diff options
| author | drochner <drochner@pkgsrc.org> | 2009-02-04 21:20:39 +0000 |
|---|---|---|
| committer | drochner <drochner@pkgsrc.org> | 2009-02-04 21:20:39 +0000 |
| commit | f9e431ab2a215ec706c139e77f646e3a9624d541 (patch) | |
| tree | 3ee79e717908c65966c034b0a72681074948b06a | |
| parent | 7ad8d09044f08fb4ddd76b0ede7630b2217dc040 (diff) | |
| download | pkgsrc-f9e431ab2a215ec706c139e77f646e3a9624d541.tar.gz | |
give up supplementary group memberships on uid/gid switch, fixes
unexpected privileges reported in PR pkg/40532 by Cem Kayali,
the issue is being discussed with upstream,
thanks to Cem for detailed reports,
also back out explicit passing of PRIVOXY_GROUP to the program --
while it does not hurt it is redundant because PRIVOXY_GROUP is already
the primary group of PRIVOXY_USER
| -rw-r--r-- | www/privoxy/Makefile | 5 | ||||
| -rw-r--r-- | www/privoxy/distinfo | 3 | ||||
| -rwxr-xr-x | www/privoxy/files/privoxy.sh | 5 | ||||
| -rw-r--r-- | www/privoxy/patches/patch-af | 15 |
4 files changed, 21 insertions, 7 deletions
diff --git a/www/privoxy/Makefile b/www/privoxy/Makefile index a115cc285dc..59c745a931e 100644 --- a/www/privoxy/Makefile +++ b/www/privoxy/Makefile @@ -1,9 +1,9 @@ -# $NetBSD: Makefile,v 1.35 2009/02/02 20:00:40 jnemeth Exp $ +# $NetBSD: Makefile,v 1.36 2009/02/04 21:20:39 drochner Exp $ # DISTNAME= ${PKGNAME_NOREV}-stable-src PKGNAME= privoxy-3.0.8 -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES= www MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=ijbswa/} @@ -55,7 +55,6 @@ CONF_FILES_PERMS+= ${EGDIR}/${i} ${PKG_SYSCONFDIR}/${i} ${USER_GROUP} 0660 OWN_DIRS_PERMS+= /var/log/privoxy ${USER_GROUP} 0775 FILES_SUBST+= PRIVOXY_USER=${PRIVOXY_USER:Q} -FILES_SUBST+= PRIVOXY_USER=${PRIVOXY_GROUP:Q} SUBST_CLASSES+= paths SUBST_FILES.paths= config diff --git a/www/privoxy/distinfo b/www/privoxy/distinfo index 4aedb25c242..ffea5af4322 100644 --- a/www/privoxy/distinfo +++ b/www/privoxy/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.8 2008/06/13 13:45:46 drochner Exp $ +$NetBSD: distinfo,v 1.9 2009/02/04 21:20:39 drochner Exp $ SHA1 (privoxy-3.0.8-stable-src.tar.gz) = 7fe2b7afde4066ef1f170f5f11850cf9da428a42 RMD160 (privoxy-3.0.8-stable-src.tar.gz) = 604dd61a22dc74d06d4adaa4b3c87e4d5da5149b @@ -7,3 +7,4 @@ SHA1 (patch-aa) = c263d2a4b9522a33613f82ab2bc18d5c2b554b21 SHA1 (patch-ac) = e39ffe694462b952c5ad66ac577a0acbee0a1d9f SHA1 (patch-ad) = d5d6fe935ff98a45ebbd209a5c7126cb5e42ae1a SHA1 (patch-ae) = 5cd064cd6b35196d32272bbbdc181a1e48d9be8f +SHA1 (patch-af) = 8d572ece2f2d5cedcc7694ddda0b79e4453671ff diff --git a/www/privoxy/files/privoxy.sh b/www/privoxy/files/privoxy.sh index 997b694d234..28a84515776 100755 --- a/www/privoxy/files/privoxy.sh +++ b/www/privoxy/files/privoxy.sh @@ -1,6 +1,6 @@ #!@RCD_SCRIPTS_SHELL@ # -# $NetBSD: privoxy.sh,v 1.4 2009/02/02 20:00:40 jnemeth Exp $ +# $NetBSD: privoxy.sh,v 1.5 2009/02/04 21:20:39 drochner Exp $ # # PROVIDE: privoxy @@ -14,9 +14,8 @@ command="/usr/pkg/sbin/${name}" pidfile="/var/run/${name}.pid" pconfig="@PKG_SYSCONFDIR@/config" puser="@PRIVOXY_USER@" -pgroup="@PRIVOXY_GROUP@" required_files="$pconfig" -command_args="--pidfile ${pidfile} --user ${puser}.${pgroup} ${pconfig} 2>/dev/null" +command_args="--pidfile ${pidfile} --user ${puser} ${pconfig} 2>/dev/null" load_rc_config $name run_rc_command "$1" diff --git a/www/privoxy/patches/patch-af b/www/privoxy/patches/patch-af new file mode 100644 index 00000000000..88c7fa30a83 --- /dev/null +++ b/www/privoxy/patches/patch-af @@ -0,0 +1,15 @@ +$NetBSD: patch-af,v 1.1 2009/02/04 21:20:39 drochner Exp $ + +--- ./jcc.c.orig 2007-12-16 19:32:46.000000000 +0100 ++++ ./jcc.c +@@ -3299,6 +3299,10 @@ int main(int argc, const char *argv[]) + { + log_error(LOG_LEVEL_FATAL, "Cannot setgid(): Insufficient permissions."); + } ++ if (grp) ++ setgroups(1, &grp->gr_gid); ++ else ++ initgroups(pw->pw_name, pw->pw_gid); + if (do_chroot) + { + if (!pw->pw_dir) |