Pull in security fixes for kdesu from KDE-2.1.2.

Bump version of kdelibs to 2.1nb1 and update dependencies to the new
version.

7 files changed, 182 insertions, 6 deletions

diff --git a/x11/kdebase2/Makefile b/x11/kdebase2/Makefile
index 3f6b91223e1..ded9bf6cf92 100644
--- a/x11/kdebase2/Makefile
+++ b/x11/kdebase2/Makefile
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.11 2001/04/01 09:22:19 skrll Exp $
+# $NetBSD: Makefile,v 1.12 2001/05/01 09:46:36 skrll Exp $
 
 DISTNAME=	kdebase-2.1
 CATEGORIES=	x11 kde
@@ -9,7 +9,7 @@ DISTFILES=	${DISTNAME}${EXTRACT_SUFX} Daemon.png Daemon.README
 
 BUILD_DEPENDS+=	automake-1.4:../../devel/automake
 BUILD_DEPENDS+=	qt2-designer>=2.2.4:../../x11/qt2-designer
-DEPENDS+=	kdelibs-2.1:../../x11/kdelibs2
+DEPENDS+=	kdelibs-2.1nb1:../../x11/kdelibs2
 
 USE_XPM=	yes
 USE_MOTIF=	yes
diff --git a/x11/kdelibs2/Makefile b/x11/kdelibs2/Makefile
index d9f2d4d4a72..869809517d8 100644
--- a/x11/kdelibs2/Makefile
+++ b/x11/kdelibs2/Makefile
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.2 2001/03/28 14:04:13 skrll Exp $
+# $NetBSD: Makefile,v 1.3 2001/05/01 09:46:37 skrll Exp $
 #
 
 DISTNAME=	kdelibs-2.1
+PKGNAME=	${DISTNAME}nb1
 CATEGORIES=	x11 kde
 .include "../../x11/kde2/Makefile.part1"
 COMMENT=	Support libraries for the KDE integrated X11 desktop
diff --git a/x11/kdelibs2/distinfo b/x11/kdelibs2/distinfo
index acb3827f643..01883615628 100644
--- a/x11/kdelibs2/distinfo
+++ b/x11/kdelibs2/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.1 2001/04/17 12:15:12 agc Exp $
+$NetBSD: distinfo,v 1.2 2001/05/01 09:46:37 skrll Exp $
 
 SHA1 (kdelibs-2.1.tar.bz2) = 5941037de8b47fb2d992ae780c28a8583f07d83c
 SHA1 (patch-aa) = de413d73ae7a4359e49a4f29f4242017f098a6ea
@@ -20,3 +20,6 @@ SHA1 (patch-ap) = 7267b685938e89d571fa80d34049c6f4b0bbd229
 SHA1 (patch-aq) = 4791d42453dfc847c09471b1e392e442a82a8fcd
 SHA1 (patch-ar) = 58a2bd19dfa34fdebefbf0603a1172278403e750
 SHA1 (patch-as) = f7f25bd3510b340195b689e4843e1358f324466a
+SHA1 (patch-at) = 13a753d748f8b13835d9da0c5ec19f94e0a22671
+SHA1 (patch-au) = 74d8ea01753a0f196b440d97693a83e663ec27b4
+SHA1 (patch-av) = 3c40a869827ee4c9a518ce8899f73c6dc7bb2c8f
diff --git a/x11/kdelibs2/patches/patch-at b/x11/kdelibs2/patches/patch-at
new file mode 100644
index 00000000000..dff0debf47b
--- /dev/null
+++ b/x11/kdelibs2/patches/patch-at
@@ -0,0 +1,23 @@
+$NetBSD: patch-at,v 1.1 2001/05/01 09:46:37 skrll Exp $
+
+--- kdesu/kdesu_pty.cpp.orig	Sun Feb 18 15:26:55 2001
++++ kdesu/kdesu_pty.cpp
+@@ -16,15 +16,15 @@
+  */
+ 
+ 
+-#include <config.h>
+-
+ #ifndef _GNU_SOURCE
+ #define _GNU_SOURCE   /* Needed for getpt, ptsname in glibc 2.1.x systems */
+ #endif
+ 
+-#ifndef _XOPEN_SOURCE
++#if !defined(_XOPEN_SOURCE) && !defined(__osf__)
+ #define _XOPEN_SOURCE /* Needed for grantpt, unlockpt in glibc 2.1.x      */
+ #endif
++
++#include <config.h>
+ 
+ #include <stdio.h>
+ #include <fcntl.h>
diff --git a/x11/kdelibs2/patches/patch-au b/x11/kdelibs2/patches/patch-au
new file mode 100644
index 00000000000..19171c95e00
--- /dev/null
+++ b/x11/kdelibs2/patches/patch-au
@@ -0,0 +1,126 @@
+$NetBSD: patch-au,v 1.1 2001/05/01 09:46:37 skrll Exp $
+
+--- kdesu/kdesu_stub.c.orig	Sun Feb 18 15:26:55 2001
++++ kdesu/kdesu_stub.c
+@@ -173,6 +173,7 @@
+     return list;
+ }
+ 
++#define BUFSIZE	8192
+ 
+ /**
+  * The main program
+@@ -180,9 +181,9 @@
+ 
+ int main()
+ {
+-    char buf[1024];
+-    char command[200], xauthority[200], iceauthority[200];
+-    char **host, **auth, *fname;
++    char buf[BUFSIZE+1];
++    char xauthority[200], iceauthority[200];
++    char **host, **auth;
+     int i/*, res, sycoca*/, prio;
+     pid_t pid;
+     FILE *fout;
+@@ -194,7 +195,7 @@
+     {
+ 	printf("%s\n", params[i].name);
+ 	fflush(stdout);
+-	if (fgets(buf, 500, stdin) == 0L) 
++	if (fgets(buf, BUFSIZE, stdin) == 0L) 
+ 	{
+ 	    printf("end\n"); fflush(stdout);
+ 	    perror("kdesu_stub: fgets()");
+@@ -276,22 +277,34 @@
+ 	xsetenv("DISPLAY", params[P_DISPLAY].value);
+ 	if (params[P_DISPLAY_AUTH].value[0]) 
+ 	{
+-	    fname = tmpnam(0L);
+-	    fout = fopen(fname, "w");
+-	    if (!fout) 
+-	    {
+-		perror("kdesu_stub: fopen()");
++           int	fd2;
++           /*
++           ** save umask and set to 077, so we create those files only
++	   ** readable for root. (if someone else could read them, we
++	   ** are in deep shit).
++           */
++	   int oldumask = umask(077);
++
++           strcpy(xauthority, "/tmp/xauth.XXXXXXXXXX");
++	   fd2 = mkstemp(xauthority);
++	   umask(oldumask);
++
++           if (fd2 == -1) {
++                perror("kdesu_stub: mkstemp()");
++                exit(1);
++           } else
++                close(fd2);
++           xsetenv("XAUTHORITY", xauthority);
++
++	   fout = popen("xauth >/dev/null 2>&1","w");
++           if (fout == NULL)
++	   {
++		perror("kdesu_stub: popen(xauth)");
+ 		exit(1);
+-	    }
+-	    fprintf(fout, "add %s %s\n", params[P_DISPLAY].value,
++	   }
++	   fprintf(fout, "add %s %s\n", params[P_DISPLAY].value,
+ 		    params[P_DISPLAY_AUTH].value);
+-	    fclose(fout);
+-	    tmpnam(xauthority);
+-	    xsetenv("XAUTHORITY", xauthority);
+-	    sprintf(command, "xauth source %s >/dev/null 2>&1", fname);
+-	    if (system(command))
+-		printf("kdesu_stub: failed to add X authentication");
+-	    unlink(fname);
++	   pclose(fout);
+ 	}
+     }
+ 
+@@ -305,11 +318,22 @@
+ 	auth = xstrsep(params[P_ICE_AUTH].value);
+ 	if (host[0]) 
+ 	{
+-	    fname = tmpnam(0L);
+-	    fout = fopen(fname, "w");
+-	    if (!fout) 
+-	    {
+-		perror("kdesu_stub: fopen()");
++            int fd;
++	    int	oldumask = umask(077);
++
++            strcpy(iceauthority, "/tmp/iceauth.XXXXXXXXXX");
++            fd = mkstemp(iceauthority);
++	    umask(oldumask);
++            if (fd == -1) {
++                perror("kdesu_stub: mkstemp()");
++                exit(1);
++            } else
++                close(fd);
++	    xsetenv("ICEAUTHORITY", iceauthority);
++
++	    fout = popen("iceauth >/dev/null 2>&1", "w");
++	    if (!fout) {
++		perror("kdesu_stub: popen iceauth");
+ 		exit(1);
+ 	    }
+ 	    for (i=0; host[i]; i++)
+@@ -317,13 +341,7 @@
+ 	    auth = xstrsep(params[P_DCOP_AUTH].value);
+ 	    for (i=0; host[i]; i++)
+ 		fprintf(fout, "add DCOP \"\" %s %s\n", host[i], auth[i]);
+-	    fclose(fout);
+-	    tmpnam(iceauthority);
+-	    xsetenv("ICEAUTHORITY", iceauthority);
+-	    sprintf(command, "iceauth source %s >/dev/null 2>&1", fname);
+-	    if (system(command))
+-		printf("kdesu_stub: failed to add DCOP authentication\n");
+-	    unlink(fname);
++	    pclose(fout);
+ 	}
+     }
+ 
diff --git a/x11/kdelibs2/patches/patch-av b/x11/kdelibs2/patches/patch-av
new file mode 100644
index 00000000000..6b3b572f72f
--- /dev/null
+++ b/x11/kdelibs2/patches/patch-av
@@ -0,0 +1,23 @@
+$NetBSD: patch-av,v 1.1 2001/05/01 09:46:37 skrll Exp $
+
+--- kdesu/client.cpp.orig	Sun Feb 18 15:26:55 2001
++++ kdesu/client.cpp
+@@ -31,6 +31,7 @@
+ 
+ #include <kdebug.h>
+ #include <kstddirs.h>
++#include <kapp.h>
+ 
+ #include "client.h"
+ 
+@@ -385,7 +386,9 @@
+ 
+     // kdesud only forks to the background after it is accepting
+     // connections.
+-    int ret = system(QFile::encodeName(d->daemon));
++    // We start it via kdeinit to make sure that it doesn't inherit
++    // any fd's from the parent process.
++    int ret = kapp->kdeinitExecWait(d->daemon);
+     connect();
+     return ret;
+ }
diff --git a/x11/qt2-designer/Makefile b/x11/qt2-designer/Makefile
index e11869bb305..879ba54b688 100644
--- a/x11/qt2-designer/Makefile
+++ b/x11/qt2-designer/Makefile
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.8 2001/03/28 09:27:50 skrll Exp $
+# $NetBSD: Makefile,v 1.9 2001/05/01 09:46:38 skrll Exp $
 #
 
 .include "../qt2-libs/Makefile.common"
@@ -8,7 +8,7 @@ PKGNAME=		qt2-designer-${QTVERSION}
 COMMENT=		Visual (WYSIWYG) QT GUI builder
 
 DEPENDS+=		qt2-libs-${QTVERSION}:../../x11/qt2-libs
-DEPENDS+=		kdelibs-2.1:../../x11/kdelibs2
+DEPENDS+=		kdelibs-2.1nb1:../../x11/kdelibs2
 
 ALL_TARGET=		sub-tools