summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorbsiegert <bsiegert@pkgsrc.org>2015-12-29 23:09:35 +0000
committerbsiegert <bsiegert@pkgsrc.org>2015-12-29 23:09:35 +0000
commit5d6af474a56e5eb9b3a9e5d02180eb422a5855eb (patch)
tree19c382dcc5087ce26783f067803841e856f44efc
parent5eefb465144b67a8f0d95b6713184238a150dead (diff)
downloadpkgsrc-5d6af474a56e5eb9b3a9e5d02180eb422a5855eb.tar.gz
Add a patch for CVS-2014-2980: Tools/gdomap.c in gdomap in GNUstep Base 1.24.6
and earlier, when run in daemon mode, does not properly handle the file descriptor for the logger, which allows remote attackers to cause a denial of service (abort) via an invalid request. Bump pkgrevision.
Diffstat
-rw-r--r--devel/gnustep-base/Makefile4
-rw-r--r--devel/gnustep-base/distinfo3
-rw-r--r--devel/gnustep-base/patches/patch-Tools_gdomap.c70
3 files changed, 74 insertions, 3 deletions
diff --git a/devel/gnustep-base/Makefile b/devel/gnustep-base/Makefile
index a56400456ec..14e792048a0 100644
--- a/devel/gnustep-base/Makefile
+++ b/devel/gnustep-base/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.64 2015/10/10 01:57:52 ryoon Exp $
+# $NetBSD: Makefile,v 1.65 2015/12/29 23:09:35 bsiegert Exp $
DISTNAME= gnustep-base-1.24.0
-PKGREVISION= 10
+PKGREVISION= 11
CATEGORIES= devel gnustep
MASTER_SITES= ${MASTER_SITE_GNUSTEP:=core/}
diff --git a/devel/gnustep-base/distinfo b/devel/gnustep-base/distinfo
index efd4de6671a..20363833ecf 100644
--- a/devel/gnustep-base/distinfo
+++ b/devel/gnustep-base/distinfo
@@ -1,10 +1,11 @@
-$NetBSD: distinfo,v 1.30 2015/11/03 03:27:29 agc Exp $
+$NetBSD: distinfo,v 1.31 2015/12/29 23:09:35 bsiegert Exp $
SHA1 (gnustep-base-1.24.0.tar.gz) = 4d73df5b5a594213a4c7a0ed97fc04d10c9ced69
RMD160 (gnustep-base-1.24.0.tar.gz) = 3710966cac708c5f22b1e5eaee456951791a1620
SHA512 (gnustep-base-1.24.0.tar.gz) = 9232fed3439ee5e514e9c9194ef61ca8f1fbef294dc292e0b8ea0dd782e0e73ffda263f1a9e951e04d5dd379efae609f1f1a6ad4c9a606905a45b5daaa389049
Size (gnustep-base-1.24.0.tar.gz) = 2947759 bytes
SHA1 (patch-Headers_GNUstepBase_GSConfig.h.in) = be5b7e9fd79dcb08a260caaf3092ddf7975ebbdc
+SHA1 (patch-Tools_gdomap.c) = 380ce89baa8e07ac63c44e80aea6185e41d6ee9b
SHA1 (patch-aa) = f1298afa2775a45e0c9a04752ab28e5d8e898965
SHA1 (patch-ab) = 1d56de33bc1320962b763ab6b7b50c38751e3210
SHA1 (patch-ac) = 4e8e209ad202385948d0f4b0d29e5e61e01da410
diff --git a/devel/gnustep-base/patches/patch-Tools_gdomap.c b/devel/gnustep-base/patches/patch-Tools_gdomap.c
new file mode 100644
index 00000000000..49f65726586
--- /dev/null
+++ b/devel/gnustep-base/patches/patch-Tools_gdomap.c
@@ -0,0 +1,70 @@
+$NetBSD: patch-Tools_gdomap.c,v 1.1 2015/12/29 23:09:35 bsiegert Exp $
+
+Fix for CVE-2014-2980.
+http://svn.gna.org/viewcvs/gnustep/libs/base/trunk/Tools/gdomap.c?view=patch&r1=37756&r2=37755&pathrev=37756
+
+--- Tools/gdomap.c.orig 2011-10-25 08:02:38.000000000 +0000
++++ Tools/gdomap.c
+@@ -279,7 +279,7 @@ static char ebuf[2048];
+
+ #if defined(HAVE_SYSLOG)
+
+-static int log_priority;
++static int log_priority = 0;
+
+ static void
+ gdomap_log (int prio)
+@@ -4422,16 +4422,7 @@ main(int argc, char** argv)
+ const char *machine = 0;
+ const char *lookupf = 0;
+ int donamesf = 0;
+-
+-#if defined(HAVE_SYSLOG)
+- /* Initially, gdomap_log errors to stderr as well as to syslogd. */
+-#if defined(SYSLOG_4_2)
+- openlog ("gdomap", LOG_NDELAY);
+- log_priority = LOG_DAEMON;
+-#else
+- openlog ("gdomap", LOG_NDELAY, LOG_DAEMON);
+-#endif
+-#endif
++ int forked = 0;
+
+ #if defined(__MINGW__)
+ WORD wVersionRequested;
+@@ -4783,7 +4774,6 @@ printf(
+ #else
+ if (nofork == 0)
+ {
+- is_daemon = 1;
+ /*
+ * Now fork off child process to run in background.
+ */
+@@ -4797,6 +4787,7 @@ printf(
+ /*
+ * Try to run in background.
+ */
++ forked = 1;
+ #if defined(NeXT)
+ setpgrp(0, getpid());
+ #else
+@@ -4856,6 +4847,19 @@ printf(
+
+ #endif /* !__MINGW__ */
+
++ if (forked)
++ {
++ is_daemon = 1;
++#if defined(HAVE_SYSLOG)
++#if defined(SYSLOG_4_2)
++ openlog ("gdomap", LOG_NDELAY);
++ log_priority = LOG_DAEMON;
++#elif !defined(HAVE_SLOGF)
++ openlog ("gdomap", LOG_NDELAY, LOG_DAEMON);
++#endif
++#endif
++ }
++
+ init_my_port(); /* Determine port to listen on. */
+ init_ports(); /* Create ports to handle requests. */
+
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-21 08:31:18 +0000