4.0.0.2
+pkgrel=2
+pkgdesc="Open source terminal server"
+arch=('i686' 'x86_64')
+url="http://www.x2go.org/"
+license=('GPL')
+depends=('openssh' 'perl-config-simple' 'perl-dbd-sqlite' 'perl-file-basedir' 'python' 'x2go-agent' 'xorg-xauth')
+makedepends=('man2html')
+#optdepends=('cups-x2go: printing support')
+options=('emptydirs')
+install=x2goserver.install
+backup=('etc/x2go/x2goserver.conf' 'etc/x2go/x2gosql/sql')
+source=(http://code.x2go.org/releases/source/${pkgname}/${pkgname}-${pkgver}.tar.gz
+        x2goserver.service
+        revert.patch)
+md5sums=('6b8cecfdd31a8877203f50d3666c265f'
+         'f76081c01e40b6206895d194dc949707'
+         'c487c31e7c0aa9a73323313007497764')
+
+build() {
+  cd "${srcdir}/${pkgname}-${pkgver}"
+
+  # revert an upstream commit that breaks sessions showing up
+  # http://code.x2go.org/gitweb?p=x2goserver.git;a=commitdiff;h=011d14ae076ba6fec96cd1e019c4f82444ab0f9f
+  patch -Rp1 -i ${srcdir}/revert.patch
+
+  # -r option does not exist in Arch linux
+  # (However, html man pages do not get installed anyway...)
+  for Makefile in $(find . -type f -name Makefile); do
+    sed -i 's@(MAN2HTML_BIN) -r @(MAN2HTML_BIN) < @g' $Makefile
+    sed -i 's@ \$(MAN2HTML_SRC)/@ < \$(MAN2HTML_SRC)/@g' $Makefile
+  done
+
+  # fix some Makefile permission options
+  for Makefile in $(find . -type f -name Makefile); do
+    sed -i "s:-o root -g root ::g" $Makefile
+  done
+
+  make
+}
+
+package() {
+  cd "${srcdir}/${pkgname}-${pkgver}"
+  make -j1 PREFIX=/usr SBINDIR=/usr/bin DESTDIR="$pkgdir" install
+
+  # systemd service file - only runs x2gocleansessions
+  install -Dm 644 "$srcdir/x2goserver.service" "$pkgdir/usr/lib/systemd/system/x2goserver.service"
+  
+  # X2go homedir + printing spool dir
+  install -dm 770 $pkgdir/var/lib/x2go
+  install -dm 770 $pkgdir/var/spool/x2go
+  
+  # load fuse module at system start
+  install -dm755 $pkgdir/lib/modules-load.d
+  echo "fuse" > $pkgdir/lib/modules-load.d/x2goserver.conf
+
+  install -dm 755 "${pkgdir}/usr/share/doc/${pkgname}"
+  install -m 644 "debian/changelog" "${pkgdir}/usr/share/doc/${pkgname}/changelog.DEBIAN"
+  install -m 644 "debian/copyright" "${pkgdir}/usr/share/doc/${pkgname}/copyright.DEBIAN"
+}

Copied: x2goserver/repos/extra-i686/revert.patch (from rev 186035, x2goserver/trunk/revert.patch)
===================================================================
--- extra-i686/revert.patch	                        (rev 0)
+++ extra-i686/revert.patch	2013-05-20 18:09:21 UTC (rev 186036)
@@ -0,0 +1,152 @@
+From 011d14ae076ba6fec96cd1e019c4f82444ab0f9f Mon Sep 17 00:00:00 2001
+From: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
+Date: Sun, 19 May 2013 00:41:32 +0200
+Subject: [PATCH] Security fix for setgid wrapper x2gosqlitewrapper.c.
+ Hard-code path to x2gosqlitewrapper.pl during build via
+ defining a macro in the Makefile. Thanks to Richard
+ Weinberger for spotting this!!!
+
+---
+ Makefile                       |    2 +-
+ debian/changelog               |    3 +++
+ debian/rules                   |    4 +--
+ x2goserver/Makefile            |    4 +--
+ x2goserver/x2gosqlitewrapper.c |   54 +++-------------------------------------
+ 5 files changed, 12 insertions(+), 55 deletions(-)
+
+diff --git a/Makefile b/Makefile
+index 3be40f9..588084f 100755
+--- a/Makefile
++++ b/Makefile
+@@ -4,7 +4,7 @@ RM_FILE=rm -f
+ RM_DIR=rmdir -p --ignore-fail-on-non-empty
+ 
+ DESTDIR=
+-PREFIX=/usr/local
++PREFIX ?= /usr/local
+ ETCDIR=/etc/x2go
+ LIBDIR=$(PREFIX)/lib/x2go
+ SHAREDIR=$(PREFIX)/share/x2go
+diff --git a/debian/changelog b/debian/changelog
+index 470a502..2cf2dde 100644
+--- a/debian/changelog
++++ b/debian/changelog
+@@ -12,6 +12,9 @@ x2goserver (4.0.0.2-0~x2go1) UNRELEASED; urgency=low
+   * New upstream version (4.0.0.2):
+     - Use make_path from File::Path in x2godbadmin to create user directory if
+       not present. (Fixes: #200).
++    - Security fix for setgid wrapper x2gosqlitewrapper.c. Hard-code path to
++      x2gosqlitewrapper.pl during build via defining a macro in the Makefile.
++      Thanks to Richard Weinberger for spotting this!!!
+   /debian/control:
+     + Let x2goserver bin:package depend on xfonts-base and fontconfig. (Fixes:
+       #163).
+diff --git a/debian/rules b/debian/rules
+index b32e08d..5bb94b2 100755
+--- a/debian/rules
++++ b/debian/rules
+@@ -1,10 +1,10 @@
+ #!/usr/bin/make -f
+ 
+ %:
+-	dh $@
++	PREFIX=/usr dh $@
+ 
+ override_dh_auto_install:
+-	make -f Makefile build-arch
++	PREFIX=/usr make -f Makefile build-arch
+ 
+ override_dh_auto_clean:
+ 	rm -fv x2gosqlitewrapper
+diff --git a/x2goserver/Makefile b/x2goserver/Makefile
+index 4287478..e9d56e6 100755
+--- a/x2goserver/Makefile
++++ b/x2goserver/Makefile
+@@ -15,7 +15,7 @@ RM_FILE=rm -f
+ RM_DIR=rmdir -p --ignore-fail-on-non-empty
+ 
+ DESTDIR=
+-PREFIX=/usr/local
++PREFIX ?= /usr/local
+ ETCDIR=/etc/x2go
+ BINDIR=$(PREFIX)/bin
+ SBINDIR=$(PREFIX)/sbin
+@@ -41,7 +41,7 @@ build: build-arch build-indep
+ build-arch: build_setgidwrappers
+ 
+ build_setgidwrappers:
+-	$(CC) $(CFLAGS) $(LDFLAGS) -o x2gosqlitewrapper x2gosqlitewrapper.c
++	$(CC) $(CFLAGS) $(LDFLAGS) -DTRUSTED_BINARY=\"$(DESTDIR)$(LIBDIR)/x2gosqlitewrapper.pl\" -o x2gosqlitewrapper x2gosqlitewrapper.c
+ 
+ build-indep: build_man2html
+ 
+diff --git a/x2goserver/x2gosqlitewrapper.c b/x2goserver/x2gosqlitewrapper.c
+index a134efc..ad95eff 100644
+--- a/x2goserver/x2gosqlitewrapper.c
++++ b/x2goserver/x2gosqlitewrapper.c
+@@ -21,58 +21,12 @@
+  * 
+  */
+ 
+-#include <stdio.h>
+-#include <stdlib.h>
+-#include <unistd.h>
+-#include <libgen.h>
+-#include <errno.h>
+-
+ int main( int argc, char *argv[] ) {
+-	char * x2gosqlitewrapper = NULL;
+-	size_t path_max;
+-	
+-/*
+-	The following snippet is taken from the realpath manpage
+-*/
+-#ifdef PATH_MAX
+-	path_max = PATH_MAX;
+-#else
+-	path_max = pathconf (".", _PC_PATH_MAX);
+-	if (path_max <= 0){
+-		path_max = 4096;
+-	}
+-#endif
+-	{
+-		// allocate dynamic buffer in stack: this needs C99 or gnu??
+-		char buffer[path_max];
+-		ssize_t rvrl;
+-		int rvap;
+-
+-		// resolve link of /proc/self/exe to find out where we are
+-		rvrl = readlink("/proc/self/exe", buffer, path_max);
+-		if(rvrl == -1){
+-			perror("readlink(\"/proc/self/exe\",buffer,path_max)");
+-			exit(EXIT_FAILURE);
+-		}
+-		if(rvrl >= path_max){
+-			fprintf(stderr, "Could not resolve the path of this file using \"/proc/self/exe\". The path is too long (> %i)", path_max);
+-			exit(EXIT_FAILURE);
+-		}
+-
+-		// derive the full path of x2gosqlitewrapper.pl from path of this binary
+-		rvap = asprintf(&x2gosqlitewrapper, "%s/%s", dirname(buffer), "x2gosqlitewrapper.pl");
+-		if(rvap == -1){
+-			fprintf(stderr, "Failed to allocate memory calling asprintf\n");
+-			exit(EXIT_FAILURE);
+-		}
+-
+-		// execute the script, running with user-rights of this binary 
+-		execv(x2gosqlitewrapper, argv);
+ 
+-	}
++	char x2gosqlitewrapper[] = TRUSTED_BINARY;
+ 
+-	// ...fail
+-	fprintf(stderr, "Failed to execute %s: %s\n", x2gosqlitewrapper, strerror(errno));
+-	return EXIT_FAILURE;
++	argv[0] = "x2gosqlitewrapper.pl";
++	// execute the script, running with user-rights of this binary
++	execv(x2gosqlitewrapper, argv);
+ 
+ }
+-- 
+1.7.9.5
+

Deleted: extra-i686/x2goserver.install
===================================================================
--- extra-i686/x2goserver.install	2013-05-20 18:08:51 UTC (rev 186035)
+++ extra-i686/x2goserver.install	2013-05-20 18:09:21 UTC (rev 186036)
@@ -1,61 +0,0 @@
-pre_install() {
-  cat << 'EOM'
-  ==> Use the following command to setup sqlite database:
-  ==> x2godbadmin --createdb
-EOM
-}
-
-
-post_install() {
-
-  # Make sure the group and user "x2gouser"(111) +"x2goprint"(112) exists on this system and have the correct values
-
-  # x2gouser
-  if grep -q "^x2gouser:" /etc/group &> /dev/null ; then
-    groupmod -g 111 -n x2gouser x2gouser &> /dev/null
-  else
-    groupadd -g 111 x2gouser &> /dev/null
-  fi
-
-  if grep -q "^x2gouser:" /etc/passwd 2> /dev/null ; then
-    usermod -s /usr/bin/false -c "X2GoUser user" -M -d /var/lib/x2go -u 111 -g x2gouser x2gouser &> /dev/null
-  else
-    useradd -s /usr/bin/false -c "X2GoUser user" -M -d /var/lib/x2go -u 111 -g x2gouser -r x2gouser &> /dev/null
-  fi 
-
-  # x2goprint
-  if grep -q "^x2goprint:" /etc/group &> /dev/null ; then
-    groupmod -g 112 -n x2goprint x2goprint &> /dev/null
-  else
-    groupadd -g 112 x2goprint &> /dev/null
-  fi
-
-  if grep -q "^x2goprint:" /etc/passwd 2> /dev/null ; then
-    usermod -s /usr/bin/false -c "X2GoPrint user" -M -d /var/spool/x2go -u 112 -g x2goprint x2goprint &> /dev/null
-  else
-    useradd -s /usr/bin/false -c "X2GoPrint user" -M -d /var/spool/x2go -u 112 -g x2goprint -r x2goprint &> /dev/null
-  fi
-  
-  # fix permissions - see INSTALL file
-  chown -R x2goprint:x2goprint /var/spool/x2go
-  chmod 0770 /var/spool/x2go
-  
-  chown root:x2gouser /usr/lib/x2go/x2gosqlitewrapper
-  chmod 2755 /usr/lib/x2go/x2gosqlitewrapper
-  
-  chown root:x2goprint /usr/bin/x2goprint
-  chmod 2755 /usr/bin/x2goprint
-}
-
-post_upgrade() {
-  post_install $1
-}
-
-pre_remove() {
-    userdel x2gouser &> /dev/null
-    userdel x2goprint &> /dev/null
-    groupdel x2gouser &> /dev/null || /bin/true
-    groupdel x2goprint &> /dev/null || /bin/true
-    rm -rf /var/lib/x2go/* &> /dev/null || /bin/true
-    rm -rf /var/spool/x2go/* &> /dev/null || /bin/true
-}

Copied: x2goserver/repos/extra-i686/x2goserver.install (from rev 186035, x2goserver/trunk/x2goserver.install)
===================================================================
--- extra-i686/x2goserver.install	                        (rev 0)
+++ extra-i686/x2goserver.install	2013-05-20 18:09:21 UTC (rev 186036)
@@ -0,0 +1,61 @@
+pre_install() {
+  cat << 'EOM'
+  ==> Use the following command to setup sqlite database:
+  ==> x2godbadmin --createdb
+EOM
+}
+
+
+post_install() {
+
+  # Make sure the group and user "x2gouser"(111) +"x2goprint"(112) exists on this system and have the correct values
+
+  # x2gouser
+  if grep -q "^x2gouser:" /etc/group &> /dev/null ; then
+    groupmod -g 111 -n x2gouser x2gouser &> /dev/null
+  else
+    groupadd -g 111 x2gouser &> /dev/null
+  fi
+
+  if grep -q "^x2gouser:" /etc/passwd 2> /dev/null ; then
+    usermod -s /usr/bin/false -c "X2GoUser user" -M -d /var/lib/x2go -u 111 -g x2gouser x2gouser &> /dev/null
+  else
+    useradd -s /usr/bin/false -c "X2GoUser user" -M -d /var/lib/x2go -u 111 -g x2gouser -r x2gouser &> /dev/null
+  fi 
+
+  # x2goprint
+  if grep -q "^x2goprint:" /etc/group &> /dev/null ; then
+    groupmod -g 112 -n x2goprint x2goprint &> /dev/null
+  else
+    groupadd -g 112 x2goprint &> /dev/null
+  fi
+
+  if grep -q "^x2goprint:" /etc/passwd 2> /dev/null ; then
+    usermod -s /usr/bin/false -c "X2GoPrint user" -M -d /var/spool/x2go -u 112 -g x2goprint x2goprint &> /dev/null
+  else
+    useradd -s /usr/bin/false -c "X2GoPrint user" -M -d /var/spool/x2go -u 112 -g x2goprint -r x2goprint &> /dev/null
+  fi
+  
+  # fix permissions - see INSTALL file
+  chown -R x2goprint:x2goprint /var/spool/x2go
+  chmod 0770 /var/spool/x2go
+    
+  chown root:x2gouser /usr/lib/x2go/x2gosqlitewrapper
+  chmod 2755 /usr/lib/x2go/x2gosqlitewrapper
+  
+  chown root:x2goprint /usr/bin/x2goprint
+  chmod 2755 /usr/bin/x2goprint
+}
+
+post_upgrade() {
+  post_install $1
+}
+
+pre_remove() {
+    userdel x2gouser &> /dev/null
+    userdel x2goprint &> /dev/null
+    groupdel x2gouser &> /dev/null || /bin/true
+    groupdel x2goprint &> /dev/null || /bin/true
+    rm -rf /var/lib/x2go/* &> /dev/null || /bin/true
+    rm -rf /var/spool/x2go/* &> /dev/null || /bin/true
+}

Deleted: extra-i686/x2goserver.service
===================================================================
--- extra-i686/x2goserver.service	2013-05-20 18:08:51 UTC (rev 186035)
+++ extra-i686/x2goserver.service	2013-05-20 18:09:21 UTC (rev 186036)
@@ -1,10 +0,0 @@
-[Unit]
-Description=x2go - remote desktop server
-After=syslog.target network.target
-
-[Service]
-ExecStart=/usr/bin/x2gocleansessions
-PIDFile=/run/x2goserver.pid
-
-[Install]
-WantedBy=multi-user.target

Copied: x2goserver/repos/extra-i686/x2goserver.service (from rev 186035, x2goserver/trunk/x2goserver.service)
===================================================================
--- extra-i686/x2goserver.service	                        (rev 0)
+++ extra-i686/x2goserver.service	2013-05-20 18:09:21 UTC (rev 186036)
@@ -0,0 +1,10 @@
+[Unit]
+Description=x2go - remote desktop server
+After=syslog.target network.target
+
+[Service]
+ExecStart=/usr/bin/x2gocleansessions
+PIDFile=/run/x2goserver.pid
+
+[Install]
+WantedBy=multi-user.target

Deleted: extra-x86_64/PKGBUILD
===================================================================
--- extra-x86_64/PKGBUILD	2013-05-20 18:08:51 UTC (rev 186035)
+++ extra-x86_64/PKGBUILD	2013-05-20 18:09:21 UTC (rev 186036)
@@ -1,63 +0,0 @@
-# $Id$
-# Maintainer: AndyRTR <andyrtr at archlinux.org>
-
-# Contributor: Gerhard Brauer <gerbra at archlinux.de>
-# Contributor: Richard Murri <admin at richardmurri.com>
-# Contributor: Markus Opitz <mastero23 at gmail dot com>
-# Contributor: Milan Knížek <knizek at volny.cz>
-
-pkgname=x2goserver
-pkgver=4.0.0.2
-pkgrel=1
-pkgdesc="Open source terminal server"
-arch=('i686' 'x86_64')
-url="http://www.x2go.org/"
-license=('GPL')
-depends=('openssh' 'perl-config-simple' 'perl-dbd-sqlite' 'perl-file-basedir' 'python' 'x2go-agent' 'xorg-xauth')
-makedepends=('man2html')
-#optdepends=('cups-x2go: printing support')
-options=('emptydirs')
-install=x2goserver.install
-backup=('etc/x2go/x2goserver.conf' 'etc/x2go/x2gosql/sql')
-source=(http://code.x2go.org/releases/source/${pkgname}/${pkgname}-${pkgver}.tar.gz x2goserver.service)
-md5sums=('6b8cecfdd31a8877203f50d3666c265f'
-         'f76081c01e40b6206895d194dc949707')
-
-build() {
-  cd "${srcdir}/${pkgname}-${pkgver}"
-#return 1
-  # -r option does not exist in Arch linux
-  # (However, html man pages do not get installed anyway...)
-  for Makefile in $(find . -type f -name Makefile); do
-    sed -i 's@(MAN2HTML_BIN) -r @(MAN2HTML_BIN) < @g' $Makefile
-    sed -i 's@ \$(MAN2HTML_SRC)/@ < \$(MAN2HTML_SRC)/@g' $Makefile
-  done
-
-  # fix some Makefile permission options
-  for Makefile in $(find . -type f -name Makefile); do
-    sed -i "s:-o root -g root ::g" $Makefile
-  done
-
-  make
-}
-
-package() {
-  cd "${srcdir}/${pkgname}-${pkgver}"
-  make -j1 PREFIX=/usr SBINDIR=/usr/bin DESTDIR="$pkgdir" install
-
-  # systemd service file - only runs x2gocleansessions
-  install -Dm 644 "$srcdir/x2goserver.service" "$pkgdir/usr/lib/systemd/system/x2goserver.service"
-  
-  # X2go homedir + printing spool dir
-  #install -dm 755 $pkgdir/var/lib/x2go
-  install -dm 770 $pkgdir/var/lib/x2go
-  install -dm 755 $pkgdir/var/spool/x2go
-  
-  # load fuse module at system start
-  install -dm755 $pkgdir/lib/modules-load.d
-  echo "fuse" > $pkgdir/lib/modules-load.d/x2goserver.conf
-
-  install -dm 755 "${pkgdir}/usr/share/doc/${pkgname}"
-  install -m 644 "debian/changelog" "${pkgdir}/usr/share/doc/${pkgname}/changelog.DEBIAN"
-  install -m 644 "debian/copyright" "${pkgdir}/usr/share/doc/${pkgname}/copyright.DEBIAN"
-}

Copied: x2goserver/repos/extra-x86_64/PKGBUILD (from rev 186035, x2goserver/trunk/PKGBUILD)
===================================================================
--- extra-x86_64/PKGBUILD	                        (rev 0)
+++ extra-x86_64/PKGBUILD	2013-05-20 18:09:21 UTC (rev 186036)
@@ -0,0 +1,69 @@
+# $Id$
+# Maintainer: AndyRTR <andyrtr at archlinux.org>
+
+# Contributor: Gerhard Brauer <gerbra at archlinux.de>
+# Contributor: Richard Murri <admin at richardmurri.com>
+# Contributor: Markus Opitz <mastero23 at gmail dot com>
+# Contributor: Milan Knížek <knizek at volny.cz>
+
+pkgname=x2goserver
+pkgver=4.0.0.2
+pkgrel=2
+pkgdesc="Open source terminal server"
+arch=('i686' 'x86_64')
+url="http://www.x2go.org/"
+license=('GPL')
+depends=('openssh' 'perl-config-simple' 'perl-dbd-sqlite' 'perl-file-basedir' 'python' 'x2go-agent' 'xorg-xauth')
+makedepends=('man2html')
+#optdepends=('cups-x2go: printing support')
+options=('emptydirs')
+install=x2goserver.install
+backup=('etc/x2go/x2goserver.conf' 'etc/x2go/x2gosql/sql')
+source=(http://code.x2go.org/releases/source/${pkgname}/${pkgname}-${pkgver}.tar.gz
+        x2goserver.service
+        revert.patch)
+md5sums=('6b8cecfdd31a8877203f50d3666c265f'
+         'f76081c01e40b6206895d194dc949707'
+         'c487c31e7c0aa9a73323313007497764')
+
+build() {
+  cd "${srcdir}/${pkgname}-${pkgver}"
+
+  # revert an upstream commit that breaks sessions showing up
+  # http://code.x2go.org/gitweb?p=x2goserver.git;a=commitdiff;h=011d14ae076ba6fec96cd1e019c4f82444ab0f9f
+  patch -Rp1 -i ${srcdir}/revert.patch
+
+  # -r option does not exist in Arch linux
+  # (However, html man pages do not get installed anyway...)
+  for Makefile in $(find . -type f -name Makefile); do
+    sed -i 's@(MAN2HTML_BIN) -r @(MAN2HTML_BIN) < @g' $Makefile
+    sed -i 's@ \$(MAN2HTML_SRC)/@ < \$(MAN2HTML_SRC)/@g' $Makefile
+  done
+
+  # fix some Makefile permission options
+  for Makefile in $(find . -type f -name Makefile); do
+    sed -i "s:-o root -g root ::g" $Makefile
+  done
+
+  make
+}
+
+package() {
+  cd "${srcdir}/${pkgname}-${pkgver}"
+  make -j1 PREFIX=/usr SBINDIR=/usr/bin DESTDIR="$pkgdir" install
+
+  # systemd service file - only runs x2gocleansessions
+  install -Dm 644 "$srcdir/x2goserver.service" "$pkgdir/usr/lib/systemd/system/x2goserver.service"
+  
+  # X2go homedir + printing spool dir
+  install -dm 770 $pkgdir/var/lib/x2go
+  install -dm 770 $pkgdir/var/spool/x2go
+  
+  # load fuse module at system start
+  install -dm755 $pkgdir/lib/modules-load.d
+  echo "fuse" > $pkgdir/lib/modules-load.d/x2goserver.conf
+
+  install -dm 755 "${pkgdir}/usr/share/doc/${pkgname}"
+  install -m 644 "debian/changelog" "${pkgdir}/usr/share/doc/${pkgname}/changelog.DEBIAN"
+  install -m 644 "debian/copyright" "${pkgdir}/usr/share/doc/${pkgname}/copyright.DEBIAN"
+}

Copied: x2goserver/repos/extra-x86_64/revert.patch (from rev 186035, x2goserver/trunk/revert.patch)
===================================================================
--- extra-x86_64/revert.patch	                        (rev 0)
+++ extra-x86_64/revert.patch	2013-05-20 18:09:21 UTC (rev 186036)
@@ -0,0 +1,152 @@
+From 011d14ae076ba6fec96cd1e019c4f82444ab0f9f Mon Sep 17 00:00:00 2001
+From: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
+Date: Sun, 19 May 2013 00:41:32 +0200
+Subject: [PATCH] Security fix for setgid wrapper x2gosqlitewrapper.c.
+ Hard-code path to x2gosqlitewrapper.pl during build via
+ defining a macro in the Makefile. Thanks to Richard
+ Weinberger for spotting this!!!
+
+---
+ Makefile                       |    2 +-
+ debian/changelog               |    3 +++
+ debian/rules                   |    4 +--
+ x2goserver/Makefile            |    4 +--
+ x2goserver/x2gosqlitewrapper.c |   54 +++-------------------------------------
+ 5 files changed, 12 insertions(+), 55 deletions(-)
+
+diff --git a/Makefile b/Makefile
+index 3be40f9..588084f 100755
+--- a/Makefile
++++ b/Makefile
+@@ -4,7 +4,7 @@ RM_FILE=rm -f
+ RM_DIR=rmdir -p --ignore-fail-on-non-empty
+ 
+ DESTDIR=
+-PREFIX=/usr/local
++PREFIX ?= /usr/local
+ ETCDIR=/etc/x2go
+ LIBDIR=$(PREFIX)/lib/x2go
+ SHAREDIR=$(PREFIX)/share/x2go
+diff --git a/debian/changelog b/debian/changelog
+index 470a502..2cf2dde 100644
+--- a/debian/changelog
++++ b/debian/changelog
+@@ -12,6 +12,9 @@ x2goserver (4.0.0.2-0~x2go1) UNRELEASED; urgency=low
+   * New upstream version (4.0.0.2):
+     - Use make_path from File::Path in x2godbadmin to create user directory if
+       not present. (Fixes: #200).
++    - Security fix for setgid wrapper x2gosqlitewrapper.c. Hard-code path to
++      x2gosqlitewrapper.pl during build via defining a macro in the Makefile.
++      Thanks to Richard Weinberger for spotting this!!!
+   /debian/control:
+     + Let x2goserver bin:package depend on xfonts-base and fontconfig. (Fixes:
+       #163).
+diff --git a/debian/rules b/debian/rules
+index b32e08d..5bb94b2 100755
+--- a/debian/rules
++++ b/debian/rules
+@@ -1,10 +1,10 @@
+ #!/usr/bin/make -f
+ 
+ %:
+-	dh $@
++	PREFIX=/usr dh $@
+ 
+ override_dh_auto_install:
+-	make -f Makefile build-arch
++	PREFIX=/usr make -f Makefile build-arch
+ 
+ override_dh_auto_clean:
+ 	rm -fv x2gosqlitewrapper
+diff --git a/x2goserver/Makefile b/x2goserver/Makefile
+index 4287478..e9d56e6 100755
+--- a/x2goserver/Makefile
++++ b/x2goserver/Makefile
+@@ -15,7 +15,7 @@ RM_FILE=rm -f
+ RM_DIR=rmdir -p --ignore-fail-on-non-empty
+ 
+ DESTDIR=
+-PREFIX=/usr/local
++PREFIX ?= /usr/local
+ ETCDIR=/etc/x2go
+ BINDIR=$(PREFIX)/bin
+ SBINDIR=$(PREFIX)/sbin
+@@ -41,7 +41,7 @@ build: build-arch build-indep
+ build-arch: build_setgidwrappers
+ 
+ build_setgidwrappers:
+-	$(CC) $(CFLAGS) $(LDFLAGS) -o x2gosqlitewrapper x2gosqlitewrapper.c
++	$(CC) $(CFLAGS) $(LDFLAGS) -DTRUSTED_BINARY=\"$(DESTDIR)$(LIBDIR)/x2gosqlitewrapper.pl\" -o x2gosqlitewrapper x2gosqlitewrapper.c
+ 
+ build-indep: build_man2html
+ 
+diff --git a/x2goserver/x2gosqlitewrapper.c b/x2goserver/x2gosqlitewrapper.c
+index a134efc..ad95eff 100644
+--- a/x2goserver/x2gosqlitewrapper.c
++++ b/x2goserver/x2gosqlitewrapper.c
+@@ -21,58 +21,12 @@
+  * 
+  */
+ 
+-#include <stdio.h>
+-#include <stdlib.h>
+-#include <unistd.h>
+-#include <libgen.h>
+-#include <errno.h>
+-
+ int main( int argc, char *argv[] ) {
+-	char * x2gosqlitewrapper = NULL;
+-	size_t path_max;
+-	
+-/*
+-	The following snippet is taken from the realpath manpage
+-*/
+-#ifdef PATH_MAX
+-	path_max = PATH_MAX;
+-#else
+-	path_max = pathconf (".", _PC_PATH_MAX);
+-	if (path_max <= 0){
+-		path_max = 4096;
+-	}
+-#endif
+-	{
+-		// allocate dynamic buffer in stack: this needs C99 or gnu??
+-		char buffer[path_max];
+-		ssize_t rvrl;
+-		int rvap;
+-
+-		// resolve link of /proc/self/exe to find out where we are
+-		rvrl = readlink("/proc/self/exe", buffer, path_max);
+-		if(rvrl == -1){
+-			perror("readlink(\"/proc/self/exe\",buffer,path_max)");
+-			exit(EXIT_FAILURE);
+-		}
+-		if(rvrl >= path_max){
+-			fprintf(stderr, "Could not resolve the path of this file using \"/proc/self/exe\". The path is too long (> %i)", path_max);
+-			exit(EXIT_FAILURE);
+-		}
+-
+-		// derive the full path of x2gosqlitewrapper.pl from path of this binary
+-		rvap = asprintf(&x2gosqlitewrapper, "%s/%s", dirname(buffer), "x2gosqlitewrapper.pl");
+-		if(rvap == -1){
+-			fprintf(stderr, "Failed to allocate memory calling asprintf\n");
+-			exit(EXIT_FAILURE);
+-		}
+-
+-		// execute the script, running with user-rights of this binary 
+-		execv(x2gosqlitewrapper, argv);
+ 
+-	}
++	char x2gosqlitewrapper[] = TRUSTED_BINARY;
+ 
+-	// ...fail
+-	fprintf(stderr, "Failed to execute %s: %s\n", x2gosqlitewrapper, strerror(errno));
+-	return EXIT_FAILURE;
++	argv[0] = "x2gosqlitewrapper.pl";
++	// execute the script, running with user-rights of this binary
++	execv(x2gosqlitewrapper, argv);
+ 
+ }
+-- 
+1.7.9.5
+

Deleted: extra-x86_64/x2goserver.install
===================================================================
--- extra-x86_64/x2goserver.install	2013-05-20 18:08:51 UTC (rev 186035)
+++ extra-x86_64/x2goserver.install	2013-05-20 18:09:21 UTC (rev 186036)
@@ -1,61 +0,0 @@
-pre_install() {
-  cat << 'EOM'
-  ==> Use the following command to setup sqlite database:
-  ==> x2godbadmin --createdb
-EOM
-}
-
-
-post_install() {
-
-  # Make sure the group and user "x2gouser"(111) +"x2goprint"(112) exists on this system and have the correct values
-
-  # x2gouser
-  if grep -q "^x2gouser:" /etc/group &> /dev/null ; then
-    groupmod -g 111 -n x2gouser x2gouser &> /dev/null
-  else
-    groupadd -g 111 x2gouser &> /dev/null
-  fi
-
-  if grep -q "^x2gouser:" /etc/passwd 2> /dev/null ; then
-    usermod -s /usr/bin/false -c "X2GoUser user" -M -d /var/lib/x2go -u 111 -g x2gouser x2gouser &> /dev/null
-  else
-    useradd -s /usr/bin/false -c "X2GoUser user" -M -d /var/lib/x2go -u 111 -g x2gouser -r x2gouser &> /dev/null
-  fi 
-
-  # x2goprint
-  if grep -q "^x2goprint:" /etc/group &> /dev/null ; then
-    groupmod -g 112 -n x2goprint x2goprint &> /dev/null
-  else
-    groupadd -g 112 x2goprint &> /dev/null
-  fi
-
-  if grep -q "^x2goprint:" /etc/passwd 2> /dev/null ; then
-    usermod -s /usr/bin/false -c "X2GoPrint user" -M -d /var/spool/x2go -u 112 -g x2goprint x2goprint &> /dev/null
-  else
-    useradd -s /usr/bin/false -c "X2GoPrint user" -M -d /var/spool/x2go -u 112 -g x2goprint -r x2goprint &> /dev/null
-  fi
-  
-  # fix permissions - see INSTALL file
-  chown -R x2goprint:x2goprint /var/spool/x2go
-  chmod 0770 /var/spool/x2go
-  
-  chown root:x2gouser /usr/lib/x2go/x2gosqlitewrapper
-  chmod 2755 /usr/lib/x2go/x2gosqlitewrapper
-  
-  chown root:x2goprint /usr/bin/x2goprint
-  chmod 2755 /usr/bin/x2goprint
-}
-
-post_upgrade() {
-  post_install $1
-}
-
-pre_remove() {
-    userdel x2gouser &> /dev/null
-    userdel x2goprint &> /dev/null
-    groupdel x2gouser &> /dev/null || /bin/true
-    groupdel x2goprint &> /dev/null || /bin/true
-    rm -rf /var/lib/x2go/* &> /dev/null || /bin/true
-    rm -rf /var/spool/x2go/* &> /dev/null || /bin/true
-}

Copied: x2goserver/repos/extra-x86_64/x2goserver.install (from rev 186035, x2goserver/trunk/x2goserver.install)
===================================================================
--- extra-x86_64/x2goserver.install	                        (rev 0)
+++ extra-x86_64/x2goserver.install	2013-05-20 18:09:21 UTC (rev 186036)
@@ -0,0 +1,61 @@
+pre_install() {
+  cat << 'EOM'
+  ==> Use the following command to setup sqlite database:
+  ==> x2godbadmin --createdb
+EOM
+}
+
+
+post_install() {
+
+  # Make sure the group and user "x2gouser"(111) +"x2goprint"(112) exists on this system and have the correct values
+
+  # x2gouser
+  if grep -q "^x2gouser:" /etc/group &> /dev/null ; then
+    groupmod -g 111 -n x2gouser x2gouser &> /dev/null
+  else
+    groupadd -g 111 x2gouser &> /dev/null
+  fi
+
+  if grep -q "^x2gouser:" /etc/passwd 2> /dev/null ; then
+    usermod -s /usr/bin/false -c "X2GoUser user" -M -d /var/lib/x2go -u 111 -g x2gouser x2gouser &> /dev/null
+  else
+    useradd -s /usr/bin/false -c "X2GoUser user" -M -d /var/lib/x2go -u 111 -g x2gouser -r x2gouser &> /dev/null
+  fi 
+
+  # x2goprint
+  if grep -q "^x2goprint:" /etc/group &> /dev/null ; then
+    groupmod -g 112 -n x2goprint x2goprint &> /dev/null
+  else
+    groupadd -g 112 x2goprint &> /dev/null
+  fi
+
+  if grep -q "^x2goprint:" /etc/passwd 2> /dev/null ; then
+    usermod -s /usr/bin/false -c "X2GoPrint user" -M -d /var/spool/x2go -u 112 -g x2goprint x2goprint &> /dev/null
+  else
+    useradd -s /usr/bin/false -c "X2GoPrint user" -M -d /var/spool/x2go -u 112 -g x2goprint -r x2goprint &> /dev/null
+  fi
+  
+  # fix permissions - see INSTALL file
+  chown -R x2goprint:x2goprint /var/spool/x2go
+  chmod 0770 /var/spool/x2go
+    
+  chown root:x2gouser /usr/lib/x2go/x2gosqlitewrapper
+  chmod 2755 /usr/lib/x2go/x2gosqlitewrapper
+  
+  chown root:x2goprint /usr/bin/x2goprint
+  chmod 2755 /usr/bin/x2goprint
+}
+
+post_upgrade() {
+  post_install $1
+}
+
+pre_remove() {
+    userdel x2gouser &> /dev/null
+    userdel x2goprint &> /dev/null
+    groupdel x2gouser &> /dev/null || /bin/true
+    groupdel x2goprint &> /dev/null || /bin/true
+    rm -rf /var/lib/x2go/* &> /dev/null || /bin/true
+    rm -rf /var/spool/x2go/* &> /dev/null || /bin/true
+}

Deleted: extra-x86_64/x2goserver.service
===================================================================
--- extra-x86_64/x2goserver.service	2013-05-20 18:08:51 UTC (rev 186035)
+++ extra-x86_64/x2goserver.service	2013-05-20 18:09:21 UTC (rev 186036)
@@ -1,10 +0,0 @@
-[Unit]
-Description=x2go - remote desktop server
-After=syslog.target network.target
-
-[Service]
-ExecStart=/usr/bin/x2gocleansessions
-PIDFile=/run/x2goserver.pid
-
-[Install]
-WantedBy=multi-user.target

Copied: x2goserver/repos/extra-x86_64/x2goserver.service (from rev 186035, x2goserver/trunk/x2goserver.service)
===================================================================
--- extra-x86_64/x2goserver.service	                        (rev 0)
+++ extra-x86_64/x2goserver.service	2013-05-20 18:09:21 UTC (rev 186036)
@@ -0,0 +1,10 @@
+[Unit]
+Description=x2go - remote desktop server
+After=syslog.target network.target
+
+[Service]
+ExecStart=/usr/bin/x2gocleansessions
+PIDFile=/run/x2goserver.pid
+
+[Install]
+WantedBy=multi-user.target



More information about the arch-commits mailing list