pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/security/opendoas opendoas: Apply patch for CVE-2019-2...
details: https://anonhg.NetBSD.org/pkgsrc/rev/2b3274c66352
branches: trunk
changeset: 445780:2b3274c66352
user: jperkin <jperkin%pkgsrc.org@localhost>
date: Fri Jan 29 07:53:38 2021 +0000
description:
opendoas: Apply patch for CVE-2019-25016.
Patch from __skn on IRC. Thanks! Bump PKGREVISION.
diffstat:
security/opendoas/Makefile | 3 ++-
security/opendoas/distinfo | 3 ++-
security/opendoas/patches/patch-doas.c | 23 +++++++++++++++++++++++
3 files changed, 27 insertions(+), 2 deletions(-)
diffs (52 lines):
diff -r 2b2724bac36c -r 2b3274c66352 security/opendoas/Makefile
--- a/security/opendoas/Makefile Fri Jan 29 07:37:07 2021 +0000
+++ b/security/opendoas/Makefile Fri Jan 29 07:53:38 2021 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.1 2021/01/01 14:28:56 pin Exp $
+# $NetBSD: Makefile,v 1.2 2021/01/29 07:53:38 jperkin Exp $
DISTNAME= opendoas-6.8
+PKGREVISION= 1
CATEGORIES= security
MASTER_SITES= ${MASTER_SITE_GITHUB:=duncaen/}
GITHUB_TAG= v${PKGVERSION_NOREV}
diff -r 2b2724bac36c -r 2b3274c66352 security/opendoas/distinfo
--- a/security/opendoas/distinfo Fri Jan 29 07:37:07 2021 +0000
+++ b/security/opendoas/distinfo Fri Jan 29 07:53:38 2021 +0000
@@ -1,7 +1,8 @@
-$NetBSD: distinfo,v 1.1 2021/01/01 14:28:56 pin Exp $
+$NetBSD: distinfo,v 1.2 2021/01/29 07:53:38 jperkin Exp $
SHA1 (opendoas-6.8.tar.gz) = 11963ee647b7166972512740bc7f648c8aa1272f
RMD160 (opendoas-6.8.tar.gz) = 56f9c02d81f6ad9925323f1b44d7f7087f1108f0
SHA512 (opendoas-6.8.tar.gz) = 4a57079bba353247e645bc07a5d4e78fd01471d193e83751fd87b72cffa4e152c0f7ea172563f767a7193b14489f57bc066b4fee50842d30b5b7f7ce918434bb
Size (opendoas-6.8.tar.gz) = 32307 bytes
SHA1 (patch-GNUmakefile) = d301c0334ce6ac7992d61681e1852a301557d300
+SHA1 (patch-doas.c) = 3c4e734e3c8f7bf38e2a58ddb1ba4e1eefe99087
diff -r 2b2724bac36c -r 2b3274c66352 security/opendoas/patches/patch-doas.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/security/opendoas/patches/patch-doas.c Fri Jan 29 07:53:38 2021 +0000
@@ -0,0 +1,23 @@
+$NetBSD: patch-doas.c,v 1.1 2021/01/29 07:53:38 jperkin Exp $
+
+Fix for CVE-2019-25016 (Unsafe, incomplete PATH reset).
+
+--- doas.c.orig 2020-11-14 15:44:04.000000000 +0000
++++ doas.c
+@@ -386,6 +386,7 @@ main(int argc, char **argv)
+
+ #ifdef HAVE_LOGIN_CAP_H
+ if (setusercontext(NULL, targpw, target, LOGIN_SETGROUP |
++ LOGIN_SETPATH |
+ LOGIN_SETPRIORITY | LOGIN_SETRESOURCES | LOGIN_SETUMASK |
+ LOGIN_SETUSER) != 0)
+ errx(1, "failed to set user context for target");
+@@ -396,6 +397,8 @@ main(int argc, char **argv)
+ err(1, "initgroups");
+ if (setresuid(target, target, target) != 0)
+ err(1, "setresuid");
++ if (setenv("PATH", safepath, 1) == -1)
++ err(1, "failed to set PATH '%s'", safepath);
+ #endif
+
+ if (getcwd(cwdpath, sizeof(cwdpath)) == NULL)
Home |
Main Index |
Thread Index |
Old Index