summaryrefslogtreecommitdiffstats
path: root/sysutils
diff options
context:
space:
mode:
authoroliver <oliver@FreeBSD.org>2003-05-20 20:33:44 +0000
committeroliver <oliver@FreeBSD.org>2003-05-20 20:33:44 +0000
commit09e813d382421d7dec6ab4e5e57795822937e3dc (patch)
treee7b44a80da9d7cff8f87165d0d2eef68c50f8f05 /sysutils
parent6f6a203bffd5d4d3091c5e3f1e1652d6592acbff (diff)
downloadFreeBSD-ports-09e813d382421d7dec6ab4e5e57795822937e3dc.zip
FreeBSD-ports-09e813d382421d7dec6ab4e5e57795822937e3dc.tar.gz
Fix a securety issue which may cause a local root exploit
(if the cdrecord binary is suid 0). For more information about this, feel free to take a look at http://marc.theaimsgroup.com/?l=bugtraq&m=105285564307225&w=2 Approved by: maintainer hasn't responded within 3 days, alex (mentor)
Diffstat (limited to 'sysutils')
-rw-r--r--sysutils/cdrtools-devel/Makefile2
-rw-r--r--sysutils/cdrtools-devel/files/patch-libscg::scsiopen.c11
-rw-r--r--sysutils/cdrtools/Makefile2
-rw-r--r--sysutils/cdrtools/files/patch-libscg::scsiopen.c11
4 files changed, 24 insertions, 2 deletions
diff --git a/sysutils/cdrtools-devel/Makefile b/sysutils/cdrtools-devel/Makefile
index a30f3fa..badd318 100644
--- a/sysutils/cdrtools-devel/Makefile
+++ b/sysutils/cdrtools-devel/Makefile
@@ -7,7 +7,7 @@
PORTNAME?= cdrtools
PORTVERSION?= 2.0
-PORTREVISION?= 0
+PORTREVISION?= 1
CATEGORIES?= sysutils audio
MASTER_SITES= ftp://ftp.berlios.de/pub/cdrecord/ \
ftp://ftp.cs.tu-berlin.de/pub/misc/cdrecord/ \
diff --git a/sysutils/cdrtools-devel/files/patch-libscg::scsiopen.c b/sysutils/cdrtools-devel/files/patch-libscg::scsiopen.c
new file mode 100644
index 0000000..2a4f441
--- /dev/null
+++ b/sysutils/cdrtools-devel/files/patch-libscg::scsiopen.c
@@ -0,0 +1,11 @@
+--- libscg/scsiopen.c.orig Tue May 20 21:47:41 2003
++++ libscg/scsiopen.c Tue May 20 21:48:28 2003
+@@ -270,7 +270,7 @@
+ }
+ if (scg__open(scgp, devname) <= 0) {
+ if (errs && scgp->errstr)
+- js_snprintf(errs, slen, scgp->errstr);
++ js_snprintf(errs, slen, "%s", scgp->errstr);
+ scg_sfree(scgp);
+ return ((SCSI *)0);
+ }
diff --git a/sysutils/cdrtools/Makefile b/sysutils/cdrtools/Makefile
index a30f3fa..badd318 100644
--- a/sysutils/cdrtools/Makefile
+++ b/sysutils/cdrtools/Makefile
@@ -7,7 +7,7 @@
PORTNAME?= cdrtools
PORTVERSION?= 2.0
-PORTREVISION?= 0
+PORTREVISION?= 1
CATEGORIES?= sysutils audio
MASTER_SITES= ftp://ftp.berlios.de/pub/cdrecord/ \
ftp://ftp.cs.tu-berlin.de/pub/misc/cdrecord/ \
diff --git a/sysutils/cdrtools/files/patch-libscg::scsiopen.c b/sysutils/cdrtools/files/patch-libscg::scsiopen.c
new file mode 100644
index 0000000..2a4f441
--- /dev/null
+++ b/sysutils/cdrtools/files/patch-libscg::scsiopen.c
@@ -0,0 +1,11 @@
+--- libscg/scsiopen.c.orig Tue May 20 21:47:41 2003
++++ libscg/scsiopen.c Tue May 20 21:48:28 2003
+@@ -270,7 +270,7 @@
+ }
+ if (scg__open(scgp, devname) <= 0) {
+ if (errs && scgp->errstr)
+- js_snprintf(errs, slen, scgp->errstr);
++ js_snprintf(errs, slen, "%s", scgp->errstr);
+ scg_sfree(scgp);
+ return ((SCSI *)0);
+ }
OpenPOWER on IntegriCloud