diff options
-rw-r--r-- | sysutils/cdrtools/Makefile | 3 | ||||
-rw-r--r-- | sysutils/cdrtools/distinfo | 3 | ||||
-rw-r--r-- | sysutils/cdrtools/patches/patch-cdda2wav-setuid.c | 50 |
3 files changed, 54 insertions, 2 deletions
diff --git a/sysutils/cdrtools/Makefile b/sysutils/cdrtools/Makefile index d73250ebb49..98e75a72c19 100644 --- a/sysutils/cdrtools/Makefile +++ b/sysutils/cdrtools/Makefile @@ -1,7 +1,8 @@ -# $NetBSD: Makefile,v 1.113 2015/09/03 14:43:34 wiz Exp $ +# $NetBSD: Makefile,v 1.114 2015/09/29 08:45:29 wiz Exp $ DISTNAME= cdrtools-3.01 PKGNAME= ${DISTNAME:S/a/alpha/:S/-pre/pre/} +PKGREVISION= 1 CATEGORIES= sysutils MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=cdrtools/} EXTRACT_SUFX= .tar.bz2 diff --git a/sysutils/cdrtools/distinfo b/sysutils/cdrtools/distinfo index 371ef14878f..d6b32eeeb44 100644 --- a/sysutils/cdrtools/distinfo +++ b/sysutils/cdrtools/distinfo @@ -1,5 +1,6 @@ -$NetBSD: distinfo,v 1.87 2015/09/03 14:43:34 wiz Exp $ +$NetBSD: distinfo,v 1.88 2015/09/29 08:45:29 wiz Exp $ SHA1 (cdrtools-3.01.tar.bz2) = 62766aa9bfeec91b3c78da7c59b5c96bfbec84d9 RMD160 (cdrtools-3.01.tar.bz2) = 3696b1bc502905cbe7c06e492b42d2ffe2dba982 Size (cdrtools-3.01.tar.bz2) = 2087416 bytes +SHA1 (patch-cdda2wav-setuid.c) = f1a11b6c55c94701ca6bd4631f3ef7fddc898355 diff --git a/sysutils/cdrtools/patches/patch-cdda2wav-setuid.c b/sysutils/cdrtools/patches/patch-cdda2wav-setuid.c new file mode 100644 index 00000000000..082547cb8b9 --- /dev/null +++ b/sysutils/cdrtools/patches/patch-cdda2wav-setuid.c @@ -0,0 +1,50 @@ +$NetBSD: patch-cdda2wav-setuid.c,v 1.1 2015/09/29 08:45:29 wiz Exp $ + +Joerg Schilling has recently released schilytools-2005-09-16 (1). +Lines 83 to 84 of AN-2015-09-16 (2) mention an issue affecting +unpriviledged users running cdda2wav on NetBSD: + +cdda2wav: fixed the file setuid.c to work on NetBSD. Thanks to +Heiko Eißfeldt for reporting. + +Hence this "diff -urp cdrtools-3.01/cdda2wav/ schily-2015-09-16/cdda2wav/" + +Referencess: +(1) http://sourceforge.net/projects/schilytools/files/AN-2015-09-16 +(2) http://downloads.sourceforge.net/project/schilytools/schily-2015-09-16.tar.bz2 + +--- cdda2wav/setuid.c.orig 2011-08-03 21:08:06.000000000 +0000 ++++ cdda2wav/setuid.c +@@ -208,6 +210,9 @@ neverneedroot() + errmsgno(EX_BAD, _("Fatal error: initsecurity() not called.\n")); + exit(INTERNAL_ERROR); + } ++ if (geteuid() != effective_uid) { ++ needroot(1); ++ } + if (geteuid() == effective_uid) { + #if defined(HAVE_SETUID) + if (setuid(real_uid)) { +@@ -348,6 +353,9 @@ neverneedgroup() + errmsgno(EX_BAD, _("Fatal error: initsecurity() not called.\n")); + exit(INTERNAL_ERROR); + } ++ if (getegid() != effective_gid) { ++ needgroup(1); ++ } + if (getegid() == effective_gid) { + #if defined(HAVE_SETGID) + if (setgid(real_gid)) { +@@ -370,6 +378,12 @@ neverneedgroup() + if (getegid() != real_gid || getgid() != real_gid) { + errmsgno(EX_BAD, + _("Fatal error: did not drop group privilege.\n")); ++#ifdef DEBUG ++ fprintf(stderr, ++ "in to neverneedgroup (_egid_=%d, gid=%d), current=%d/%d, pid=%d\n", ++ effective_gid, real_gid, ++ getegid(), getgid(), getpid()); ++#endif + exit(PERM_ERROR); + } + effective_gid = real_gid; |