pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2008Q2]: pkgsrc/misc/splitvt pullup ticket #2463 requested by ...
details: https://anonhg.NetBSD.org/pkgsrc/rev/8c35c58ac450
branches: pkgsrc-2008Q2
changeset: 544206:8c35c58ac450
user: rtr <rtr%pkgsrc.org@localhost>
date: Fri Jul 25 09:48:35 2008 +0000
description:
pullup ticket #2463 requested by tonnerre
splitvt: update package for security fix
revisions pulled up:
pkgsrc/misc/splitvt/Makefile 1.20
pkgsrc/misc/splitvt/distinfo 1.5
pkgsrc/misc/splitvt/patches/patch-ab 1.2
pkgsrc/misc/splitvt/patches/patch-ad 1.1
Module Name: pkgsrc
Committed By: tonnerre
Date: Fri Jul 25 03:38:01 UTC 2008
Modified Files:
pkgsrc/misc/splitvt: Makefile distinfo
pkgsrc/misc/splitvt/patches: patch-ab
Added Files:
pkgsrc/misc/splitvt/patches: patch-ad
Log Message:
Update splitvt to 1.6.6 and add patches for the "forgotten setgid()"
privilege escalation vulnerability (CVE-2008-0162). Also verify the
return values of setuid()/setgid().
diffstat:
misc/splitvt/Makefile | 5 ++---
misc/splitvt/distinfo | 11 ++++++-----
misc/splitvt/patches/patch-ab | 16 ++++++++--------
misc/splitvt/patches/patch-ad | 42 ++++++++++++++++++++++++++++++++++++++++++
4 files changed, 58 insertions(+), 16 deletions(-)
diffs (129 lines):
diff -r 4bd963dac65d -r 8c35c58ac450 misc/splitvt/Makefile
--- a/misc/splitvt/Makefile Fri Jul 25 09:29:26 2008 +0000
+++ b/misc/splitvt/Makefile Fri Jul 25 09:48:35 2008 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.19 2008/03/04 19:21:12 jlam Exp $
+# $NetBSD: Makefile,v 1.19.6.1 2008/07/25 09:48:35 rtr Exp $
-DISTNAME= splitvt-1.6.3
+DISTNAME= splitvt-1.6.6
CATEGORIES= misc
MASTER_SITES= ${MASTER_SITE_SUNSITE:=utils/console/}
@@ -10,7 +10,6 @@
PKG_DESTDIR_SUPPORT= user-destdir
BUILD_TARGET=
-CONFIGURE_SCRIPT= ./Configure
HAS_CONFIGURE= yes
INSTALLATION_DIRS= bin ${PKGMANDIR}/man1
diff -r 4bd963dac65d -r 8c35c58ac450 misc/splitvt/distinfo
--- a/misc/splitvt/distinfo Fri Jul 25 09:29:26 2008 +0000
+++ b/misc/splitvt/distinfo Fri Jul 25 09:48:35 2008 +0000
@@ -1,8 +1,9 @@
-$NetBSD: distinfo,v 1.4 2005/11/10 18:25:42 joerg Exp $
+$NetBSD: distinfo,v 1.4.24.1 2008/07/25 09:48:35 rtr Exp $
-SHA1 (splitvt-1.6.3.tar.gz) = 0a2ca870a770b663b50b92881e31eb3492107cec
-RMD160 (splitvt-1.6.3.tar.gz) = 57606675f2e482fc594b9548f0b3949c222dfd0a
-Size (splitvt-1.6.3.tar.gz) = 57692 bytes
+SHA1 (splitvt-1.6.6.tar.gz) = 8073f4998ae0d772deecc583b61ea7cb92f7186b
+RMD160 (splitvt-1.6.6.tar.gz) = 014a9990ef41414b8488e10c24354bfc9588c4f8
+Size (splitvt-1.6.6.tar.gz) = 64797 bytes
SHA1 (patch-aa) = ee16f9bb4b04d65c41ff71a6bc961bf3838e3648
-SHA1 (patch-ab) = b62558586fb2cf5a71273369b938612933606310
+SHA1 (patch-ab) = 047b5fceb89fa952780c0d62a20291399e6370f8
SHA1 (patch-ac) = b98a3c94d27799a4b9d94ccfef0d2de343becdf1
+SHA1 (patch-ad) = ee36e355d76630d734a84ebca0b0531a8cef6b96
diff -r 4bd963dac65d -r 8c35c58ac450 misc/splitvt/patches/patch-ab
--- a/misc/splitvt/patches/patch-ab Fri Jul 25 09:29:26 2008 +0000
+++ b/misc/splitvt/patches/patch-ab Fri Jul 25 09:48:35 2008 +0000
@@ -1,17 +1,17 @@
-$NetBSD: patch-ab,v 1.1 2005/11/10 18:25:42 joerg Exp $
+$NetBSD: patch-ab,v 1.1.24.1 2008/07/25 09:48:35 rtr Exp $
---- vtmouse.c.orig 2005-11-10 18:18:59.000000000 +0000
+--- vtmouse.c.orig 2007-04-01 19:58:22.000000000 +0200
+++ vtmouse.c
-@@ -81,7 +81,7 @@ int main(int argc, char *argv[])
+@@ -83,7 +83,7 @@ int main(int argc, char *argv[])
#endif
/* I/O streams default to stdin and stdout. */
--FILE *xt_input=stdin, *xt_output=stdout;
-+FILE *xt_input = NULL, *xt_output = NULL;
+-static FILE *xt_input, *xt_output;
++static FILE *xt_input = NULL, *xt_output = NULL;
static int have_xterm=0;
static int set_title=0;
static char *old_title=NULL;
-@@ -118,6 +118,9 @@ static char *get_xtitle()
+@@ -120,6 +120,9 @@ static char *get_xtitle()
static void set_xtitle(titlebar)
char *titlebar;
{
@@ -21,7 +21,7 @@
fprintf(xt_output, "\033]0;%s\07", titlebar);
fflush(xt_output);
}
-@@ -166,6 +169,11 @@ struct event *X_event;
+@@ -168,6 +171,11 @@ struct event *X_event;
window *thiswin;
#endif
@@ -33,7 +33,7 @@
X_event->happening=0;
if ( have_xterm ) {
-@@ -277,6 +285,9 @@ struct event *X_event;
+@@ -279,6 +287,9 @@ struct event *X_event;
void event_quit()
{
diff -r 4bd963dac65d -r 8c35c58ac450 misc/splitvt/patches/patch-ad
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/misc/splitvt/patches/patch-ad Fri Jul 25 09:48:35 2008 +0000
@@ -0,0 +1,42 @@
+$NetBSD: patch-ad,v 1.1.2.2 2008/07/25 09:48:35 rtr Exp $
+
+--- misc.c.orig 2007-04-01 19:56:30.000000000 +0200
++++ misc.c
+@@ -108,8 +108,17 @@ int win; /* 0 for upper, 1 for lower */
+ /* "touch" the tty so 'w' reports proper idle times */
+ (void) utime(get_ttyname(), NULL);
+
++ /* Set our gid to our real gid if necessary */
++ if (setgid(getgid()) != 0) {
++ perror("setgid");
++ exit(EXIT_FAILURE);
++ }
++
+ /* Set our uid to our real uid if necessary */
+- (void) setuid(getuid());
++ if (setuid(getuid()) != 0) {
++ perror("setgid");
++ exit(EXIT_FAILURE);
++ }
+
+ /* Run the requested program, with possible leading dash. */
+ execvp(((*argv[0] == '-') ? argv[0]+1 : argv[0]), argv);
+@@ -876,8 +885,17 @@ char *type;
+ }
+ close(pipe_fds[0]); close(pipe_fds[1]);
+
++ /* Set our gid to our real gid if necessary */
++ if (setgid(getgid()) != 0) {
++ perror("setgid");
++ exit(EXIT_FAILURE);
++ }
++
+ /* Set our uid to our real uid if necessary */
+- (void) setuid(getuid());
++ if (setuid(getuid()) != 0) {
++ perror("setuid");
++ exit(EXIT_FAILURE);
++ }
+
+ /* Run the requested program */
+ argv[0]="/bin/sh";
Home |
Main Index |
Thread Index |
Old Index