pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/pkgsrc-2008Q2]: pkgsrc/misc/splitvt pullup ticket #2463 requested by ...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/8c35c58ac450
branches:  pkgsrc-2008Q2
changeset: 544206:8c35c58ac450
user:      rtr <rtr%pkgsrc.org@localhost>
date:      Fri Jul 25 09:48:35 2008 +0000

description:
pullup ticket #2463 requested by tonnerre
splitvt: update package for security fix

revisions pulled up:
pkgsrc/misc/splitvt/Makefile            1.20
pkgsrc/misc/splitvt/distinfo            1.5
pkgsrc/misc/splitvt/patches/patch-ab    1.2
pkgsrc/misc/splitvt/patches/patch-ad    1.1

   Module Name: pkgsrc
   Committed By:        tonnerre
   Date:                Fri Jul 25 03:38:01 UTC 2008

   Modified Files:
        pkgsrc/misc/splitvt: Makefile distinfo
        pkgsrc/misc/splitvt/patches: patch-ab
   Added Files:
        pkgsrc/misc/splitvt/patches: patch-ad

   Log Message:
   Update splitvt to 1.6.6 and add patches for the "forgotten setgid()"
   privilege escalation vulnerability (CVE-2008-0162). Also verify the
   return values of setuid()/setgid().

diffstat:

 misc/splitvt/Makefile         |   5 ++---
 misc/splitvt/distinfo         |  11 ++++++-----
 misc/splitvt/patches/patch-ab |  16 ++++++++--------
 misc/splitvt/patches/patch-ad |  42 ++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 58 insertions(+), 16 deletions(-)

diffs (129 lines):

diff -r 4bd963dac65d -r 8c35c58ac450 misc/splitvt/Makefile
--- a/misc/splitvt/Makefile     Fri Jul 25 09:29:26 2008 +0000
+++ b/misc/splitvt/Makefile     Fri Jul 25 09:48:35 2008 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.19 2008/03/04 19:21:12 jlam Exp $
+# $NetBSD: Makefile,v 1.19.6.1 2008/07/25 09:48:35 rtr Exp $
 
-DISTNAME=              splitvt-1.6.3
+DISTNAME=              splitvt-1.6.6
 CATEGORIES=            misc
 MASTER_SITES=          ${MASTER_SITE_SUNSITE:=utils/console/}
 
@@ -10,7 +10,6 @@
 PKG_DESTDIR_SUPPORT=   user-destdir
 
 BUILD_TARGET=
-CONFIGURE_SCRIPT=      ./Configure
 HAS_CONFIGURE=         yes
 INSTALLATION_DIRS=     bin ${PKGMANDIR}/man1
 
diff -r 4bd963dac65d -r 8c35c58ac450 misc/splitvt/distinfo
--- a/misc/splitvt/distinfo     Fri Jul 25 09:29:26 2008 +0000
+++ b/misc/splitvt/distinfo     Fri Jul 25 09:48:35 2008 +0000
@@ -1,8 +1,9 @@
-$NetBSD: distinfo,v 1.4 2005/11/10 18:25:42 joerg Exp $
+$NetBSD: distinfo,v 1.4.24.1 2008/07/25 09:48:35 rtr Exp $
 
-SHA1 (splitvt-1.6.3.tar.gz) = 0a2ca870a770b663b50b92881e31eb3492107cec
-RMD160 (splitvt-1.6.3.tar.gz) = 57606675f2e482fc594b9548f0b3949c222dfd0a
-Size (splitvt-1.6.3.tar.gz) = 57692 bytes
+SHA1 (splitvt-1.6.6.tar.gz) = 8073f4998ae0d772deecc583b61ea7cb92f7186b
+RMD160 (splitvt-1.6.6.tar.gz) = 014a9990ef41414b8488e10c24354bfc9588c4f8
+Size (splitvt-1.6.6.tar.gz) = 64797 bytes
 SHA1 (patch-aa) = ee16f9bb4b04d65c41ff71a6bc961bf3838e3648
-SHA1 (patch-ab) = b62558586fb2cf5a71273369b938612933606310
+SHA1 (patch-ab) = 047b5fceb89fa952780c0d62a20291399e6370f8
 SHA1 (patch-ac) = b98a3c94d27799a4b9d94ccfef0d2de343becdf1
+SHA1 (patch-ad) = ee36e355d76630d734a84ebca0b0531a8cef6b96
diff -r 4bd963dac65d -r 8c35c58ac450 misc/splitvt/patches/patch-ab
--- a/misc/splitvt/patches/patch-ab     Fri Jul 25 09:29:26 2008 +0000
+++ b/misc/splitvt/patches/patch-ab     Fri Jul 25 09:48:35 2008 +0000
@@ -1,17 +1,17 @@
-$NetBSD: patch-ab,v 1.1 2005/11/10 18:25:42 joerg Exp $
+$NetBSD: patch-ab,v 1.1.24.1 2008/07/25 09:48:35 rtr Exp $
 
---- vtmouse.c.orig     2005-11-10 18:18:59.000000000 +0000
+--- vtmouse.c.orig     2007-04-01 19:58:22.000000000 +0200
 +++ vtmouse.c
-@@ -81,7 +81,7 @@ int main(int argc, char *argv[])
+@@ -83,7 +83,7 @@ int main(int argc, char *argv[])
  #endif
  
  /* I/O streams default to stdin and stdout. */
--FILE *xt_input=stdin, *xt_output=stdout;
-+FILE *xt_input = NULL, *xt_output = NULL;
+-static FILE *xt_input, *xt_output;
++static FILE *xt_input = NULL, *xt_output = NULL;
  static int have_xterm=0;
  static int set_title=0;
  static char *old_title=NULL;
-@@ -118,6 +118,9 @@ static char *get_xtitle()
+@@ -120,6 +120,9 @@ static char *get_xtitle()
  static void set_xtitle(titlebar)
  char *titlebar;
  {
@@ -21,7 +21,7 @@
        fprintf(xt_output, "\033]0;%s\07", titlebar);
        fflush(xt_output);
  }
-@@ -166,6 +169,11 @@ struct event *X_event;
+@@ -168,6 +171,11 @@ struct event *X_event;
        window *thiswin;
  #endif
  
@@ -33,7 +33,7 @@
        X_event->happening=0;
  
        if ( have_xterm ) {
-@@ -277,6 +285,9 @@ struct event *X_event;
+@@ -279,6 +287,9 @@ struct event *X_event;
  
  void event_quit()
  {
diff -r 4bd963dac65d -r 8c35c58ac450 misc/splitvt/patches/patch-ad
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/misc/splitvt/patches/patch-ad     Fri Jul 25 09:48:35 2008 +0000
@@ -0,0 +1,42 @@
+$NetBSD: patch-ad,v 1.1.2.2 2008/07/25 09:48:35 rtr Exp $
+
+--- misc.c.orig        2007-04-01 19:56:30.000000000 +0200
++++ misc.c
+@@ -108,8 +108,17 @@ int win;          /* 0 for upper, 1 for lower */
+               /* "touch" the tty so 'w' reports proper idle times */
+               (void) utime(get_ttyname(), NULL);
+ 
++              /* Set our gid to our real gid if necessary */
++              if (setgid(getgid()) != 0) {
++                      perror("setgid");
++                      exit(EXIT_FAILURE);
++              }
++
+               /* Set our uid to our real uid if necessary */
+-              (void) setuid(getuid());
++              if (setuid(getuid()) != 0) {
++                      perror("setgid");
++                      exit(EXIT_FAILURE);
++              }
+                       
+               /* Run the requested program, with possible leading dash. */
+               execvp(((*argv[0] == '-') ? argv[0]+1 : argv[0]), argv);
+@@ -876,8 +885,17 @@ char *type;
+                       }
+                       close(pipe_fds[0]); close(pipe_fds[1]); 
+ 
++                      /* Set our gid to our real gid if necessary */
++                      if (setgid(getgid()) != 0) {
++                              perror("setgid");
++                              exit(EXIT_FAILURE);
++                      }
++
+                       /* Set our uid to our real uid if necessary */
+-                      (void) setuid(getuid());
++                      if (setuid(getuid()) != 0) {
++                              perror("setuid");
++                              exit(EXIT_FAILURE);
++                      }
+                       
+                       /* Run the requested program */
+                       argv[0]="/bin/sh";



Home | Main Index | Thread Index | Old Index