summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--sysutils/cdrtools/Makefile3
-rw-r--r--sysutils/cdrtools/distinfo3
-rw-r--r--sysutils/cdrtools/patches/patch-cdda2wav-setuid.c50
3 files changed, 54 insertions, 2 deletions
diff --git a/sysutils/cdrtools/Makefile b/sysutils/cdrtools/Makefile
index d73250ebb49..98e75a72c19 100644
--- a/sysutils/cdrtools/Makefile
+++ b/sysutils/cdrtools/Makefile
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.113 2015/09/03 14:43:34 wiz Exp $
+# $NetBSD: Makefile,v 1.114 2015/09/29 08:45:29 wiz Exp $
DISTNAME= cdrtools-3.01
PKGNAME= ${DISTNAME:S/a/alpha/:S/-pre/pre/}
+PKGREVISION= 1
CATEGORIES= sysutils
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=cdrtools/}
EXTRACT_SUFX= .tar.bz2
diff --git a/sysutils/cdrtools/distinfo b/sysutils/cdrtools/distinfo
index 371ef14878f..d6b32eeeb44 100644
--- a/sysutils/cdrtools/distinfo
+++ b/sysutils/cdrtools/distinfo
@@ -1,5 +1,6 @@
-$NetBSD: distinfo,v 1.87 2015/09/03 14:43:34 wiz Exp $
+$NetBSD: distinfo,v 1.88 2015/09/29 08:45:29 wiz Exp $
SHA1 (cdrtools-3.01.tar.bz2) = 62766aa9bfeec91b3c78da7c59b5c96bfbec84d9
RMD160 (cdrtools-3.01.tar.bz2) = 3696b1bc502905cbe7c06e492b42d2ffe2dba982
Size (cdrtools-3.01.tar.bz2) = 2087416 bytes
+SHA1 (patch-cdda2wav-setuid.c) = f1a11b6c55c94701ca6bd4631f3ef7fddc898355
diff --git a/sysutils/cdrtools/patches/patch-cdda2wav-setuid.c b/sysutils/cdrtools/patches/patch-cdda2wav-setuid.c
new file mode 100644
index 00000000000..082547cb8b9
--- /dev/null
+++ b/sysutils/cdrtools/patches/patch-cdda2wav-setuid.c
@@ -0,0 +1,50 @@
+$NetBSD: patch-cdda2wav-setuid.c,v 1.1 2015/09/29 08:45:29 wiz Exp $
+
+Joerg Schilling has recently released schilytools-2005-09-16 (1).
+Lines 83 to 84 of AN-2015-09-16 (2) mention an issue affecting
+unpriviledged users running cdda2wav on NetBSD:
+
+cdda2wav: fixed the file setuid.c to work on NetBSD. Thanks to
+Heiko Eißfeldt for reporting.
+
+Hence this "diff -urp cdrtools-3.01/cdda2wav/ schily-2015-09-16/cdda2wav/"
+
+Referencess:
+(1) http://sourceforge.net/projects/schilytools/files/AN-2015-09-16
+(2) http://downloads.sourceforge.net/project/schilytools/schily-2015-09-16.tar.bz2
+
+--- cdda2wav/setuid.c.orig 2011-08-03 21:08:06.000000000 +0000
++++ cdda2wav/setuid.c
+@@ -208,6 +210,9 @@ neverneedroot()
+ errmsgno(EX_BAD, _("Fatal error: initsecurity() not called.\n"));
+ exit(INTERNAL_ERROR);
+ }
++ if (geteuid() != effective_uid) {
++ needroot(1);
++ }
+ if (geteuid() == effective_uid) {
+ #if defined(HAVE_SETUID)
+ if (setuid(real_uid)) {
+@@ -348,6 +353,9 @@ neverneedgroup()
+ errmsgno(EX_BAD, _("Fatal error: initsecurity() not called.\n"));
+ exit(INTERNAL_ERROR);
+ }
++ if (getegid() != effective_gid) {
++ needgroup(1);
++ }
+ if (getegid() == effective_gid) {
+ #if defined(HAVE_SETGID)
+ if (setgid(real_gid)) {
+@@ -370,6 +378,12 @@ neverneedgroup()
+ if (getegid() != real_gid || getgid() != real_gid) {
+ errmsgno(EX_BAD,
+ _("Fatal error: did not drop group privilege.\n"));
++#ifdef DEBUG
++ fprintf(stderr,
++ "in to neverneedgroup (_egid_=%d, gid=%d), current=%d/%d, pid=%d\n",
++ effective_gid, real_gid,
++ getegid(), getgid(), getpid());
++#endif
+ exit(PERM_ERROR);
+ }
+ effective_gid = real_gid;