Thu Jun 18 08:54:21 2009 UTC ()
Pullup ticket #2800 - requested by hasso
kdelibs3: security patch

Revisions pulled up:
- x11/kdelibs3/Makefile			1.141
---
Module Name:    pkgsrc
Committed By:   hasso
Date:           Tue Jun 16 16:09:36 UTC 2009

Modified Files:
        pkgsrc/x11/kdelibs3: Makefile

Log Message:
Fix a serious security issue for platforms using kgrantpty (NetBSD isn't
such, but DragonFly is): ${SETUID_ROOT_PERMS} doesn't work for suid
kgrantpty, because the locate() method used to find the path to the binary
expects it to have a read permissions set.


(tron)
diff -r1.140 -r1.140.8.1 pkgsrc/x11/kdelibs3/Makefile
cvs diff -r1.140 -r1.140.8.1 pkgsrc/x11/kdelibs3/Attic/Makefile (expand / switch to unified diff)

--- pkgsrc/x11/kdelibs3/Attic/Makefile 2008/08/27 12:02:31 1.140
+++ pkgsrc/x11/kdelibs3/Attic/Makefile 2009/06/18 08:54:21 1.140.8.1
@@ -1,16 +1,17 @@ @@ -1,16 +1,17 @@
1# $NetBSD: Makefile,v 1.140 2008/08/27 12:02:31 markd Exp $ 1# $NetBSD: Makefile,v 1.140.8.1 2009/06/18 08:54:21 tron Exp $
2 2
3DISTNAME= kdelibs-${_KDE_VERSION} 3DISTNAME= kdelibs-${_KDE_VERSION}
 4PKGREVISION= 1
4CATEGORIES= x11 5CATEGORIES= x11
5COMMENT= Support libraries for the KDE integrated X11 desktop 6COMMENT= Support libraries for the KDE integrated X11 desktop
6 7
7PKG_DESTDIR_SUPPORT= user-destdir 8PKG_DESTDIR_SUPPORT= user-destdir
8 9
9.include "../../meta-pkgs/kde3/Makefile.kde3" 10.include "../../meta-pkgs/kde3/Makefile.kde3"
10 11
11CONFLICTS+= koffice3<=1.1.1 12CONFLICTS+= koffice3<=1.1.1
12CONFLICTS= kdelibs4-[0-9]* 13CONFLICTS= kdelibs4-[0-9]*
13 14
14USE_TOOLS+= iceauth:run perl:run pkg-config 15USE_TOOLS+= iceauth:run perl:run pkg-config
15 16
16MAKE_DIRS+= ${PKG_SYSCONFDIR}/xdg/menus 17MAKE_DIRS+= ${PKG_SYSCONFDIR}/xdg/menus
@@ -47,29 +48,32 @@ SUBST_FILES.kdelibsfix= \ @@ -47,29 +48,32 @@ SUBST_FILES.kdelibsfix= \
47 kdecore/ktimezones.cpp \ 48 kdecore/ktimezones.cpp \
48 kdeui/ksconfig.cpp \ 49 kdeui/ksconfig.cpp \
49 kio/kssl/kopenssl.cc 50 kio/kssl/kopenssl.cc
50SUBST_SED.kdelibsfix= -e 's:@LOCALBASE@:${LOCALBASE}:g' 51SUBST_SED.kdelibsfix= -e 's:@LOCALBASE@:${LOCALBASE}:g'
51SUBST_SED.kdelibsfix+= -e 's:@PKGLOCALEDIR@:${PKGLOCALEDIR}:g' 52SUBST_SED.kdelibsfix+= -e 's:@PKGLOCALEDIR@:${PKGLOCALEDIR}:g'
52 53
53SUBST_CLASSES+= kdemagic 54SUBST_CLASSES+= kdemagic
54SUBST_STAGE.kdemagic= pre-configure 55SUBST_STAGE.kdemagic= pre-configure
55SUBST_MESSAGE.kdemagic= Add LOCALBASE paths to magic file. 56SUBST_MESSAGE.kdemagic= Add LOCALBASE paths to magic file.
56SUBST_FILES.kdemagic= kio/magic 57SUBST_FILES.kdemagic= kio/magic
57SUBST_SED.kdemagic= -n -e 'p' -e 's:/usr/local/bin:${LOCALBASE}/bin:p' 58SUBST_SED.kdemagic= -n -e 'p' -e 's:/usr/local/bin:${LOCALBASE}/bin:p'
58 59
59SPECIAL_PERMS+= ${PREFIX}/bin/fileshareset ${SETUID_ROOT_PERMS} 60SPECIAL_PERMS+= ${PREFIX}/bin/fileshareset ${SETUID_ROOT_PERMS}
60SPECIAL_PERMS+= ${PREFIX}/bin/kgrantpty ${SETUID_ROOT_PERMS} 
61SPECIAL_PERMS+= ${PREFIX}/bin/kpac_dhcp_helper ${SETUID_ROOT_PERMS} 61SPECIAL_PERMS+= ${PREFIX}/bin/kpac_dhcp_helper ${SETUID_ROOT_PERMS}
62 62
 63# ${SETUID_ROOT_PERMS} doesn't work here because the locate() method used to
 64# find the path to the kgrantpty expects it to have read permissions set.
 65SPECIAL_PERMS+= ${PREFIX}/bin/kgrantpty ${REAL_ROOT_USER} ${REAL_ROOT_GROUP} 4555
 66
63.include "options.mk" 67.include "options.mk"
64 68
65PLIST_VARS+= kded 69PLIST_VARS+= kded
66.if ${OPSYS} == "NetBSD" 70.if ${OPSYS} == "NetBSD"
67. if ${OS_VERSION:M1.5.[12]*} || ${OS_VERSION:M1.[0-4]*} 71. if ${OS_VERSION:M1.5.[12]*} || ${OS_VERSION:M1.[0-4]*}
68# nothing 72# nothing
69. else 73. else
70PLIST.kded= yes 74PLIST.kded= yes
71. endif 75. endif
72# make sure zone.tab is installed 76# make sure zone.tab is installed
73DEPENDS+= zonetab-[0-9]*:../../time/zonetab 77DEPENDS+= zonetab-[0-9]*:../../time/zonetab
74.else 78.else
75PLIST.kded= yes 79PLIST.kded= yes