From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 148B01381DF for ; Tue, 16 Feb 2016 20:58:46 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 9D3C4E07AE; Tue, 16 Feb 2016 20:58:45 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 31F8FE07AE for ; Tue, 16 Feb 2016 20:58:45 +0000 (UTC) Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id EB4E5340C6F for ; Tue, 16 Feb 2016 20:58:43 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 9E3E2E5F for ; Tue, 16 Feb 2016 20:58:38 +0000 (UTC) From: "Lars Wendler" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Lars Wendler" Message-ID: <1455656276.7c64231d37ba906f77ddc02e8f67b6d784e69b1f.polynomial-c@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: sys-auth/libfprint/files/, sys-auth/libfprint/ X-VCS-Repository: repo/gentoo X-VCS-Files: sys-auth/libfprint/files/libfprint-0.6.0-fix-udev-rules.patch sys-auth/libfprint/libfprint-0.6.0-r2.ebuild X-VCS-Directories: sys-auth/libfprint/ sys-auth/libfprint/files/ X-VCS-Committer: polynomial-c X-VCS-Committer-Name: Lars Wendler X-VCS-Revision: 7c64231d37ba906f77ddc02e8f67b6d784e69b1f X-VCS-Branch: master Date: Tue, 16 Feb 2016 20:58:38 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 87cf48dd-683e-43ca-a872-907525d2f62d X-Archives-Hash: 0851f7f45f7610dc0c2f0ab190781e78 commit: 7c64231d37ba906f77ddc02e8f67b6d784e69b1f Author: Lars Wendler gentoo org> AuthorDate: Tue Feb 16 20:57:56 2016 +0000 Commit: Lars Wendler gentoo org> CommitDate: Tue Feb 16 20:57:56 2016 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7c64231d sys-auth/libfprint: Security revbump fixing broken udev rule (bug #562218). Package-Manager: portage-2.2.27 Signed-off-by: Lars Wendler gentoo.org> .../files/libfprint-0.6.0-fix-udev-rules.patch | 23 +++++++++ sys-auth/libfprint/libfprint-0.6.0-r2.ebuild | 60 ++++++++++++++++++++++ 2 files changed, 83 insertions(+) diff --git a/sys-auth/libfprint/files/libfprint-0.6.0-fix-udev-rules.patch b/sys-auth/libfprint/files/libfprint-0.6.0-fix-udev-rules.patch new file mode 100644 index 0000000..128ac8c --- /dev/null +++ b/sys-auth/libfprint/files/libfprint-0.6.0-fix-udev-rules.patch @@ -0,0 +1,23 @@ +Remove spurious \n to fix udev rule generation + +Steven Newbury : +libfprint generates 60-fprint-autosuspend.rules for all supported devices, +however there's a spurious \n before the ', MODE="0666"' which results in it +appearing on a new line after the match criteria. At least on current +systemd/udev this results in MODE="0666" being applied unconditionally to all +device nodes. This is an extremely serious security problem and effectively +gives root access to all users simply by having the ebuild emerged. + +https://bugs.gentoo.org/562218 + +--- a/libfprint/fprint-list-udev-rules.c ++++ b/libfprint/fprint-list-udev-rules.c +@@ -74,7 +74,7 @@ + if (num_printed == 0) + printf ("# %s\n", driver->full_name); + +- printf ("SUBSYSTEM==\"usb\", ATTRS{idVendor}==\"%04x\", ATTRS{idProduct}==\"%04x\", ATTRS{dev}==\"*\", TEST==\"power/control\", ATTR{power/control}=\"auto\"\n, MODE=\"0666\"\n", driver->id_table[i].vendor, driver->id_table[i].product); ++ printf ("SUBSYSTEM==\"usb\", ATTRS{idVendor}==\"%04x\", ATTRS{idProduct}==\"%04x\", ATTRS{dev}==\"*\", TEST==\"power/control\", ATTR{power/control}=\"auto\", MODE=\"0666\"\n", driver->id_table[i].vendor, driver->id_table[i].product); + printf ("SUBSYSTEM==\"usb\", ATTRS{idVendor}==\"%04x\", ATTRS{idProduct}==\"%04x\", ENV{LIBFPRINT_DRIVER}=\"%s\"\n", driver->id_table[i].vendor, driver->id_table[i].product, driver->full_name); + num_printed++; + } diff --git a/sys-auth/libfprint/libfprint-0.6.0-r2.ebuild b/sys-auth/libfprint/libfprint-0.6.0-r2.ebuild new file mode 100644 index 0000000..4597a21 --- /dev/null +++ b/sys-auth/libfprint/libfprint-0.6.0-r2.ebuild @@ -0,0 +1,60 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=6 + +inherit autotools eutils udev vcs-snapshot + +MY_PV="V_${PV//./_}" +DESCRIPTION="library to add support for consumer fingerprint readers" +HOMEPAGE="http://cgit.freedesktop.org/libfprint/libfprint/" +SRC_URI="http://cgit.freedesktop.org/${PN}/${PN}/snapshot/${MY_PV}.tar.bz2 -> ${P}.tar.bz2 + https://dev.gentoo.org/~xmw/${P}_vfs0050.patch.gz" + +LICENSE="LGPL-2.1" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~ia64 ~ppc ~ppc64 ~x86" +IUSE="debug static-libs vanilla" + +RDEPEND="virtual/libusb:1 + dev-libs/glib:2 + dev-libs/nss + x11-libs/pixman" +DEPEND="${RDEPEND} + virtual/pkgconfig" + +PATCHES=( + "${FILESDIR}/${P}-fix-udev-rules.patch" +) + +src_prepare() { + if ! use vanilla ; then + eapply "${WORKDIR}"/${P}_vfs0050.patch + fi + + default + + # upeke2 and fdu2000 were missing from all_drivers. + sed -e '/^all_drivers=/s:"$: upeke2 fdu2000":' \ + -i configure.ac || die + + eautoreconf +} + +src_configure() { + econf \ + --with-drivers=all \ + $(use_enable debug debug-log) \ + $(use_enable static-libs static) \ + -enable-udev-rules \ + --with-udev-rules-dir=$(get_udevdir)/rules.d +} + +src_install() { + default + + prune_libtool_files + + dodoc AUTHORS HACKING NEWS README THANKS TODO +}