Sat Feb 28 12:47:22 2009 UTC ()
pullup ticket #2711 - requested by drochner
privoxy: update for security fix
revisions pulled up:
pkgsrc/www/privoxy/Makefile 1.35,1.36
pkgsrc/www/privoxy/files/privoxy.sh 1.4,1.5
pkgsrc/www/privoxy/distinfo 1.9
pkgsrc/www/privoxy/patches/patch-af 1.1
Module Name: pkgsrc
Committed By: jnemeth
Date: Mon Feb 2 20:00:41 UTC 2009
Modified Files:
pkgsrc/www/privoxy: Makefile
pkgsrc/www/privoxy/files: privoxy.sh
Log Message:
PR/40532 - Cem Kayali -- group permissions too broad
Just fixing security issue, will leave pkg update for MAINTAINER for now.
------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: drochner
Date: Wed Feb 4 21:20:39 UTC 2009
Modified Files:
pkgsrc/www/privoxy: Makefile distinfo
pkgsrc/www/privoxy/files: privoxy.sh
Added Files:
pkgsrc/www/privoxy/patches: patch-af
Log Message:
give up supplementary group memberships on uid/gid switch, fixes
unexpected privileges reported in PR pkg/40532 by Cem Kayali,
the issue is being discussed with upstream,
thanks to Cem for detailed reports,
also back out explicit passing of PRIVOXY_GROUP to the program --
while it does not hurt it is redundant because PRIVOXY_GROUP is already
the primary group of PRIVOXY_USER
(rtr)
diff -r1.34 -r1.34.12.1 pkgsrc/www/privoxy/Makefile
diff -r1.8 -r1.8.10.1 pkgsrc/www/privoxy/distinfo
diff -r0 -r1.2.2.2 pkgsrc/www/privoxy/patches/patch-af
--- pkgsrc/www/privoxy/Makefile 2008/03/12 21:35:03 1.34
+++ pkgsrc/www/privoxy/Makefile 2009/02/28 12:47:22 1.34.12.1
| @@ -1,18 +1,19 @@ | | | @@ -1,18 +1,19 @@ |
| 1 | # $NetBSD: Makefile,v 1.34 2008/03/12 21:35:03 drochner Exp $ | | 1 | # $NetBSD: Makefile,v 1.34.12.1 2009/02/28 12:47:22 rtr Exp $ |
| 2 | # | | 2 | # |
| 3 | | | 3 | |
| 4 | DISTNAME= ${PKGNAME_NOREV}-stable-src | | 4 | DISTNAME= ${PKGNAME_NOREV}-stable-src |
| 5 | PKGNAME= privoxy-3.0.8 | | 5 | PKGNAME= privoxy-3.0.8 |
| | | 6 | PKGREVISION= 2 |
| 6 | CATEGORIES= www | | 7 | CATEGORIES= www |
| 7 | MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=ijbswa/} | | 8 | MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=ijbswa/} |
| 8 | | | 9 | |
| 9 | MAINTAINER= kim@tac.nyc.ny.us | | 10 | MAINTAINER= kim@tac.nyc.ny.us |
| 10 | HOMEPAGE= http://www.privoxy.org/ | | 11 | HOMEPAGE= http://www.privoxy.org/ |
| 11 | COMMENT= Web proxy with advanced filtering capabilities | | 12 | COMMENT= Web proxy with advanced filtering capabilities |
| 12 | | | 13 | |
| 13 | .include "../../mk/bsd.prefs.mk" | | 14 | .include "../../mk/bsd.prefs.mk" |
| 14 | | | 15 | |
| 15 | PRIVOXY_USER?= privoxy | | 16 | PRIVOXY_USER?= privoxy |
| 16 | PRIVOXY_GROUP?= privoxy | | 17 | PRIVOXY_GROUP?= privoxy |
| 17 | PKG_GROUPS_VARS+= PRIVOXY_GROUP | | 18 | PKG_GROUPS_VARS+= PRIVOXY_GROUP |
| 18 | PKG_USERS_VARS+= PRIVOXY_USER | | 19 | PKG_USERS_VARS+= PRIVOXY_USER |
--- pkgsrc/www/privoxy/distinfo 2008/06/13 13:45:46 1.8
+++ pkgsrc/www/privoxy/distinfo 2009/02/28 12:47:22 1.8.10.1
| @@ -1,9 +1,10 @@ | | | @@ -1,9 +1,10 @@ |
| 1 | $NetBSD: distinfo,v 1.8 2008/06/13 13:45:46 drochner Exp $ | | 1 | $NetBSD: distinfo,v 1.8.10.1 2009/02/28 12:47:22 rtr Exp $ |
| 2 | | | 2 | |
| 3 | SHA1 (privoxy-3.0.8-stable-src.tar.gz) = 7fe2b7afde4066ef1f170f5f11850cf9da428a42 | | 3 | SHA1 (privoxy-3.0.8-stable-src.tar.gz) = 7fe2b7afde4066ef1f170f5f11850cf9da428a42 |
| 4 | RMD160 (privoxy-3.0.8-stable-src.tar.gz) = 604dd61a22dc74d06d4adaa4b3c87e4d5da5149b | | 4 | RMD160 (privoxy-3.0.8-stable-src.tar.gz) = 604dd61a22dc74d06d4adaa4b3c87e4d5da5149b |
| 5 | Size (privoxy-3.0.8-stable-src.tar.gz) = 2007961 bytes | | 5 | Size (privoxy-3.0.8-stable-src.tar.gz) = 2007961 bytes |
| 6 | SHA1 (patch-aa) = c263d2a4b9522a33613f82ab2bc18d5c2b554b21 | | 6 | SHA1 (patch-aa) = c263d2a4b9522a33613f82ab2bc18d5c2b554b21 |
| 7 | SHA1 (patch-ac) = e39ffe694462b952c5ad66ac577a0acbee0a1d9f | | 7 | SHA1 (patch-ac) = e39ffe694462b952c5ad66ac577a0acbee0a1d9f |
| 8 | SHA1 (patch-ad) = d5d6fe935ff98a45ebbd209a5c7126cb5e42ae1a | | 8 | SHA1 (patch-ad) = d5d6fe935ff98a45ebbd209a5c7126cb5e42ae1a |
| 9 | SHA1 (patch-ae) = 5cd064cd6b35196d32272bbbdc181a1e48d9be8f | | 9 | SHA1 (patch-ae) = 5cd064cd6b35196d32272bbbdc181a1e48d9be8f |
| | | 10 | SHA1 (patch-af) = 8d572ece2f2d5cedcc7694ddda0b79e4453671ff |
$NetBSD: patch-af,v 1.2.2.2 2009/02/28 12:47:22 rtr Exp $
--- ./jcc.c.orig 2007-12-16 19:32:46.000000000 +0100
+++ ./jcc.c
@@ -3299,6 +3299,10 @@ int main(int argc, const char *argv[])
{
log_error(LOG_LEVEL_FATAL, "Cannot setgid(): Insufficient permissions.");
}
+ if (grp)
+ setgroups(1, &grp->gr_gid);
+ else
+ initgroups(pw->pw_name, pw->pw_gid);
if (do_chroot)
{
if (!pw->pw_dir)