Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/sys-auth
diff options
context:
space:
mode:
Diffstat (limited to 'sys-auth')
-rw-r--r--sys-auth/libfprint/files/libfprint-0.6.0-fix-udev-rules.patch23
-rw-r--r--sys-auth/libfprint/libfprint-0.6.0-r2.ebuild60
2 files changed, 83 insertions, 0 deletions
diff --git a/sys-auth/libfprint/files/libfprint-0.6.0-fix-udev-rules.patch b/sys-auth/libfprint/files/libfprint-0.6.0-fix-udev-rules.patch
new file mode 100644
index 000000000000..128ac8ce311b
--- /dev/null
+++ b/sys-auth/libfprint/files/libfprint-0.6.0-fix-udev-rules.patch
@@ -0,0 +1,23 @@
+Remove spurious \n to fix udev rule generation
+
+Steven Newbury <steve@snewbury.org.uk>:
+libfprint generates 60-fprint-autosuspend.rules for all supported devices,
+however there's a spurious \n before the ', MODE="0666"' which results in it
+appearing on a new line after the match criteria. At least on current
+systemd/udev this results in MODE="0666" being applied unconditionally to all
+device nodes. This is an extremely serious security problem and effectively
+gives root access to all users simply by having the ebuild emerged.
+
+https://bugs.gentoo.org/562218
+
+--- a/libfprint/fprint-list-udev-rules.c
++++ b/libfprint/fprint-list-udev-rules.c
+@@ -74,7 +74,7 @@
+ if (num_printed == 0)
+ printf ("# %s\n", driver->full_name);
+
+- printf ("SUBSYSTEM==\"usb\", ATTRS{idVendor}==\"%04x\", ATTRS{idProduct}==\"%04x\", ATTRS{dev}==\"*\", TEST==\"power/control\", ATTR{power/control}=\"auto\"\n, MODE=\"0666\"\n", driver->id_table[i].vendor, driver->id_table[i].product);
++ printf ("SUBSYSTEM==\"usb\", ATTRS{idVendor}==\"%04x\", ATTRS{idProduct}==\"%04x\", ATTRS{dev}==\"*\", TEST==\"power/control\", ATTR{power/control}=\"auto\", MODE=\"0666\"\n", driver->id_table[i].vendor, driver->id_table[i].product);
+ printf ("SUBSYSTEM==\"usb\", ATTRS{idVendor}==\"%04x\", ATTRS{idProduct}==\"%04x\", ENV{LIBFPRINT_DRIVER}=\"%s\"\n", driver->id_table[i].vendor, driver->id_table[i].product, driver->full_name);
+ num_printed++;
+ }
diff --git a/sys-auth/libfprint/libfprint-0.6.0-r2.ebuild b/sys-auth/libfprint/libfprint-0.6.0-r2.ebuild
new file mode 100644
index 000000000000..4597a21ead14
--- /dev/null
+++ b/sys-auth/libfprint/libfprint-0.6.0-r2.ebuild
@@ -0,0 +1,60 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+inherit autotools eutils udev vcs-snapshot
+
+MY_PV="V_${PV//./_}"
+DESCRIPTION="library to add support for consumer fingerprint readers"
+HOMEPAGE="http://cgit.freedesktop.org/libfprint/libfprint/"
+SRC_URI="http://cgit.freedesktop.org/${PN}/${PN}/snapshot/${MY_PV}.tar.bz2 -> ${P}.tar.bz2
+ https://dev.gentoo.org/~xmw/${P}_vfs0050.patch.gz"
+
+LICENSE="LGPL-2.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~ia64 ~ppc ~ppc64 ~x86"
+IUSE="debug static-libs vanilla"
+
+RDEPEND="virtual/libusb:1
+ dev-libs/glib:2
+ dev-libs/nss
+ x11-libs/pixman"
+DEPEND="${RDEPEND}
+ virtual/pkgconfig"
+
+PATCHES=(
+ "${FILESDIR}/${P}-fix-udev-rules.patch"
+)
+
+src_prepare() {
+ if ! use vanilla ; then
+ eapply "${WORKDIR}"/${P}_vfs0050.patch
+ fi
+
+ default
+
+ # upeke2 and fdu2000 were missing from all_drivers.
+ sed -e '/^all_drivers=/s:"$: upeke2 fdu2000":' \
+ -i configure.ac || die
+
+ eautoreconf
+}
+
+src_configure() {
+ econf \
+ --with-drivers=all \
+ $(use_enable debug debug-log) \
+ $(use_enable static-libs static) \
+ -enable-udev-rules \
+ --with-udev-rules-dir=$(get_udevdir)/rules.d
+}
+
+src_install() {
+ default
+
+ prune_libtool_files
+
+ dodoc AUTHORS HACKING NEWS README THANKS TODO
+}