zen-parse found a bug in the current implementation of at which leads into a heap corruption vulnerability which in turn could potentially lead into an exploit of the daemon user. I have tried too make a fix for this. But it seemed harder then i tought. At doesnt have central download point or homepage so i wassnt able to find a new version, i searched everywhere. There only came an update from debian. Also the download location in the old at ebuilds are dead and they are patched for using sendmail. ANd senmail isnt even in portage anymore. So i think the best thing to do is drop this program and at it too package.mask.
Ok, will mask but I'll still leave this bug open
finally i found the source for the new at package by manually browsing some debian servers :(( I found out that it was made by a debian devver. still cant atch files :(( at-3.1.8-r11.ebuild ----------------------------------- # Copyright 1999-2002 Gentoo Technologies, Inc. # Distributed under the terms of the GNU General Public License, v2 or later # Ferry Meyndert <m0rpheus@poseidon.mine.nu> P=at_3.1.8-11 S=${WORKDIR}/at-3.1.8 DESCRIPTION="Queues jobs for later execution" SRC_URI="http://ftp.debian.org/debian/pool/main/a/at/${P}.tar.gz" HOMEPAGE="none" DEPEND="virtual/glibc >=sys-devel/flex-2.5.4a" RDEPEND="virtual/glibc" src_unpack() { unpack ${P}.tar.gz cd ${S} } src_compile() { ./configure --host=${CHOST/-pc/} --sysconfdir=/etc/at \ --with-jobdir=/var/cron/atjobs \ --with-atspool=/var/cron/atspool \ --with-etcdir=/etc/at \ --with-daemon_username=at \ --with-daemon_groupname=at || die emake || die } src_install() { into /usr chmod 755 batch chmod 755 atrun dobin at batch fperms 4755 /usr/bin/at dosym at /usr/bin/atrm dosym at /usr/bin/atq dosbin atd atrun for i in atjobs atspool do dodir /var/cron/${i} fperms 700 /var/cron/${i} fowners at.at /var/cron/${i} touch ${D}/var/cron/${i}/.SEQ done exeinto /etc/init.d newexe ${FILESDIR}/atd.rc6 atd insinto /etc/at insopts -m 0644 doins ${FILESDIR}/at.deny doman at.1 at_allow.5 atd.8 atrun.8 dodoc COPYING ChangeLog Copyright Problems README }
Added this as at-3.1.8-r7 and masked all the others.
