* [gentoo-commits] proj/emacs-tools:patchsets commit in: emacs/23.4/, emacs/24.4/
@ 2015-01-23 20:40 Ulrich Müller
0 siblings, 0 replies; 2+ messages in thread
From: Ulrich Müller @ 2015-01-23 20:40 UTC (permalink / raw
To: gentoo-commits
commit: d0ddaf8a01882ea2b0f1c4b56f467cc828c6887d
Author: Ulrich Müller <ulm <AT> gentoo <DOT> org>
AuthorDate: Fri Jan 23 12:21:05 2015 +0000
Commit: Ulrich Müller <ulm <AT> gentoo <DOT> org>
CommitDate: Fri Jan 23 12:21:05 2015 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/emacs-tools.git;a=commit;h=d0ddaf8a
Backport support for update-game-score to run sgid instead of suid.
---
emacs/23.4/23_all_games-sgid.patch | 232 +++++++++++++++++++++++++++++++++++++
emacs/24.4/04_all_games-sgid.patch | 226 ++++++++++++++++++++++++++++++++++++
2 files changed, 458 insertions(+)
diff --git a/emacs/23.4/23_all_games-sgid.patch b/emacs/23.4/23_all_games-sgid.patch
new file mode 100644
index 0000000..c69d089
--- /dev/null
+++ b/emacs/23.4/23_all_games-sgid.patch
@@ -0,0 +1,232 @@
+Backport support for update-game-score to run sgid instead of suid.
+This comprises parts of the following commits from upstream git:
+
+commit 74ab488ff2e57f31eb5290266f0f3b1995ebf83e
+Author: Paul Eggert <eggert@cs.ucla.edu>
+Date: Thu Jan 22 00:39:30 2015 -0800
+
+ Check exit statuses in lib-src/Makefile
+
+commit 7f4e7dd378c456b498c270b47b46aaae365a72ab
+Author: Ulrich Müller <ulm@gentoo.org>
+Date: Thu Jan 22 08:24:42 2015 +0100
+
+ Don't fail if chown or chgrp for 'update-game-score' is unsuccessful.
+
+commit 20f66485526b69eb26f2e70bd835a5e1333559d5
+Author: Ulrich Müller <ulm@gentoo.org>
+Date: Fri Jan 16 09:25:25 2015 +0100
+
+ Allow update-game-score to run sgid instead of suid.
+
+--- emacs-23.4-orig/configure.in
++++ emacs-23.4/configure.in
+@@ -39,8 +39,6 @@
+ docdir='${datadir}/emacs/${version}/etc'
+ gamedir='${localstatedir}/games/emacs'
+
+-gameuser=games
+-
+ dnl OPTION_DEFAULT_OFF(NAME, HELP-STRING)
+ dnl Create a new --with option that defaults to being disabled.
+ dnl NAME is the base name of the option. The shell variable with_NAME
+@@ -176,10 +174,25 @@
+ CRT_DIR="${with_crt_dir}"
+
+ AC_ARG_WITH(gameuser,dnl
+-[AS_HELP_STRING([--with-gameuser=USER],[user for shared game score files])])
+-test "X${with_gameuser}" != X && test "${with_gameuser}" != yes \
+- && gameuser="${with_gameuser}"
+-test "X$gameuser" = X && gameuser=games
++[AS_HELP_STRING([--with-gameuser=USER_OR_GROUP],
++ [user for shared game score files.
++ An argument prefixed by ':' specifies a group instead.])])
++gameuser=
++gamegroup=
++case ${with_gameuser} in
++ no) ;;
++ "" | yes)
++ AC_MSG_CHECKING([whether a 'games' user exists])
++ if id -u games >/dev/null 2>&1; then
++ AC_MSG_RESULT([yes])
++ gameuser=games
++ else
++ AC_MSG_RESULT([no])
++ fi
++ ;;
++ :*) gamegroup=`echo "${with_gameuser}" | sed -e "s/://"` ;;
++ *) gameuser=${with_gameuser} ;;
++esac
+
+ AC_ARG_WITH([gnustep-conf],dnl
+ [AS_HELP_STRING([--with-gnustep-conf=PATH],[path to GNUstep.conf; default $GNUSTEP_CONFIG_FILE, or /etc/GNUstep/GNUstep.conf])])
+@@ -2708,6 +2721,7 @@
+ AC_SUBST(bitmapdir)
+ AC_SUBST(gamedir)
+ AC_SUBST(gameuser)
++AC_SUBST(gamegroup)
+ AC_SUBST(c_switch_system)
+ AC_SUBST(c_switch_machine)
+ AC_SUBST(LD_SWITCH_X_SITE)
+--- emacs-23.4-orig/lib-src/Makefile.in
++++ emacs-23.4/lib-src/Makefile.in
+@@ -90,6 +90,7 @@
+
+ gamedir=@gamedir@
+ gameuser=@gameuser@
++gamegroup=@gamegroup@
+
+ # ==================== Utility Programs for the Build =================
+
+@@ -310,10 +311,25 @@
+ /* If the following commands fail, that is not a big deal.
+ update-game-score will detect at runtime that it is not setuid,
+ and handle things accordingly. */
+- -if chown ${gameuser} $(DESTDIR)${archlibdir}/update-game-score && chmod u+s $(DESTDIR)${archlibdir}/update-game-score; then \
+- chown ${gameuser} $(DESTDIR)${gamedir}; \
+- chmod u=rwx,g=rwx,o=rx $(DESTDIR)${gamedir}; \
++ifneq ($(gameuser),)
++ if chown ${gameuser} \
++ "$(DESTDIR)${archlibdir}/update-game-score${EXEEXT}" && \
++ chmod u+s,go-r \
++ "$(DESTDIR)${archlibdir}/update-game-score${EXEEXT}"; \
++ then \
++ chown ${gameuser} "$(DESTDIR)${gamedir}" && \
++ chmod u=rwx,g=rx,o=rx "$(DESTDIR)${gamedir}"; \
+ fi
++else ifneq ($(gamegroup),)
++ if chgrp ${gamegroup} \
++ "$(DESTDIR)${archlibdir}/update-game-score${EXEEXT}" && \
++ chmod g+s,o-r \
++ "$(DESTDIR)${archlibdir}/update-game-score${EXEEXT}"; \
++ then \
++ chgrp ${gamegroup} "$(DESTDIR)${gamedir}" && \
++ chmod u=rwx,g=rwx,o=rx "$(DESTDIR)${gamedir}"; \
++ fi
++endif
+ if [ `(cd $(DESTDIR)${archlibdir} && /bin/pwd)` \
+ != `(cd ${srcdir} && /bin/pwd)` ]; then \
+ for file in ${SCRIPTS}; do \
+--- emacs-23.4-orig/lib-src/update-game-score.c
++++ emacs-23.4/lib-src/update-game-score.c
+@@ -22,8 +22,8 @@
+
+
+ /* This program allows a game to securely and atomically update a
+- score file. It should be installed setuid, owned by an appropriate
+- user like `games'.
++ score file. It should be installed either setuid or setgid, owned
++ by an appropriate user or group like `games'.
+
+ Alternatively, it can be compiled without HAVE_SHARED_GAME_DIR
+ defined, and in that case it will store scores in the user's home
+@@ -104,8 +104,8 @@
+ int push_score P_ ((struct score_entry **scores, int *count,
+ int newscore, char *username, char *newdata));
+ void sort_scores P_ ((struct score_entry *scores, int count, int reverse));
+-int write_scores P_ ((const char *filename, const struct score_entry *scores,
+- int count));
++int write_scores P_ ((const char *filename, mode_t mode,
++ const struct score_entry *scores, int count));
+
+ void lose P_ ((const char *msg)) NO_RETURN;
+
+@@ -166,20 +166,21 @@
+ }
+
+ char *
+-get_prefix (running_suid, user_prefix)
+- int running_suid;
++get_prefix (privileged, user_prefix)
++ int privileged;
+ char *user_prefix;
+ {
+- if (!running_suid && user_prefix == NULL)
+- lose ("Not using a shared game directory, and no prefix given.");
+- if (running_suid)
++ if (privileged)
+ {
+ #ifdef HAVE_SHARED_GAME_DIR
+ return HAVE_SHARED_GAME_DIR;
+ #else
+- lose ("This program was compiled without HAVE_SHARED_GAME_DIR,\n and should not be suid.");
++ lose ("This program was compiled without HAVE_SHARED_GAME_DIR,\n"
++ "and should not run with elevated privileges.");
+ #endif
+ }
++ if (user_prefix == NULL)
++ lose ("Not using a shared game directory, and no prefix given.");
+ return user_prefix;
+ }
+
+@@ -188,7 +189,7 @@
+ int argc;
+ char **argv;
+ {
+- int c, running_suid;
++ int c, running_suid, running_sgid;
+ void *lockstate;
+ char *user_id, *scorefile, *prefix, *user_prefix = NULL;
+ struct stat buf;
+@@ -223,8 +224,11 @@
+ usage (EXIT_FAILURE);
+
+ running_suid = (getuid () != geteuid ());
++ running_sgid = (getgid () != getegid ());
++ if (running_suid && running_sgid)
++ lose ("This program can run either suid or sgid, but not both.");
+
+- prefix = get_prefix (running_suid, user_prefix);
++ prefix = get_prefix (running_suid || running_sgid, user_prefix);
+
+ scorefile = malloc (strlen (prefix) + strlen (argv[optind]) + 2);
+ if (!scorefile)
+@@ -263,7 +267,8 @@
+ scorecount -= (scorecount - MAX_SCORES);
+ if (reverse)
+ scores += (scorecount - MAX_SCORES);
+- if (write_scores (scorefile, scores, scorecount) < 0)
++ if (write_scores (scorefile, running_sgid ? 0664 : 0644,
++ scores, scorecount) < 0)
+ {
+ unlock_file (scorefile, lockstate);
+ lose_syserr ("Failed to write scores file");
+@@ -445,8 +450,9 @@
+ }
+
+ int
+-write_scores (filename, scores, count)
++write_scores (filename, mode, scores, count)
+ const char *filename;
++ mode_t mode;
+ const struct score_entry * scores;
+ int count;
+ {
+@@ -471,7 +477,7 @@
+ fclose (f);
+ if (rename (tempfile, filename) < 0)
+ return -1;
+- if (chmod (filename, 0644) < 0)
++ if (chmod (filename, mode) < 0)
+ return -1;
+ return 0;
+ }
+--- emacs-23.4-orig/lisp/play/gamegrid.el
++++ emacs-23.4/lisp/play/gamegrid.el
+@@ -491,13 +491,13 @@
+ (not (zerop (logand (file-modes
+ (expand-file-name "update-game-score"
+ exec-directory))
+- #o4000)))))
++ #o6000)))))
+ (cond ((file-name-absolute-p file)
+ (gamegrid-add-score-insecure file score))
+ ((and gamegrid-shared-game-dir
+ (file-exists-p (expand-file-name file shared-game-score-directory)))
+- ;; Use the setuid "update-game-score" program to update a
+- ;; system-wide score file.
++ ;; Use the setuid (or setgid) "update-game-score" program
++ ;; to update a system-wide score file.
+ (gamegrid-add-score-with-update-game-score-1 file
+ (expand-file-name file shared-game-score-directory) score))
+ ;; Else: Add the score to a score file in the user's home
diff --git a/emacs/24.4/04_all_games-sgid.patch b/emacs/24.4/04_all_games-sgid.patch
new file mode 100644
index 0000000..1c0f43c
--- /dev/null
+++ b/emacs/24.4/04_all_games-sgid.patch
@@ -0,0 +1,226 @@
+Backport support for update-game-score to run sgid instead of suid.
+This comprises parts of the following commits from upstream git:
+
+commit 74ab488ff2e57f31eb5290266f0f3b1995ebf83e
+Author: Paul Eggert <eggert@cs.ucla.edu>
+Date: Thu Jan 22 00:39:30 2015 -0800
+
+ Check exit statuses in lib-src/Makefile
+
+commit 7f4e7dd378c456b498c270b47b46aaae365a72ab
+Author: Ulrich Müller <ulm@gentoo.org>
+Date: Thu Jan 22 08:24:42 2015 +0100
+
+ Don't fail if chown or chgrp for 'update-game-score' is unsuccessful.
+
+commit 20f66485526b69eb26f2e70bd835a5e1333559d5
+Author: Ulrich Müller <ulm@gentoo.org>
+Date: Fri Jan 16 09:25:25 2015 +0100
+
+ Allow update-game-score to run sgid instead of suid.
+
+--- emacs-24.4-orig/configure.ac
++++ emacs-24.4/configure.ac
+@@ -313,10 +313,25 @@
+ fi
+
+ AC_ARG_WITH(gameuser,dnl
+-[AS_HELP_STRING([--with-gameuser=USER],[user for shared game score files])])
+-test "X${with_gameuser}" != X && test "${with_gameuser}" != yes \
+- && gameuser="${with_gameuser}"
+-test "X$gameuser" = X && gameuser=games
++[AS_HELP_STRING([--with-gameuser=USER_OR_GROUP],
++ [user for shared game score files.
++ An argument prefixed by ':' specifies a group instead.])])
++gameuser=
++gamegroup=
++case ${with_gameuser} in
++ no) ;;
++ "" | yes)
++ AC_MSG_CHECKING([whether a 'games' user exists])
++ if id -u games >/dev/null 2>&1; then
++ AC_MSG_RESULT([yes])
++ gameuser=games
++ else
++ AC_MSG_RESULT([no])
++ fi
++ ;;
++ :*) gamegroup=`echo "${with_gameuser}" | sed -e "s/://"` ;;
++ *) gameuser=${with_gameuser} ;;
++esac
+
+ AC_ARG_WITH([gnustep-conf],dnl
+ [AS_HELP_STRING([--with-gnustep-conf=FILENAME],
+@@ -4658,6 +4673,7 @@
+ AC_SUBST(bitmapdir)
+ AC_SUBST(gamedir)
+ AC_SUBST(gameuser)
++AC_SUBST(gamegroup)
+ ## FIXME? Nothing uses @LD_SWITCH_X_SITE@.
+ ## src/Makefile.in did add LD_SWITCH_X_SITE (as a cpp define) to the
+ ## end of LIBX_BASE, but nothing ever set it.
+--- emacs-24.4-orig/lib-src/Makefile.in
++++ emacs-24.4/lib-src/Makefile.in
+@@ -101,6 +101,7 @@
+
+ gamedir=@gamedir@
+ gameuser=@gameuser@
++gamegroup=@gamegroup@
+
+ # ==================== Utility Programs for the Build =================
+
+@@ -243,10 +244,25 @@
+ umask 022; ${MKDIR_P} "$(DESTDIR)${gamedir}"; \
+ touch "$(DESTDIR)${gamedir}/snake-scores"; \
+ touch "$(DESTDIR)${gamedir}/tetris-scores"
+- -if chown ${gameuser} "$(DESTDIR)${archlibdir}/update-game-score${EXEEXT}" && chmod u+s "$(DESTDIR)${archlibdir}/update-game-score${EXEEXT}"; then \
+- chown ${gameuser} "$(DESTDIR)${gamedir}"; \
++ifneq ($(gameuser),)
++ if chown ${gameuser} \
++ "$(DESTDIR)${archlibdir}/update-game-score${EXEEXT}" && \
++ chmod u+s,go-r \
++ "$(DESTDIR)${archlibdir}/update-game-score${EXEEXT}"; \
++ then \
++ chown ${gameuser} "$(DESTDIR)${gamedir}" && \
++ chmod u=rwx,g=rx,o=rx "$(DESTDIR)${gamedir}"; \
++ fi
++else ifneq ($(gamegroup),)
++ if chgrp ${gamegroup} \
++ "$(DESTDIR)${archlibdir}/update-game-score${EXEEXT}" && \
++ chmod g+s,o-r \
++ "$(DESTDIR)${archlibdir}/update-game-score${EXEEXT}"; \
++ then \
++ chgrp ${gamegroup} "$(DESTDIR)${gamedir}" && \
+ chmod u=rwx,g=rwx,o=rx "$(DESTDIR)${gamedir}"; \
+ fi
++endif
+ exp_archlibdir=`cd "$(DESTDIR)${archlibdir}" && /bin/pwd`; \
+ if [ "$$exp_archlibdir" != "`cd ${srcdir} && /bin/pwd`" ]; then \
+ for file in ${SCRIPTS}; do \
+--- emacs-24.4-orig/lib-src/update-game-score.c
++++ emacs-24.4/lib-src/update-game-score.c
+@@ -21,8 +21,8 @@
+
+
+ /* This program allows a game to securely and atomically update a
+- score file. It should be installed setuid, owned by an appropriate
+- user like `games'.
++ score file. It should be installed either setuid or setgid, owned
++ by an appropriate user or group like `games'.
+
+ Alternatively, it can be compiled without HAVE_SHARED_GAME_DIR
+ defined, and in that case it will store scores in the user's home
+@@ -89,7 +89,7 @@
+ ptrdiff_t *size, struct score_entry const *newscore);
+ static void sort_scores (struct score_entry *scores, ptrdiff_t count,
+ bool reverse);
+-static int write_scores (const char *filename,
++static int write_scores (const char *filename, mode_t mode,
+ const struct score_entry *scores, ptrdiff_t count);
+
+ static _Noreturn void
+@@ -122,18 +122,19 @@
+ }
+
+ static const char *
+-get_prefix (bool running_suid, const char *user_prefix)
++get_prefix (bool privileged, const char *user_prefix)
+ {
+- if (!running_suid && user_prefix == NULL)
+- lose ("Not using a shared game directory, and no prefix given.");
+- if (running_suid)
++ if (privileged)
+ {
+ #ifdef HAVE_SHARED_GAME_DIR
+ return HAVE_SHARED_GAME_DIR;
+ #else
+- lose ("This program was compiled without HAVE_SHARED_GAME_DIR,\n and should not be suid.");
++ lose ("This program was compiled without HAVE_SHARED_GAME_DIR,\n"
++ "and should not run with elevated privileges.");
+ #endif
+ }
++ if (user_prefix == NULL)
++ lose ("Not using a shared game directory, and no prefix given.");
+ return user_prefix;
+ }
+
+@@ -141,7 +142,7 @@
+ main (int argc, char **argv)
+ {
+ int c;
+- bool running_suid;
++ bool running_suid, running_sgid;
+ void *lockstate;
+ char *scorefile;
+ char *nl;
+@@ -183,8 +184,11 @@
+ usage (EXIT_FAILURE);
+
+ running_suid = (getuid () != geteuid ());
++ running_sgid = (getgid () != getegid ());
++ if (running_suid && running_sgid)
++ lose ("This program can run either suid or sgid, but not both.");
+
+- prefix = get_prefix (running_suid, user_prefix);
++ prefix = get_prefix (running_suid || running_sgid, user_prefix);
+
+ scorefile = malloc (strlen (prefix) + strlen (argv[optind]) + 2);
+ if (!scorefile)
+@@ -234,7 +238,8 @@
+ scores += scorecount - max_scores;
+ scorecount = max_scores;
+ }
+- if (write_scores (scorefile, scores, scorecount) < 0)
++ if (write_scores (scorefile, running_sgid ? 0664 : 0644,
++ scores, scorecount) < 0)
+ {
+ unlock_file (scorefile, lockstate);
+ lose_syserr ("Failed to write scores file");
+@@ -429,8 +434,8 @@
+ }
+
+ static int
+-write_scores (const char *filename, const struct score_entry *scores,
+- ptrdiff_t count)
++write_scores (const char *filename, mode_t mode,
++ const struct score_entry *scores, ptrdiff_t count)
+ {
+ int fd;
+ FILE *f;
+@@ -444,7 +449,7 @@
+ if (fd < 0)
+ return -1;
+ #ifndef DOS_NT
+- if (fchmod (fd, 0644) != 0)
++ if (fchmod (fd, mode) != 0)
+ return -1;
+ #endif
+ f = fdopen (fd, "w");
+@@ -460,7 +465,7 @@
+ if (rename (tempfile, filename) != 0)
+ return -1;
+ #ifdef DOS_NT
+- if (chmod (filename, 0644) < 0)
++ if (chmod (filename, mode) < 0)
+ return -1;
+ #endif
+ return 0;
+--- emacs-24.4-orig/lisp/play/gamegrid.el
++++ emacs-24.4/lisp/play/gamegrid.el
+@@ -486,13 +486,13 @@
+ (not (zerop (logand (file-modes
+ (expand-file-name "update-game-score"
+ exec-directory))
+- #o4000)))))
++ #o6000)))))
+ (cond ((file-name-absolute-p file)
+ (gamegrid-add-score-insecure file score))
+ ((and gamegrid-shared-game-dir
+ (file-exists-p (expand-file-name file shared-game-score-directory)))
+- ;; Use the setuid "update-game-score" program to update a
+- ;; system-wide score file.
++ ;; Use the setuid (or setgid) "update-game-score" program
++ ;; to update a system-wide score file.
+ (gamegrid-add-score-with-update-game-score-1 file
+ (expand-file-name file shared-game-score-directory) score))
+ ;; Else: Add the score to a score file in the user's home
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [gentoo-commits] proj/emacs-tools:patchsets commit in: emacs/23.4/, emacs/24.4/
@ 2015-02-21 8:52 Ulrich Müller
0 siblings, 0 replies; 2+ messages in thread
From: Ulrich Müller @ 2015-02-21 8:52 UTC (permalink / raw
To: gentoo-commits
commit: 425820b6aee3bf5d94b72d3811d1e601d1fa4c50
Author: Ulrich Müller <ulm <AT> gentoo <DOT> org>
AuthorDate: Sat Feb 21 01:07:26 2015 +0000
Commit: Ulrich Müller <ulm <AT> gentoo <DOT> org>
CommitDate: Sat Feb 21 01:07:26 2015 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/emacs-tools.git;a=commit;h=425820b6
Update games-sgid patch for version 23.4 and 24.4.
---
emacs/23.4/23_all_games-sgid.patch | 57 ++++++++++++++++++++++++++++++--------
emacs/24.4/04_all_games-sgid.patch | 57 ++++++++++++++++++++++++++++++--------
2 files changed, 90 insertions(+), 24 deletions(-)
diff --git a/emacs/23.4/23_all_games-sgid.patch b/emacs/23.4/23_all_games-sgid.patch
index c69d089..812ab4c 100644
--- a/emacs/23.4/23_all_games-sgid.patch
+++ b/emacs/23.4/23_all_games-sgid.patch
@@ -1,6 +1,12 @@
Backport support for update-game-score to run sgid instead of suid.
This comprises parts of the following commits from upstream git:
+commit dbde138155118344b33dfd2db95f688a24a42fec
+Author: Ulrich Müller <ulm@gentoo.org>
+Date: Sun Feb 8 21:00:49 2015 +0100
+
+ configure --with-gameuser now defaults to games group.
+
commit 74ab488ff2e57f31eb5290266f0f3b1995ebf83e
Author: Paul Eggert <eggert@cs.ucla.edu>
Date: Thu Jan 22 00:39:30 2015 -0800
@@ -30,7 +36,7 @@ Date: Fri Jan 16 09:25:25 2015 +0100
dnl OPTION_DEFAULT_OFF(NAME, HELP-STRING)
dnl Create a new --with option that defaults to being disabled.
dnl NAME is the base name of the option. The shell variable with_NAME
-@@ -176,10 +174,25 @@
+@@ -176,10 +174,20 @@
CRT_DIR="${with_crt_dir}"
AC_ARG_WITH(gameuser,dnl
@@ -43,24 +49,19 @@ Date: Fri Jan 16 09:25:25 2015 +0100
+ An argument prefixed by ':' specifies a group instead.])])
+gameuser=
+gamegroup=
++# We don't test if we can actually chown/chgrp here, because configure
++# may run without root privileges. lib-src/Makefile.in will handle
++# any errors due to missing user/group gracefully.
+case ${with_gameuser} in
+ no) ;;
-+ "" | yes)
-+ AC_MSG_CHECKING([whether a 'games' user exists])
-+ if id -u games >/dev/null 2>&1; then
-+ AC_MSG_RESULT([yes])
-+ gameuser=games
-+ else
-+ AC_MSG_RESULT([no])
-+ fi
-+ ;;
++ "" | yes) gamegroup=games ;;
+ :*) gamegroup=`echo "${with_gameuser}" | sed -e "s/://"` ;;
+ *) gameuser=${with_gameuser} ;;
+esac
AC_ARG_WITH([gnustep-conf],dnl
[AS_HELP_STRING([--with-gnustep-conf=PATH],[path to GNUstep.conf; default $GNUSTEP_CONFIG_FILE, or /etc/GNUstep/GNUstep.conf])])
-@@ -2708,6 +2721,7 @@
+@@ -2708,6 +2716,7 @@
AC_SUBST(bitmapdir)
AC_SUBST(gamedir)
AC_SUBST(gameuser)
@@ -213,6 +214,38 @@ Date: Fri Jan 16 09:25:25 2015 +0100
}
--- emacs-23.4-orig/lisp/play/gamegrid.el
+++ emacs-23.4/lisp/play/gamegrid.el
+@@ -466,22 +466,22 @@
+ ;; `gamegrid-add-score' was supposed to be used in the past and
+ ;; is covered here for backward-compatibility.
+ ;;
+-;; 2. The helper program "update-game-score" is setuid and the
+-;; file FILE does already exist in a system wide shared game
+-;; directory. This should be the normal case on POSIX systems,
+-;; if the game was installed system wide. Use
++;; 2. The helper program "update-game-score" is setgid or setuid
++;; and the file FILE does already exist in a system wide shared
++;; game directory. This should be the normal case on POSIX
++;; systems, if the game was installed system wide. Use
+ ;; "update-game-score" to add the score to the file in the
+ ;; shared game directory.
+ ;;
+-;; 3. "update-game-score" is setuid, but the file FILE does *not*
+-;; exist in the system wide shared game directory. Use
++;; 3. "update-game-score" is setgid/setuid, but the file FILE does
++;; *not* exist in the system wide shared game directory. Use
+ ;; `gamegrid-add-score-insecure' to create--if necessary--and
+ ;; update FILE. This is for the case that a user has installed
+ ;; a game on her own.
+ ;;
+-;; 4. "update-game-score" is not setuid. Use it to create/update
+-;; FILE in the user's home directory. There is presumably no
+-;; shared game directory.
++;; 4. "update-game-score" is not setgid/setuid. Use it to
++;; create/update FILE in the user's home directory. There is
++;; presumably no shared game directory.
+
+ (defvar gamegrid-shared-game-dir)
+
@@ -491,13 +491,13 @@
(not (zerop (logand (file-modes
(expand-file-name "update-game-score"
@@ -225,7 +258,7 @@ Date: Fri Jan 16 09:25:25 2015 +0100
(file-exists-p (expand-file-name file shared-game-score-directory)))
- ;; Use the setuid "update-game-score" program to update a
- ;; system-wide score file.
-+ ;; Use the setuid (or setgid) "update-game-score" program
++ ;; Use the setgid (or setuid) "update-game-score" program
+ ;; to update a system-wide score file.
(gamegrid-add-score-with-update-game-score-1 file
(expand-file-name file shared-game-score-directory) score))
diff --git a/emacs/24.4/04_all_games-sgid.patch b/emacs/24.4/04_all_games-sgid.patch
index 1c0f43c..882e3ca 100644
--- a/emacs/24.4/04_all_games-sgid.patch
+++ b/emacs/24.4/04_all_games-sgid.patch
@@ -1,6 +1,12 @@
Backport support for update-game-score to run sgid instead of suid.
This comprises parts of the following commits from upstream git:
+commit dbde138155118344b33dfd2db95f688a24a42fec
+Author: Ulrich Müller <ulm@gentoo.org>
+Date: Sun Feb 8 21:00:49 2015 +0100
+
+ configure --with-gameuser now defaults to games group.
+
commit 74ab488ff2e57f31eb5290266f0f3b1995ebf83e
Author: Paul Eggert <eggert@cs.ucla.edu>
Date: Thu Jan 22 00:39:30 2015 -0800
@@ -21,7 +27,7 @@ Date: Fri Jan 16 09:25:25 2015 +0100
--- emacs-24.4-orig/configure.ac
+++ emacs-24.4/configure.ac
-@@ -313,10 +313,25 @@
+@@ -313,10 +313,20 @@
fi
AC_ARG_WITH(gameuser,dnl
@@ -34,24 +40,19 @@ Date: Fri Jan 16 09:25:25 2015 +0100
+ An argument prefixed by ':' specifies a group instead.])])
+gameuser=
+gamegroup=
++# We don't test if we can actually chown/chgrp here, because configure
++# may run without root privileges. lib-src/Makefile.in will handle
++# any errors due to missing user/group gracefully.
+case ${with_gameuser} in
+ no) ;;
-+ "" | yes)
-+ AC_MSG_CHECKING([whether a 'games' user exists])
-+ if id -u games >/dev/null 2>&1; then
-+ AC_MSG_RESULT([yes])
-+ gameuser=games
-+ else
-+ AC_MSG_RESULT([no])
-+ fi
-+ ;;
++ "" | yes) gamegroup=games ;;
+ :*) gamegroup=`echo "${with_gameuser}" | sed -e "s/://"` ;;
+ *) gameuser=${with_gameuser} ;;
+esac
AC_ARG_WITH([gnustep-conf],dnl
[AS_HELP_STRING([--with-gnustep-conf=FILENAME],
-@@ -4658,6 +4673,7 @@
+@@ -4658,6 +4668,7 @@
AC_SUBST(bitmapdir)
AC_SUBST(gamedir)
AC_SUBST(gameuser)
@@ -207,6 +208,38 @@ Date: Fri Jan 16 09:25:25 2015 +0100
return 0;
--- emacs-24.4-orig/lisp/play/gamegrid.el
+++ emacs-24.4/lisp/play/gamegrid.el
+@@ -462,22 +462,22 @@
+ ;; `gamegrid-add-score' was supposed to be used in the past and
+ ;; is covered here for backward-compatibility.
+ ;;
+-;; 2. The helper program "update-game-score" is setuid and the
+-;; file FILE does already exist in a system wide shared game
+-;; directory. This should be the normal case on POSIX systems,
+-;; if the game was installed system wide. Use
++;; 2. The helper program "update-game-score" is setgid or setuid
++;; and the file FILE does already exist in a system wide shared
++;; game directory. This should be the normal case on POSIX
++;; systems, if the game was installed system wide. Use
+ ;; "update-game-score" to add the score to the file in the
+ ;; shared game directory.
+ ;;
+-;; 3. "update-game-score" is setuid, but the file FILE does *not*
+-;; exist in the system wide shared game directory. Use
++;; 3. "update-game-score" is setgid/setuid, but the file FILE does
++;; *not* exist in the system wide shared game directory. Use
+ ;; `gamegrid-add-score-insecure' to create--if necessary--and
+ ;; update FILE. This is for the case that a user has installed
+ ;; a game on her own.
+ ;;
+-;; 4. "update-game-score" is not setuid. Use it to create/update
+-;; FILE in the user's home directory. There is presumably no
+-;; shared game directory.
++;; 4. "update-game-score" is not setgid/setuid. Use it to
++;; create/update FILE in the user's home directory. There is
++;; presumably no shared game directory.
+
+ (defvar gamegrid-shared-game-dir)
+
@@ -486,13 +486,13 @@
(not (zerop (logand (file-modes
(expand-file-name "update-game-score"
@@ -219,7 +252,7 @@ Date: Fri Jan 16 09:25:25 2015 +0100
(file-exists-p (expand-file-name file shared-game-score-directory)))
- ;; Use the setuid "update-game-score" program to update a
- ;; system-wide score file.
-+ ;; Use the setuid (or setgid) "update-game-score" program
++ ;; Use the setgid (or setuid) "update-game-score" program
+ ;; to update a system-wide score file.
(gamegrid-add-score-with-update-game-score-1 file
(expand-file-name file shared-game-score-directory) score))
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2015-02-21 8:52 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-01-23 20:40 [gentoo-commits] proj/emacs-tools:patchsets commit in: emacs/23.4/, emacs/24.4/ Ulrich Müller
-- strict thread matches above, loose matches on Subject: below --
2015-02-21 8:52 Ulrich Müller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox