From 6fc1051e415aabd2318c4a3104f2eb76df4197e8 Mon Sep 17 00:00:00 2001 From: tron Date: Wed, 18 Sep 2002 10:40:12 +0000 Subject: Add security patch from the FreeBSD ports collection: Drop setgid kmem privs before executing external programs. Reported by: Christer Oberg Bump the package revision to 3. --- net/wmnet/Makefile | 4 ++-- net/wmnet/distinfo | 4 ++-- net/wmnet/patches/patch-ad | 10 +++++++++- 3 files changed, 13 insertions(+), 5 deletions(-) (limited to 'net') diff --git a/net/wmnet/Makefile b/net/wmnet/Makefile index 5f820b73eb6..c810d0666ba 100644 --- a/net/wmnet/Makefile +++ b/net/wmnet/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.6 2001/11/29 01:12:44 hubertf Exp $ +# $NetBSD: Makefile,v 1.7 2002/09/18 10:40:12 tron Exp $ DISTNAME= wmnet-1.06 -PKGREVISION= 2 +PKGREVISION= 3 CATEGORIES= net x11 MASTER_SITES= http://www.digitalkaos.net/linux/wmnet/download/ diff --git a/net/wmnet/distinfo b/net/wmnet/distinfo index 882fd1cf7cc..166f8ad6cef 100644 --- a/net/wmnet/distinfo +++ b/net/wmnet/distinfo @@ -1,10 +1,10 @@ -$NetBSD: distinfo,v 1.4 2002/07/18 12:57:56 seb Exp $ +$NetBSD: distinfo,v 1.5 2002/09/18 10:40:12 tron Exp $ SHA1 (wmnet-1.06.tar.gz) = 978364e0ab45c71730c196334e8fced4ac0a7853 Size (wmnet-1.06.tar.gz) = 27506 bytes SHA1 (patch-aa) = d999f66818c05f2f9a58571abc0e548bb2938a4b SHA1 (patch-ab) = 2c2fbc065a49bc27dd42660dda23393e02269714 SHA1 (patch-ac) = f8793a06cdf4ffd9e852dd802054734a566edb30 -SHA1 (patch-ad) = 7a420d0dcef977549ba35a1046a0e5509a0c3643 +SHA1 (patch-ad) = f66a39da4381feca668bde9bd5768c2e214868f6 SHA1 (patch-ae) = 09d413422b0074c29da7c8a9c271d9ddb2be04fb SHA1 (patch-af) = 70c0917b465acf778b6b744bef587bc8e41e49fb diff --git a/net/wmnet/patches/patch-ad b/net/wmnet/patches/patch-ad index ca99652c2c5..45c5fe2efa0 100644 --- a/net/wmnet/patches/patch-ad +++ b/net/wmnet/patches/patch-ad @@ -1,4 +1,4 @@ -$NetBSD: patch-ad,v 1.3 2002/07/18 12:57:58 seb Exp $ +$NetBSD: patch-ad,v 1.4 2002/09/18 10:40:13 tron Exp $ --- wmnet.c.orig Fri May 5 03:01:14 2000 +++ wmnet.c Mon Jul 8 16:52:30 2002 @@ -181,3 +181,11 @@ $NetBSD: patch-ad,v 1.3 2002/07/18 12:57:58 seb Exp $ XFillRectangle(dpy, *visible_window, graphics_context, 4, 5, 37, 9); } if (rate < .1) { +@@ -732,6 +732,7 @@ + case ButtonPress: + if(event.xbutton.button == Button1 && click_command != NULL) { + if (fork() == 0) { ++ setgid(getgid()); + execl("/bin/sh", "sh", "-c", click_command, NULL); + perror("wmnet: execl()"); + exit(15); -- cgit v1.2.3