Update to priv-1.0-beta2.

Changes from previous version are:

 + Fix a single byte buffer overflow.  Can only be a NUL byte that
   overflows, not believed (at this stage!) to be exploitable in any
   way.
 + Avoid null-pointer dereference if getpwuid(getuid()) fails.

3 files changed, 8 insertions, 25 deletions

diff --git a/security/priv/Makefile b/security/priv/Makefile
index 7a1e71be36b..e670bd1a920 100644
--- a/security/priv/Makefile
+++ b/security/priv/Makefile
@@ -1,10 +1,10 @@
-# $NetBSD: Makefile,v 1.8 2003/07/21 17:20:29 martti Exp $
+# $NetBSD: Makefile,v 1.9 2004/03/04 02:57:00 simonb Exp $
 #
 
-DISTNAME=	priv-1.0-beta
-PKGNAME=	priv-1.0beta
+DISTNAME=	priv-1.0-beta2
+PKGNAME=	priv-1.0beta2
 CATEGORIES=	security
-MASTER_SITES=	${MASTER_SITE_LOCAL}
+MASTER_SITES=	ftp://ftp.thistledown.com.au/pub/simonb/
 
 MAINTAINER=	simonb@NetBSD.org
 COMMENT=	Execute commands as a different user
diff --git a/security/priv/distinfo b/security/priv/distinfo
index 69dcee1fae7..23252e81484 100644
--- a/security/priv/distinfo
+++ b/security/priv/distinfo
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.3 2003/07/26 13:27:05 simonb Exp $
+$NetBSD: distinfo,v 1.4 2004/03/04 02:57:00 simonb Exp $
 
-SHA1 (priv-1.0-beta.tar.gz) = 0df065a2d60408d600ec227bda4cea4145e540ee
-Size (priv-1.0-beta.tar.gz) = 33877 bytes
-SHA1 (patch-aa) = 5a2f15d6ccd0b8d440912cb2e98b8537d2f70b19
+SHA1 (priv-1.0-beta2.tar.gz) = dee75baaf320c5dee112376cca0bb08a635f2806
+Size (priv-1.0-beta2.tar.gz) = 34507 bytes
+SHA1 (patch-aa) = 9d74ab0540fa767fa0dbe5b5672ca0c3f60d27b9
diff --git a/security/priv/patches/patch-aa b/security/priv/patches/patch-aa
deleted file mode 100644
index 4e527c62e8e..00000000000
--- a/security/priv/patches/patch-aa
+++ /dev/null
@@ -1,17 +0,0 @@
-$NetBSD: patch-aa,v 1.1 2003/07/26 13:27:05 simonb Exp $
-
---- priv.c.orig	1997-07-08 16:19:06.000000000 +1000
-+++ priv.c
-@@ -112,6 +112,12 @@ main(int argc, char **argv, char **envp)
- 	}
- 
- 	pw = getpwuid(getuid());
-+	if (pw == NULL) {
-+		syslog(LOG_NOTICE, "%s: can't fetch password entry for uid %d",
-+		    myname, getuid());
-+		errx(EXIT_VAL, "can't fetch password entry for uid %d",
-+		    getuid());
-+	}
- 	myname = xstrdup(pw->pw_name);	/* copy so we can use getpw* later */
- 	strcpy(myfullname, pw->pw_name);
- 	if ((logname = getlogin()) != NULL && strcmp(logname, myname)) {