pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/security/opendoas opendoas: Apply patch for CVE-2019-2...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/2b3274c66352
branches:  trunk
changeset: 445780:2b3274c66352
user:      jperkin <jperkin%pkgsrc.org@localhost>
date:      Fri Jan 29 07:53:38 2021 +0000

description:
opendoas: Apply patch for CVE-2019-25016.

Patch from __skn on IRC.  Thanks!  Bump PKGREVISION.

diffstat:

 security/opendoas/Makefile             |   3 ++-
 security/opendoas/distinfo             |   3 ++-
 security/opendoas/patches/patch-doas.c |  23 +++++++++++++++++++++++
 3 files changed, 27 insertions(+), 2 deletions(-)

diffs (52 lines):

diff -r 2b2724bac36c -r 2b3274c66352 security/opendoas/Makefile
--- a/security/opendoas/Makefile        Fri Jan 29 07:37:07 2021 +0000
+++ b/security/opendoas/Makefile        Fri Jan 29 07:53:38 2021 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.1 2021/01/01 14:28:56 pin Exp $
+# $NetBSD: Makefile,v 1.2 2021/01/29 07:53:38 jperkin Exp $
 
 DISTNAME=      opendoas-6.8
+PKGREVISION=   1
 CATEGORIES=    security
 MASTER_SITES=  ${MASTER_SITE_GITHUB:=duncaen/}
 GITHUB_TAG=    v${PKGVERSION_NOREV}
diff -r 2b2724bac36c -r 2b3274c66352 security/opendoas/distinfo
--- a/security/opendoas/distinfo        Fri Jan 29 07:37:07 2021 +0000
+++ b/security/opendoas/distinfo        Fri Jan 29 07:53:38 2021 +0000
@@ -1,7 +1,8 @@
-$NetBSD: distinfo,v 1.1 2021/01/01 14:28:56 pin Exp $
+$NetBSD: distinfo,v 1.2 2021/01/29 07:53:38 jperkin Exp $
 
 SHA1 (opendoas-6.8.tar.gz) = 11963ee647b7166972512740bc7f648c8aa1272f
 RMD160 (opendoas-6.8.tar.gz) = 56f9c02d81f6ad9925323f1b44d7f7087f1108f0
 SHA512 (opendoas-6.8.tar.gz) = 4a57079bba353247e645bc07a5d4e78fd01471d193e83751fd87b72cffa4e152c0f7ea172563f767a7193b14489f57bc066b4fee50842d30b5b7f7ce918434bb
 Size (opendoas-6.8.tar.gz) = 32307 bytes
 SHA1 (patch-GNUmakefile) = d301c0334ce6ac7992d61681e1852a301557d300
+SHA1 (patch-doas.c) = 3c4e734e3c8f7bf38e2a58ddb1ba4e1eefe99087
diff -r 2b2724bac36c -r 2b3274c66352 security/opendoas/patches/patch-doas.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/opendoas/patches/patch-doas.c    Fri Jan 29 07:53:38 2021 +0000
@@ -0,0 +1,23 @@
+$NetBSD: patch-doas.c,v 1.1 2021/01/29 07:53:38 jperkin Exp $
+
+Fix for CVE-2019-25016 (Unsafe, incomplete PATH reset).
+
+--- doas.c.orig        2020-11-14 15:44:04.000000000 +0000
++++ doas.c
+@@ -386,6 +386,7 @@ main(int argc, char **argv)
+ 
+ #ifdef HAVE_LOGIN_CAP_H
+       if (setusercontext(NULL, targpw, target, LOGIN_SETGROUP |
++          LOGIN_SETPATH |
+           LOGIN_SETPRIORITY | LOGIN_SETRESOURCES | LOGIN_SETUMASK |
+           LOGIN_SETUSER) != 0)
+               errx(1, "failed to set user context for target");
+@@ -396,6 +397,8 @@ main(int argc, char **argv)
+               err(1, "initgroups");
+       if (setresuid(target, target, target) != 0)
+               err(1, "setresuid");
++      if (setenv("PATH", safepath, 1) == -1)
++              err(1, "failed to set PATH '%s'", safepath);
+ #endif
+ 
+       if (getcwd(cwdpath, sizeof(cwdpath)) == NULL)



Home | Main Index | Thread Index | Old Index