CVS commit: pkgsrc/security/opendoas

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/security/opendoas
From: "Jonathan Perkin" <jperkin%netbsd.org@localhost>
Date: Fri, 29 Jan 2021 07:53:39 +0000

Module Name:    pkgsrc
Committed By:   jperkin
Date:           Fri Jan 29 07:53:39 UTC 2021

Modified Files:
        pkgsrc/security/opendoas: Makefile distinfo
Added Files:
        pkgsrc/security/opendoas/patches: patch-doas.c

Log Message:
opendoas: Apply patch for CVE-2019-25016.

Patch from __skn on IRC.  Thanks!  Bump PKGREVISION.


To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 pkgsrc/security/opendoas/Makefile \
    pkgsrc/security/opendoas/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/security/opendoas/patches/patch-doas.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/security/opendoas/Makefile
diff -u pkgsrc/security/opendoas/Makefile:1.1 pkgsrc/security/opendoas/Makefile:1.2
--- pkgsrc/security/opendoas/Makefile:1.1       Fri Jan  1 14:28:56 2021
+++ pkgsrc/security/opendoas/Makefile   Fri Jan 29 07:53:38 2021
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.1 2021/01/01 14:28:56 pin Exp $
+# $NetBSD: Makefile,v 1.2 2021/01/29 07:53:38 jperkin Exp $
 
 DISTNAME=      opendoas-6.8
+PKGREVISION=   1
 CATEGORIES=    security
 MASTER_SITES=  ${MASTER_SITE_GITHUB:=duncaen/}
 GITHUB_TAG=    v${PKGVERSION_NOREV}
Index: pkgsrc/security/opendoas/distinfo
diff -u pkgsrc/security/opendoas/distinfo:1.1 pkgsrc/security/opendoas/distinfo:1.2
--- pkgsrc/security/opendoas/distinfo:1.1       Fri Jan  1 14:28:56 2021
+++ pkgsrc/security/opendoas/distinfo   Fri Jan 29 07:53:38 2021
@@ -1,7 +1,8 @@
-$NetBSD: distinfo,v 1.1 2021/01/01 14:28:56 pin Exp $
+$NetBSD: distinfo,v 1.2 2021/01/29 07:53:38 jperkin Exp $
 
 SHA1 (opendoas-6.8.tar.gz) = 11963ee647b7166972512740bc7f648c8aa1272f
 RMD160 (opendoas-6.8.tar.gz) = 56f9c02d81f6ad9925323f1b44d7f7087f1108f0
 SHA512 (opendoas-6.8.tar.gz) = 4a57079bba353247e645bc07a5d4e78fd01471d193e83751fd87b72cffa4e152c0f7ea172563f767a7193b14489f57bc066b4fee50842d30b5b7f7ce918434bb
 Size (opendoas-6.8.tar.gz) = 32307 bytes
 SHA1 (patch-GNUmakefile) = d301c0334ce6ac7992d61681e1852a301557d300
+SHA1 (patch-doas.c) = 3c4e734e3c8f7bf38e2a58ddb1ba4e1eefe99087

Added files:

Index: pkgsrc/security/opendoas/patches/patch-doas.c
diff -u /dev/null pkgsrc/security/opendoas/patches/patch-doas.c:1.1
--- /dev/null   Fri Jan 29 07:53:39 2021
+++ pkgsrc/security/opendoas/patches/patch-doas.c       Fri Jan 29 07:53:38 2021
@@ -0,0 +1,23 @@
+$NetBSD: patch-doas.c,v 1.1 2021/01/29 07:53:38 jperkin Exp $
+
+Fix for CVE-2019-25016 (Unsafe, incomplete PATH reset).
+
+--- doas.c.orig        2020-11-14 15:44:04.000000000 +0000
++++ doas.c
+@@ -386,6 +386,7 @@ main(int argc, char **argv)
+ 
+ #ifdef HAVE_LOGIN_CAP_H
+       if (setusercontext(NULL, targpw, target, LOGIN_SETGROUP |
++          LOGIN_SETPATH |
+           LOGIN_SETPRIORITY | LOGIN_SETRESOURCES | LOGIN_SETUMASK |
+           LOGIN_SETUSER) != 0)
+               errx(1, "failed to set user context for target");
+@@ -396,6 +397,8 @@ main(int argc, char **argv)
+               err(1, "initgroups");
+       if (setresuid(target, target, target) != 0)
+               err(1, "setresuid");
++      if (setenv("PATH", safepath, 1) == -1)
++              err(1, "failed to set PATH '%s'", safepath);
+ #endif
+ 
+       if (getcwd(cwdpath, sizeof(cwdpath)) == NULL)

Prev by Date: CVS commit: pkgsrc/wm
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/wm
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index