give up supplementary group memberships on uid/gid switch, fixes

unexpected privileges reported in PR pkg/40532 by Cem Kayali, the issue is being discussed with upstream, thanks to Cem for detailed reports, also back out explicit passing of PRIVOXY_GROUP to the program -- while it does not hurt it is redundant because PRIVOXY_GROUP is already the primary group of PRIVOXY_USER
author: drochner <drochner> 2009-02-04 21:20:39 +0000
committer: drochner <drochner> 2009-02-04 21:20:39 +0000
commit: 772f60945885fc919a26dacbfa5b5b9070c7924c (patch)
tree: 3ee79e717908c65966c034b0a72681074948b06a /www
parent: 9a271e287e860d1bb9af8ed9eb46ee8872b44a4f (diff)
download: pkgsrc-772f60945885fc919a26dacbfa5b5b9070c7924c.tar.gz
4 files changed, 21 insertions, 7 deletions
diff --git a/www/privoxy/Makefile b/www/privoxy/Makefile
index a115cc285dc..59c745a931e 100644
--- a/www/privoxy/Makefile
+++ b/www/privoxy/Makefile
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.35 2009/02/02 20:00:40 jnemeth Exp $
+# $NetBSD: Makefile,v 1.36 2009/02/04 21:20:39 drochner Exp $
 #
 
 DISTNAME=	${PKGNAME_NOREV}-stable-src
 PKGNAME=	privoxy-3.0.8
-PKGREVISION=	1
+PKGREVISION=	2
 CATEGORIES=	www
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE:=ijbswa/}
 
@@ -55,7 +55,6 @@ CONF_FILES_PERMS+=	${EGDIR}/${i} ${PKG_SYSCONFDIR}/${i} ${USER_GROUP} 0660
 OWN_DIRS_PERMS+=	/var/log/privoxy ${USER_GROUP} 0775
 
 FILES_SUBST+=		PRIVOXY_USER=${PRIVOXY_USER:Q}
-FILES_SUBST+=		PRIVOXY_USER=${PRIVOXY_GROUP:Q}
 
 SUBST_CLASSES+=		paths
 SUBST_FILES.paths=	config
diff --git a/www/privoxy/distinfo b/www/privoxy/distinfo
index 4aedb25c242..ffea5af4322 100644
--- a/www/privoxy/distinfo
+++ b/www/privoxy/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.8 2008/06/13 13:45:46 drochner Exp $
+$NetBSD: distinfo,v 1.9 2009/02/04 21:20:39 drochner Exp $
 
 SHA1 (privoxy-3.0.8-stable-src.tar.gz) = 7fe2b7afde4066ef1f170f5f11850cf9da428a42
 RMD160 (privoxy-3.0.8-stable-src.tar.gz) = 604dd61a22dc74d06d4adaa4b3c87e4d5da5149b
@@ -7,3 +7,4 @@ SHA1 (patch-aa) = c263d2a4b9522a33613f82ab2bc18d5c2b554b21
 SHA1 (patch-ac) = e39ffe694462b952c5ad66ac577a0acbee0a1d9f
 SHA1 (patch-ad) = d5d6fe935ff98a45ebbd209a5c7126cb5e42ae1a
 SHA1 (patch-ae) = 5cd064cd6b35196d32272bbbdc181a1e48d9be8f
+SHA1 (patch-af) = 8d572ece2f2d5cedcc7694ddda0b79e4453671ff
diff --git a/www/privoxy/files/privoxy.sh b/www/privoxy/files/privoxy.sh
index 997b694d234..28a84515776 100755
--- a/www/privoxy/files/privoxy.sh
+++ b/www/privoxy/files/privoxy.sh
@@ -1,6 +1,6 @@
 #!@RCD_SCRIPTS_SHELL@
 #
-# $NetBSD: privoxy.sh,v 1.4 2009/02/02 20:00:40 jnemeth Exp $
+# $NetBSD: privoxy.sh,v 1.5 2009/02/04 21:20:39 drochner Exp $
 #
 
 # PROVIDE: privoxy
@@ -14,9 +14,8 @@ command="/usr/pkg/sbin/${name}"
 pidfile="/var/run/${name}.pid"
 pconfig="@PKG_SYSCONFDIR@/config"
 puser="@PRIVOXY_USER@"
-pgroup="@PRIVOXY_GROUP@"
 required_files="$pconfig"
-command_args="--pidfile ${pidfile} --user ${puser}.${pgroup} ${pconfig} 2>/dev/null"
+command_args="--pidfile ${pidfile} --user ${puser} ${pconfig} 2>/dev/null"
 
 load_rc_config $name
 run_rc_command "$1"
diff --git a/www/privoxy/patches/patch-af b/www/privoxy/patches/patch-af
new file mode 100644
index 00000000000..88c7fa30a83
--- /dev/null
+++ b/www/privoxy/patches/patch-af
@@ -0,0 +1,15 @@
+$NetBSD: patch-af,v 1.1 2009/02/04 21:20:39 drochner Exp $
+
+--- ./jcc.c.orig	2007-12-16 19:32:46.000000000 +0100
++++ ./jcc.c
+@@ -3299,6 +3299,10 @@ int main(int argc, const char *argv[])
+       {
+          log_error(LOG_LEVEL_FATAL, "Cannot setgid(): Insufficient permissions.");
+       }
++      if (grp)
++	setgroups(1, &grp->gr_gid);
++      else
++      	initgroups(pw->pw_name, pw->pw_gid);
+       if (do_chroot)
+       {
+          if (!pw->pw_dir)
author	drochner <drochner>	2009-02-04 21:20:39 +0000
committer	drochner <drochner>	2009-02-04 21:20:39 +0000
commit	772f60945885fc919a26dacbfa5b5b9070c7924c (patch)
tree	3ee79e717908c65966c034b0a72681074948b06a /www
parent	9a271e287e860d1bb9af8ed9eb46ee8872b44a4f (diff)
download	pkgsrc-772f60945885fc919a26dacbfa5b5b9070c7924c.tar.gz