[arch-commits] Commit in accountsservice/trunk (2 files)
Jan Steffens
heftig at nymeria.archlinux.org
Sat Mar 22 19:41:11 UTC 2014
Date: Saturday, March 22, 2014 @ 20:41:10
Author: heftig
Revision: 208512
0.6.37
Modified:
accountsservice/trunk/PKGBUILD
Deleted:
accountsservice/trunk/avoid-deleting-the-root-user.patch
------------------------------------+
PKGBUILD | 15 ++---------
avoid-deleting-the-root-user.patch | 47 -----------------------------------
2 files changed, 4 insertions(+), 58 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2014-03-22 19:33:36 UTC (rev 208511)
+++ PKGBUILD 2014-03-22 19:41:10 UTC (rev 208512)
@@ -2,8 +2,8 @@
# Maintainer: Ionut Biru <ibiru at archlinux.org>
pkgname=accountsservice
-pkgver=0.6.35
-pkgrel=2
+pkgver=0.6.37
+pkgrel=1
pkgdesc="D-Bus interface for user account query and manipulation"
arch=(i686 x86_64)
url="http://www.freedesktop.org/software/accountsservice/"
@@ -10,16 +10,9 @@
license=('GPL3')
depends=('glib2' 'polkit' 'systemd')
makedepends=('intltool' 'gobject-introspection')
-source=($url/$pkgname-$pkgver.tar.xz
- avoid-deleting-the-root-user.patch)
-md5sums=('3a81133e95faafb603de4475802cb06a'
- '4970e77c3c0d56e513f9a5f29fdacd2c')
+source=($url/$pkgname-$pkgver.tar.xz)
+md5sums=('aa5f4da715b8ec19024e39def88831a0')
-prepare() {
- cd $pkgname-$pkgver
- patch -Np1 -i ../avoid-deleting-the-root-user.patch
-}
-
build() {
cd $pkgname-$pkgver
./configure --prefix=/usr --sysconfdir=/etc \
Deleted: avoid-deleting-the-root-user.patch
===================================================================
--- avoid-deleting-the-root-user.patch 2014-03-22 19:33:36 UTC (rev 208511)
+++ avoid-deleting-the-root-user.patch 2014-03-22 19:41:10 UTC (rev 208512)
@@ -1,47 +0,0 @@
-From 980692e6b9cfe4a34e22f566e0981a8c549e4348 Mon Sep 17 00:00:00 2001
-From: Matthias Clasen <mclasen at redhat.com>
-Date: Fri, 01 Nov 2013 21:09:25 +0000
-Subject: Avoid deleting the root user
-
-The check we have in place against deleting the root user can
-be tricked by exploiting the fact that we are checking a gint64,
-and then later cast it to a uid_t. This can be seen with the
-following test, which will delete your root account:
-
-qdbus --system org.freedesktop.Accounts /org/freedesktop/Accounts \
- org.freedesktop.Accounts.DeleteUser -9223372036854775808 true
-
-Found with the dfuzzer tool,
-https://github.com/matusmarhefka/dfuzzer
----
-diff --git a/src/daemon.c b/src/daemon.c
-index ea75190..9c7001b 100644
---- a/src/daemon.c
-+++ b/src/daemon.c
-@@ -1227,7 +1227,7 @@ daemon_uncache_user (AccountsAccounts *accounts,
- }
-
- typedef struct {
-- gint64 uid;
-+ uid_t uid;
- gboolean remove_files;
- } DeleteUserData;
-
-@@ -1309,13 +1309,13 @@ daemon_delete_user (AccountsAccounts *accounts,
- Daemon *daemon = (Daemon*)accounts;
- DeleteUserData *data;
-
-- if (uid == 0) {
-+ if ((uid_t)uid == 0) {
- throw_error (context, ERROR_FAILED, "Refuse to delete root user");
- return TRUE;
- }
-
- data = g_new0 (DeleteUserData, 1);
-- data->uid = uid;
-+ data->uid = (uid_t)uid;
- data->remove_files = remove_files;
-
- daemon_local_check_auth (daemon,
---
-cgit v0.9.0.2-2-gbebe
More information about the arch-commits
mailing list