[pkgsrc/trunk]: pkgsrc/www/privoxy give up supplementary group memberships on...

[drochner <drochner%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/4f41bebfdeec
branches:  trunk
changeset: 553955:4f41bebfdeec
user:      drochner <drochner%pkgsrc.org@localhost>
date:      Wed Feb 04 21:20:39 2009 +0000

description:
give up supplementary group memberships on uid/gid switch, fixes
unexpected privileges reported in PR pkg/40532 by Cem Kayali,
the issue is being discussed with upstream,
thanks to Cem for detailed reports,
also back out explicit passing of PRIVOXY_GROUP to the program --
while it does not hurt it is redundant because PRIVOXY_GROUP is already
the primary group of PRIVOXY_USER

diffstat:

 www/privoxy/Makefile         |   5 ++---
 www/privoxy/distinfo         |   3 ++-
 www/privoxy/files/privoxy.sh |   5 ++---
 www/privoxy/patches/patch-af |  15 +++++++++++++++
 4 files changed, 21 insertions(+), 7 deletions(-)

diffs (78 lines):

diff -r d853afcff23f -r 4f41bebfdeec www/privoxy/Makefile
--- a/www/privoxy/Makefile      Wed Feb 04 21:17:45 2009 +0000
+++ b/www/privoxy/Makefile      Wed Feb 04 21:20:39 2009 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.35 2009/02/02 20:00:40 jnemeth Exp $
+# $NetBSD: Makefile,v 1.36 2009/02/04 21:20:39 drochner Exp $
 #
 
 DISTNAME=      ${PKGNAME_NOREV}-stable-src
 PKGNAME=       privoxy-3.0.8
-PKGREVISION=   1
+PKGREVISION=   2
 CATEGORIES=    www
 MASTER_SITES=  ${MASTER_SITE_SOURCEFORGE:=ijbswa/}
 
@@ -55,7 +55,6 @@
 OWN_DIRS_PERMS+=       /var/log/privoxy ${USER_GROUP} 0775
 
 FILES_SUBST+=          PRIVOXY_USER=${PRIVOXY_USER:Q}
-FILES_SUBST+=          PRIVOXY_USER=${PRIVOXY_GROUP:Q}
 
 SUBST_CLASSES+=                paths
 SUBST_FILES.paths=     config
diff -r d853afcff23f -r 4f41bebfdeec www/privoxy/distinfo
--- a/www/privoxy/distinfo      Wed Feb 04 21:17:45 2009 +0000
+++ b/www/privoxy/distinfo      Wed Feb 04 21:20:39 2009 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.8 2008/06/13 13:45:46 drochner Exp $
+$NetBSD: distinfo,v 1.9 2009/02/04 21:20:39 drochner Exp $
 
 SHA1 (privoxy-3.0.8-stable-src.tar.gz) = 7fe2b7afde4066ef1f170f5f11850cf9da428a42
 RMD160 (privoxy-3.0.8-stable-src.tar.gz) = 604dd61a22dc74d06d4adaa4b3c87e4d5da5149b
@@ -7,3 +7,4 @@
 SHA1 (patch-ac) = e39ffe694462b952c5ad66ac577a0acbee0a1d9f
 SHA1 (patch-ad) = d5d6fe935ff98a45ebbd209a5c7126cb5e42ae1a
 SHA1 (patch-ae) = 5cd064cd6b35196d32272bbbdc181a1e48d9be8f
+SHA1 (patch-af) = 8d572ece2f2d5cedcc7694ddda0b79e4453671ff
diff -r d853afcff23f -r 4f41bebfdeec www/privoxy/files/privoxy.sh
--- a/www/privoxy/files/privoxy.sh      Wed Feb 04 21:17:45 2009 +0000
+++ b/www/privoxy/files/privoxy.sh      Wed Feb 04 21:20:39 2009 +0000
@@ -1,6 +1,6 @@
 #!@RCD_SCRIPTS_SHELL@
 #
-# $NetBSD: privoxy.sh,v 1.4 2009/02/02 20:00:40 jnemeth Exp $
+# $NetBSD: privoxy.sh,v 1.5 2009/02/04 21:20:39 drochner Exp $
 #
 
 # PROVIDE: privoxy
@@ -14,9 +14,8 @@
 pidfile="/var/run/${name}.pid"
 pconfig="@PKG_SYSCONFDIR@/config"
 puser="@PRIVOXY_USER@"
-pgroup="@PRIVOXY_GROUP@"
 required_files="$pconfig"
-command_args="--pidfile ${pidfile} --user ${puser}.${pgroup} ${pconfig} 2>/dev/null"
+command_args="--pidfile ${pidfile} --user ${puser} ${pconfig} 2>/dev/null"
 
 load_rc_config $name
 run_rc_command "$1"
diff -r d853afcff23f -r 4f41bebfdeec www/privoxy/patches/patch-af
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/www/privoxy/patches/patch-af      Wed Feb 04 21:20:39 2009 +0000
@@ -0,0 +1,15 @@
+$NetBSD: patch-af,v 1.1 2009/02/04 21:20:39 drochner Exp $
+
+--- ./jcc.c.orig       2007-12-16 19:32:46.000000000 +0100
++++ ./jcc.c
+@@ -3299,6 +3299,10 @@ int main(int argc, const char *argv[])
+       {
+          log_error(LOG_LEVEL_FATAL, "Cannot setgid(): Insufficient permissions.");
+       }
++      if (grp)
++      setgroups(1, &grp->gr_gid);
++      else
++              initgroups(pw->pw_name, pw->pw_gid);
+       if (do_chroot)
+       {
+          if (!pw->pw_dir)