diff options
| author | atatat <atatat@pkgsrc.org> | 2003-02-12 00:55:48 +0000 |
|---|---|---|
| committer | atatat <atatat@pkgsrc.org> | 2003-02-12 00:55:48 +0000 |
| commit | b96cfb43f8951aa0e030fa17ce12ecb97ccc4dd6 (patch) | |
| tree | 1d2e1d58caa2de4c5f031250e5725e94fcb3624d /www/mozilla | |
| parent | 7f9c8b1d4d045d2134ab178174845479f8b47a36 (diff) | |
| download | pkgsrc-b96cfb43f8951aa0e030fa17ce12ecb97ccc4dd6.tar.gz | |
Re-open stdin on /dev/null before executing netstat. netstat is a
setgid program that should not be executed with stdin closed,
regardless of whether the kernel will cover up for you or not.
Diffstat (limited to 'www/mozilla')
| -rw-r--r-- | www/mozilla/Makefile | 4 | ||||
| -rw-r--r-- | www/mozilla/distinfo | 3 | ||||
| -rw-r--r-- | www/mozilla/patches/patch-af | 29 |
3 files changed, 33 insertions, 3 deletions
diff --git a/www/mozilla/Makefile b/www/mozilla/Makefile index 7da8ff0b3b0..e09022b05c0 100644 --- a/www/mozilla/Makefile +++ b/www/mozilla/Makefile @@ -1,10 +1,10 @@ -# $NetBSD: Makefile,v 1.113 2003/02/02 08:08:04 taya Exp $ +# $NetBSD: Makefile,v 1.114 2003/02/12 00:55:48 atatat Exp $ MOZILLA= mozilla MOZILLA_BIN= mozilla-bin MOZ_VER= 1.2.1 EXTRACT_SUFX= .tar.bz2 -PKGREVISION= 5 +PKGREVISION= 6 COMMENT= Open-source version of the Netscape browser diff --git a/www/mozilla/distinfo b/www/mozilla/distinfo index 8834686c23c..3ffa83dac33 100644 --- a/www/mozilla/distinfo +++ b/www/mozilla/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.36 2003/02/02 08:08:04 taya Exp $ +$NetBSD: distinfo,v 1.37 2003/02/12 00:55:48 atatat Exp $ SHA1 (mozilla-source-1.2.1.tar.bz2) = 3af707a14eb11e3f615ad7d2225cc7205faa4d36 Size (mozilla-source-1.2.1.tar.bz2) = 30919648 bytes @@ -7,6 +7,7 @@ SHA1 (patch-ab) = d40ba83bad039487492690b26d28715da7dd856e SHA1 (patch-ac) = 91d1534e3aa3bbcd3d5e1e10c3d0577fe6ca8282 SHA1 (patch-ad) = 7287d7cc4396062e1620990d2167a9ec7db1de1b SHA1 (patch-ae) = bb358c813459a65955ce1a47af27f122ab1ba65f +SHA1 (patch-af) = ea5c856a9f047ca68ba103f67e406ff53e3d7620 SHA1 (patch-am) = 5f8d3fcd9a03171328791763d254f5f963d198d3 SHA1 (patch-aw) = 6d3b745337ad1a4c33c6eb557947449bc87f0822 SHA1 (patch-ba) = dec6b0da64fda9c6593eef066acbebbd50a96d23 diff --git a/www/mozilla/patches/patch-af b/www/mozilla/patches/patch-af new file mode 100644 index 00000000000..e9f6c82c313 --- /dev/null +++ b/www/mozilla/patches/patch-af @@ -0,0 +1,29 @@ +$NetBSD: patch-af,v 1.14 2003/02/12 00:55:49 atatat Exp $ + +Re-open stdin on /dev/null before executing netstat. netstat is a +setgid program that should not be executed with stdin closed, +regardless of whether the kernel will cover up for you or not. + +--- security/nss/lib/freebl/unix_rand.c.orig Tue Apr 9 23:27:23 2002 ++++ security/nss/lib/freebl/unix_rand.c Wed Jun 12 09:20:47 2002 +@@ -32,6 +32,7 @@ + */ + + #include <stdio.h> ++#include <fcntl.h> + #include <string.h> + #include <signal.h> + #include <unistd.h> +@@ -678,7 +679,11 @@ + /* dup write-side of pipe to stderr and stdout */ + if (p[1] != 1) dup2(p[1], 1); + if (p[1] != 2) dup2(p[1], 2); +- close(0); ++ fd = open("/dev/null", O_RDONLY); ++ if (fd != 0) { ++ dup2(fd, 0); ++ close(fd); ++ } + for (fd = getdtablesize(); --fd > 2; close(fd)) + ; + |