From 95011dddad795e3115066b5e1be269e5daa7d38a Mon Sep 17 00:00:00 2001 From: rtr Date: Sat, 28 Feb 2009 12:47:22 +0000 Subject: pullup ticket #2711 - requested by drochner privoxy: update for security fix revisions pulled up: pkgsrc/www/privoxy/Makefile 1.35,1.36 pkgsrc/www/privoxy/files/privoxy.sh 1.4,1.5 pkgsrc/www/privoxy/distinfo 1.9 pkgsrc/www/privoxy/patches/patch-af 1.1 Module Name: pkgsrc Committed By: jnemeth Date: Mon Feb 2 20:00:41 UTC 2009 Modified Files: pkgsrc/www/privoxy: Makefile pkgsrc/www/privoxy/files: privoxy.sh Log Message: PR/40532 - Cem Kayali -- group permissions too broad Just fixing security issue, will leave pkg update for MAINTAINER for now. ------------------------------------------------------------------------ Module Name: pkgsrc Committed By: drochner Date: Wed Feb 4 21:20:39 UTC 2009 Modified Files: pkgsrc/www/privoxy: Makefile distinfo pkgsrc/www/privoxy/files: privoxy.sh Added Files: pkgsrc/www/privoxy/patches: patch-af Log Message: give up supplementary group memberships on uid/gid switch, fixes unexpected privileges reported in PR pkg/40532 by Cem Kayali, the issue is being discussed with upstream, thanks to Cem for detailed reports, also back out explicit passing of PRIVOXY_GROUP to the program -- while it does not hurt it is redundant because PRIVOXY_GROUP is already the primary group of PRIVOXY_USER --- www/privoxy/Makefile | 3 ++- www/privoxy/distinfo | 3 ++- www/privoxy/patches/patch-af | 15 +++++++++++++++ 3 files changed, 19 insertions(+), 2 deletions(-) create mode 100644 www/privoxy/patches/patch-af diff --git a/www/privoxy/Makefile b/www/privoxy/Makefile index 39087012494..abf0903c004 100644 --- a/www/privoxy/Makefile +++ b/www/privoxy/Makefile @@ -1,8 +1,9 @@ -# $NetBSD: Makefile,v 1.34 2008/03/12 21:35:03 drochner Exp $ +# $NetBSD: Makefile,v 1.34.12.1 2009/02/28 12:47:22 rtr Exp $ # DISTNAME= ${PKGNAME_NOREV}-stable-src PKGNAME= privoxy-3.0.8 +PKGREVISION= 2 CATEGORIES= www MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=ijbswa/} diff --git a/www/privoxy/distinfo b/www/privoxy/distinfo index 4aedb25c242..90775fbf146 100644 --- a/www/privoxy/distinfo +++ b/www/privoxy/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.8 2008/06/13 13:45:46 drochner Exp $ +$NetBSD: distinfo,v 1.8.10.1 2009/02/28 12:47:22 rtr Exp $ SHA1 (privoxy-3.0.8-stable-src.tar.gz) = 7fe2b7afde4066ef1f170f5f11850cf9da428a42 RMD160 (privoxy-3.0.8-stable-src.tar.gz) = 604dd61a22dc74d06d4adaa4b3c87e4d5da5149b @@ -7,3 +7,4 @@ SHA1 (patch-aa) = c263d2a4b9522a33613f82ab2bc18d5c2b554b21 SHA1 (patch-ac) = e39ffe694462b952c5ad66ac577a0acbee0a1d9f SHA1 (patch-ad) = d5d6fe935ff98a45ebbd209a5c7126cb5e42ae1a SHA1 (patch-ae) = 5cd064cd6b35196d32272bbbdc181a1e48d9be8f +SHA1 (patch-af) = 8d572ece2f2d5cedcc7694ddda0b79e4453671ff diff --git a/www/privoxy/patches/patch-af b/www/privoxy/patches/patch-af new file mode 100644 index 00000000000..2aed8f17cd6 --- /dev/null +++ b/www/privoxy/patches/patch-af @@ -0,0 +1,15 @@ +$NetBSD: patch-af,v 1.2.2.2 2009/02/28 12:47:22 rtr Exp $ + +--- ./jcc.c.orig 2007-12-16 19:32:46.000000000 +0100 ++++ ./jcc.c +@@ -3299,6 +3299,10 @@ int main(int argc, const char *argv[]) + { + log_error(LOG_LEVEL_FATAL, "Cannot setgid(): Insufficient permissions."); + } ++ if (grp) ++ setgroups(1, &grp->gr_gid); ++ else ++ initgroups(pw->pw_name, pw->pw_gid); + if (do_chroot) + { + if (!pw->pw_dir) -- cgit v1.2.3