diff options
author | tonnerre <tonnerre@pkgsrc.org> | 2008-07-25 03:38:01 +0000 |
---|---|---|
committer | tonnerre <tonnerre@pkgsrc.org> | 2008-07-25 03:38:01 +0000 |
commit | b666be8e08f0755c3f72157f4813db3a1cc7b84a (patch) | |
tree | c257c4f829e868b9fb43353e206a7c24b7170587 /misc | |
parent | 5b78c1c1784092079f52e82d2d2cff00878742d6 (diff) | |
download | pkgsrc-b666be8e08f0755c3f72157f4813db3a1cc7b84a.tar.gz |
Update splitvt to 1.6.6 and add patches for the "forgotten setgid()"
privilege escalation vulnerability (CVE-2008-0162). Also verify the
return values of setuid()/setgid().
Diffstat (limited to 'misc')
-rw-r--r-- | misc/splitvt/Makefile | 5 | ||||
-rw-r--r-- | misc/splitvt/distinfo | 11 | ||||
-rw-r--r-- | misc/splitvt/patches/patch-ab | 16 | ||||
-rw-r--r-- | misc/splitvt/patches/patch-ad | 42 |
4 files changed, 58 insertions, 16 deletions
diff --git a/misc/splitvt/Makefile b/misc/splitvt/Makefile index 47871664723..ea5e809c5ce 100644 --- a/misc/splitvt/Makefile +++ b/misc/splitvt/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.19 2008/03/04 19:21:12 jlam Exp $ +# $NetBSD: Makefile,v 1.20 2008/07/25 03:38:01 tonnerre Exp $ -DISTNAME= splitvt-1.6.3 +DISTNAME= splitvt-1.6.6 CATEGORIES= misc MASTER_SITES= ${MASTER_SITE_SUNSITE:=utils/console/} @@ -10,7 +10,6 @@ COMMENT= Run two shells in a split window/terminal PKG_DESTDIR_SUPPORT= user-destdir BUILD_TARGET= -CONFIGURE_SCRIPT= ./Configure HAS_CONFIGURE= yes INSTALLATION_DIRS= bin ${PKGMANDIR}/man1 diff --git a/misc/splitvt/distinfo b/misc/splitvt/distinfo index 24404a9ef0a..5e8f6af0ac3 100644 --- a/misc/splitvt/distinfo +++ b/misc/splitvt/distinfo @@ -1,8 +1,9 @@ -$NetBSD: distinfo,v 1.4 2005/11/10 18:25:42 joerg Exp $ +$NetBSD: distinfo,v 1.5 2008/07/25 03:38:01 tonnerre Exp $ -SHA1 (splitvt-1.6.3.tar.gz) = 0a2ca870a770b663b50b92881e31eb3492107cec -RMD160 (splitvt-1.6.3.tar.gz) = 57606675f2e482fc594b9548f0b3949c222dfd0a -Size (splitvt-1.6.3.tar.gz) = 57692 bytes +SHA1 (splitvt-1.6.6.tar.gz) = 8073f4998ae0d772deecc583b61ea7cb92f7186b +RMD160 (splitvt-1.6.6.tar.gz) = 014a9990ef41414b8488e10c24354bfc9588c4f8 +Size (splitvt-1.6.6.tar.gz) = 64797 bytes SHA1 (patch-aa) = ee16f9bb4b04d65c41ff71a6bc961bf3838e3648 -SHA1 (patch-ab) = b62558586fb2cf5a71273369b938612933606310 +SHA1 (patch-ab) = 047b5fceb89fa952780c0d62a20291399e6370f8 SHA1 (patch-ac) = b98a3c94d27799a4b9d94ccfef0d2de343becdf1 +SHA1 (patch-ad) = ee36e355d76630d734a84ebca0b0531a8cef6b96 diff --git a/misc/splitvt/patches/patch-ab b/misc/splitvt/patches/patch-ab index 7ab12f69d44..6015ff8172c 100644 --- a/misc/splitvt/patches/patch-ab +++ b/misc/splitvt/patches/patch-ab @@ -1,17 +1,17 @@ -$NetBSD: patch-ab,v 1.1 2005/11/10 18:25:42 joerg Exp $ +$NetBSD: patch-ab,v 1.2 2008/07/25 03:38:01 tonnerre Exp $ ---- vtmouse.c.orig 2005-11-10 18:18:59.000000000 +0000 +--- vtmouse.c.orig 2007-04-01 19:58:22.000000000 +0200 +++ vtmouse.c -@@ -81,7 +81,7 @@ int main(int argc, char *argv[]) +@@ -83,7 +83,7 @@ int main(int argc, char *argv[]) #endif /* I/O streams default to stdin and stdout. */ --FILE *xt_input=stdin, *xt_output=stdout; -+FILE *xt_input = NULL, *xt_output = NULL; +-static FILE *xt_input, *xt_output; ++static FILE *xt_input = NULL, *xt_output = NULL; static int have_xterm=0; static int set_title=0; static char *old_title=NULL; -@@ -118,6 +118,9 @@ static char *get_xtitle() +@@ -120,6 +120,9 @@ static char *get_xtitle() static void set_xtitle(titlebar) char *titlebar; { @@ -21,7 +21,7 @@ $NetBSD: patch-ab,v 1.1 2005/11/10 18:25:42 joerg Exp $ fprintf(xt_output, "\033]0;%s\07", titlebar); fflush(xt_output); } -@@ -166,6 +169,11 @@ struct event *X_event; +@@ -168,6 +171,11 @@ struct event *X_event; window *thiswin; #endif @@ -33,7 +33,7 @@ $NetBSD: patch-ab,v 1.1 2005/11/10 18:25:42 joerg Exp $ X_event->happening=0; if ( have_xterm ) { -@@ -277,6 +285,9 @@ struct event *X_event; +@@ -279,6 +287,9 @@ struct event *X_event; void event_quit() { diff --git a/misc/splitvt/patches/patch-ad b/misc/splitvt/patches/patch-ad new file mode 100644 index 00000000000..79ea2512efd --- /dev/null +++ b/misc/splitvt/patches/patch-ad @@ -0,0 +1,42 @@ +$NetBSD: patch-ad,v 1.1 2008/07/25 03:38:01 tonnerre Exp $ + +--- misc.c.orig 2007-04-01 19:56:30.000000000 +0200 ++++ misc.c +@@ -108,8 +108,17 @@ int win; /* 0 for upper, 1 for lower */ + /* "touch" the tty so 'w' reports proper idle times */ + (void) utime(get_ttyname(), NULL); + ++ /* Set our gid to our real gid if necessary */ ++ if (setgid(getgid()) != 0) { ++ perror("setgid"); ++ exit(EXIT_FAILURE); ++ } ++ + /* Set our uid to our real uid if necessary */ +- (void) setuid(getuid()); ++ if (setuid(getuid()) != 0) { ++ perror("setgid"); ++ exit(EXIT_FAILURE); ++ } + + /* Run the requested program, with possible leading dash. */ + execvp(((*argv[0] == '-') ? argv[0]+1 : argv[0]), argv); +@@ -876,8 +885,17 @@ char *type; + } + close(pipe_fds[0]); close(pipe_fds[1]); + ++ /* Set our gid to our real gid if necessary */ ++ if (setgid(getgid()) != 0) { ++ perror("setgid"); ++ exit(EXIT_FAILURE); ++ } ++ + /* Set our uid to our real uid if necessary */ +- (void) setuid(getuid()); ++ if (setuid(getuid()) != 0) { ++ perror("setuid"); ++ exit(EXIT_FAILURE); ++ } + + /* Run the requested program */ + argv[0]="/bin/sh"; |