summaryrefslogtreecommitdiff
path: root/misc
diff options
context:
space:
mode:
authortonnerre <tonnerre@pkgsrc.org>2008-07-25 03:38:01 +0000
committertonnerre <tonnerre@pkgsrc.org>2008-07-25 03:38:01 +0000
commitb666be8e08f0755c3f72157f4813db3a1cc7b84a (patch)
treec257c4f829e868b9fb43353e206a7c24b7170587 /misc
parent5b78c1c1784092079f52e82d2d2cff00878742d6 (diff)
downloadpkgsrc-b666be8e08f0755c3f72157f4813db3a1cc7b84a.tar.gz
Update splitvt to 1.6.6 and add patches for the "forgotten setgid()"
privilege escalation vulnerability (CVE-2008-0162). Also verify the return values of setuid()/setgid().
Diffstat (limited to 'misc')
-rw-r--r--misc/splitvt/Makefile5
-rw-r--r--misc/splitvt/distinfo11
-rw-r--r--misc/splitvt/patches/patch-ab16
-rw-r--r--misc/splitvt/patches/patch-ad42
4 files changed, 58 insertions, 16 deletions
diff --git a/misc/splitvt/Makefile b/misc/splitvt/Makefile
index 47871664723..ea5e809c5ce 100644
--- a/misc/splitvt/Makefile
+++ b/misc/splitvt/Makefile
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.19 2008/03/04 19:21:12 jlam Exp $
+# $NetBSD: Makefile,v 1.20 2008/07/25 03:38:01 tonnerre Exp $
-DISTNAME= splitvt-1.6.3
+DISTNAME= splitvt-1.6.6
CATEGORIES= misc
MASTER_SITES= ${MASTER_SITE_SUNSITE:=utils/console/}
@@ -10,7 +10,6 @@ COMMENT= Run two shells in a split window/terminal
PKG_DESTDIR_SUPPORT= user-destdir
BUILD_TARGET=
-CONFIGURE_SCRIPT= ./Configure
HAS_CONFIGURE= yes
INSTALLATION_DIRS= bin ${PKGMANDIR}/man1
diff --git a/misc/splitvt/distinfo b/misc/splitvt/distinfo
index 24404a9ef0a..5e8f6af0ac3 100644
--- a/misc/splitvt/distinfo
+++ b/misc/splitvt/distinfo
@@ -1,8 +1,9 @@
-$NetBSD: distinfo,v 1.4 2005/11/10 18:25:42 joerg Exp $
+$NetBSD: distinfo,v 1.5 2008/07/25 03:38:01 tonnerre Exp $
-SHA1 (splitvt-1.6.3.tar.gz) = 0a2ca870a770b663b50b92881e31eb3492107cec
-RMD160 (splitvt-1.6.3.tar.gz) = 57606675f2e482fc594b9548f0b3949c222dfd0a
-Size (splitvt-1.6.3.tar.gz) = 57692 bytes
+SHA1 (splitvt-1.6.6.tar.gz) = 8073f4998ae0d772deecc583b61ea7cb92f7186b
+RMD160 (splitvt-1.6.6.tar.gz) = 014a9990ef41414b8488e10c24354bfc9588c4f8
+Size (splitvt-1.6.6.tar.gz) = 64797 bytes
SHA1 (patch-aa) = ee16f9bb4b04d65c41ff71a6bc961bf3838e3648
-SHA1 (patch-ab) = b62558586fb2cf5a71273369b938612933606310
+SHA1 (patch-ab) = 047b5fceb89fa952780c0d62a20291399e6370f8
SHA1 (patch-ac) = b98a3c94d27799a4b9d94ccfef0d2de343becdf1
+SHA1 (patch-ad) = ee36e355d76630d734a84ebca0b0531a8cef6b96
diff --git a/misc/splitvt/patches/patch-ab b/misc/splitvt/patches/patch-ab
index 7ab12f69d44..6015ff8172c 100644
--- a/misc/splitvt/patches/patch-ab
+++ b/misc/splitvt/patches/patch-ab
@@ -1,17 +1,17 @@
-$NetBSD: patch-ab,v 1.1 2005/11/10 18:25:42 joerg Exp $
+$NetBSD: patch-ab,v 1.2 2008/07/25 03:38:01 tonnerre Exp $
---- vtmouse.c.orig 2005-11-10 18:18:59.000000000 +0000
+--- vtmouse.c.orig 2007-04-01 19:58:22.000000000 +0200
+++ vtmouse.c
-@@ -81,7 +81,7 @@ int main(int argc, char *argv[])
+@@ -83,7 +83,7 @@ int main(int argc, char *argv[])
#endif
/* I/O streams default to stdin and stdout. */
--FILE *xt_input=stdin, *xt_output=stdout;
-+FILE *xt_input = NULL, *xt_output = NULL;
+-static FILE *xt_input, *xt_output;
++static FILE *xt_input = NULL, *xt_output = NULL;
static int have_xterm=0;
static int set_title=0;
static char *old_title=NULL;
-@@ -118,6 +118,9 @@ static char *get_xtitle()
+@@ -120,6 +120,9 @@ static char *get_xtitle()
static void set_xtitle(titlebar)
char *titlebar;
{
@@ -21,7 +21,7 @@ $NetBSD: patch-ab,v 1.1 2005/11/10 18:25:42 joerg Exp $
fprintf(xt_output, "\033]0;%s\07", titlebar);
fflush(xt_output);
}
-@@ -166,6 +169,11 @@ struct event *X_event;
+@@ -168,6 +171,11 @@ struct event *X_event;
window *thiswin;
#endif
@@ -33,7 +33,7 @@ $NetBSD: patch-ab,v 1.1 2005/11/10 18:25:42 joerg Exp $
X_event->happening=0;
if ( have_xterm ) {
-@@ -277,6 +285,9 @@ struct event *X_event;
+@@ -279,6 +287,9 @@ struct event *X_event;
void event_quit()
{
diff --git a/misc/splitvt/patches/patch-ad b/misc/splitvt/patches/patch-ad
new file mode 100644
index 00000000000..79ea2512efd
--- /dev/null
+++ b/misc/splitvt/patches/patch-ad
@@ -0,0 +1,42 @@
+$NetBSD: patch-ad,v 1.1 2008/07/25 03:38:01 tonnerre Exp $
+
+--- misc.c.orig 2007-04-01 19:56:30.000000000 +0200
++++ misc.c
+@@ -108,8 +108,17 @@ int win; /* 0 for upper, 1 for lower */
+ /* "touch" the tty so 'w' reports proper idle times */
+ (void) utime(get_ttyname(), NULL);
+
++ /* Set our gid to our real gid if necessary */
++ if (setgid(getgid()) != 0) {
++ perror("setgid");
++ exit(EXIT_FAILURE);
++ }
++
+ /* Set our uid to our real uid if necessary */
+- (void) setuid(getuid());
++ if (setuid(getuid()) != 0) {
++ perror("setgid");
++ exit(EXIT_FAILURE);
++ }
+
+ /* Run the requested program, with possible leading dash. */
+ execvp(((*argv[0] == '-') ? argv[0]+1 : argv[0]), argv);
+@@ -876,8 +885,17 @@ char *type;
+ }
+ close(pipe_fds[0]); close(pipe_fds[1]);
+
++ /* Set our gid to our real gid if necessary */
++ if (setgid(getgid()) != 0) {
++ perror("setgid");
++ exit(EXIT_FAILURE);
++ }
++
+ /* Set our uid to our real uid if necessary */
+- (void) setuid(getuid());
++ if (setuid(getuid()) != 0) {
++ perror("setuid");
++ exit(EXIT_FAILURE);
++ }
+
+ /* Run the requested program */
+ argv[0]="/bin/sh";