[pkgsrc/pkgsrc-2009Q1]: pkgsrc/x11/kdelibs3 Pullup ticket #2800 - requested b...

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/pkgsrc-2009Q1]: pkgsrc/x11/kdelibs3 Pullup ticket #2800 - requested b...
From: tron <tron%pkgsrc.org@localhost>
Date: Thu, 14 Oct 2021 07:32:26 +0000

details:   https://anonhg.NetBSD.org/pkgsrc/rev/84b3b6633fa6
branches:  pkgsrc-2009Q1
changeset: 556876:84b3b6633fa6
user:      tron <tron%pkgsrc.org@localhost>
date:      Thu Jun 18 08:54:21 2009 +0000

description:
Pullup ticket #2800 - requested by hasso
kdelibs3: security patch

Revisions pulled up:
- x11/kdelibs3/Makefile                 1.141
---
Module Name:    pkgsrc
Committed By:   hasso
Date:           Tue Jun 16 16:09:36 UTC 2009

Modified Files:
        pkgsrc/x11/kdelibs3: Makefile

Log Message:
Fix a serious security issue for platforms using kgrantpty (NetBSD isn't
such, but DragonFly is): ${SETUID_ROOT_PERMS} doesn't work for suid
kgrantpty, because the locate() method used to find the path to the binary
expects it to have a read permissions set.

diffstat:

 x11/kdelibs3/Makefile |  8 ++++++--
 1 files changed, 6 insertions(+), 2 deletions(-)

diffs (26 lines):

diff -r 60b5ad727c76 -r 84b3b6633fa6 x11/kdelibs3/Makefile
--- a/x11/kdelibs3/Makefile     Wed Jun 17 10:18:21 2009 +0000
+++ b/x11/kdelibs3/Makefile     Thu Jun 18 08:54:21 2009 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.140 2008/08/27 12:02:31 markd Exp $
+# $NetBSD: Makefile,v 1.140.8.1 2009/06/18 08:54:21 tron Exp $
 
 DISTNAME=      kdelibs-${_KDE_VERSION}
+PKGREVISION=   1
 CATEGORIES=    x11
 COMMENT=       Support libraries for the KDE integrated X11 desktop
 
@@ -57,9 +58,12 @@
 SUBST_SED.kdemagic=    -n -e 'p' -e 's:/usr/local/bin:${LOCALBASE}/bin:p'
 
 SPECIAL_PERMS+=        ${PREFIX}/bin/fileshareset      ${SETUID_ROOT_PERMS}
-SPECIAL_PERMS+=        ${PREFIX}/bin/kgrantpty         ${SETUID_ROOT_PERMS}
 SPECIAL_PERMS+=        ${PREFIX}/bin/kpac_dhcp_helper  ${SETUID_ROOT_PERMS}
 
+# ${SETUID_ROOT_PERMS} doesn't work here because the locate() method used to
+# find the path to the kgrantpty expects it to have read permissions set.
+SPECIAL_PERMS+=        ${PREFIX}/bin/kgrantpty ${REAL_ROOT_USER} ${REAL_ROOT_GROUP} 4555
+
 .include "options.mk"
 
 PLIST_VARS+=           kded

Prev by Date: [pkgsrc/pkgsrc-2009Q1]: pkgsrc/doc pullup #2795
Next by Date: [pkgsrc/trunk]: pkgsrc/devel/p5-Package-Generator Initial import of p5-Packag...
Previous by Thread: [pkgsrc/pkgsrc-2009Q1]: pkgsrc/doc pullup #2795
Next by Thread: [pkgsrc/trunk]: pkgsrc/devel/p5-Package-Generator Initial import of p5-Packag...
Indexes:

Home | Main Index | Thread Index | Old Index