From 9e53e215d8bbbec9dd0dafe2b59a2d6d96454fad Mon Sep 17 00:00:00 2001 From: Natanael Copa Date: Mon, 11 Jun 2012 09:20:10 +0000 Subject: main/arpwatch: security fix CVE-2012-2653 fixes #1202 --- main/arpwatch/APKBUILD | 17 ++++++++++++++++- main/arpwatch/CVE-2012-2653.patch | 12 ++++++++++++ 2 files changed, 28 insertions(+), 1 deletion(-) create mode 100644 main/arpwatch/CVE-2012-2653.patch (limited to 'main/arpwatch') diff --git a/main/arpwatch/APKBUILD b/main/arpwatch/APKBUILD index c71eb25e0..b7dab0be5 100644 --- a/main/arpwatch/APKBUILD +++ b/main/arpwatch/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Natanael Copa pkgname=arpwatch pkgver=2.1a15 -pkgrel=3 +pkgrel=4 pkgdesc="Ethernet monitoring program" url="http://www-nrg.ee.lbl.gov/" arch="all" @@ -12,9 +12,19 @@ makedepends="libpcap-dev" install= subpackages="" source="ftp://ftp.ee.lbl.gov/$pkgname.tar.gz + CVE-2012-2653.patch arpwatch.confd arpwatch.initd" +prepare() { + cd "$srcdir/$pkgname-$pkgver" + for i in $source; do + case $i in + *.oatch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;; + esac + done +} + build() { cd "$srcdir/$pkgname-$pkgver" @@ -23,6 +33,10 @@ build() { --mandir=/usr/share/man \ --infodir=/usr/share/info make -j1 || return 1 +} + +package() { + cd "$srcdir/$pkgname-$pkgver" #install command wouldn't create directory ? mkdir -p "$pkgdir"/usr/sbin/ make -j1 DESTDIR="$pkgdir" install @@ -33,5 +47,6 @@ build() { } md5sums="cebfeb99c4a7c2a6cee2564770415fe7 arpwatch.tar.gz +af7d5a6cddca6c31fe84acd1d5209c8b CVE-2012-2653.patch dc8300ce5f02d6be95899a2982397064 arpwatch.confd 51ecada198c4f954ac4d5f5903198ebb arpwatch.initd" diff --git a/main/arpwatch/CVE-2012-2653.patch b/main/arpwatch/CVE-2012-2653.patch new file mode 100644 index 000000000..c37b5132e --- /dev/null +++ b/main/arpwatch/CVE-2012-2653.patch @@ -0,0 +1,12 @@ +diff -u arpwatch-2.1a15/arpwatch.c arpwatch-2.1a15/arpwatch.c +--- arpwatch-2.1a15/arpwatch.c ++++ arpwatch-2.1a15/arpwatch.c +@@ -153,7 +153,7 @@ + struct passwd* pw; + pw = getpwnam( user ); + if ( pw ) { +- if ( initgroups(pw->pw_name, 0) != 0 || setgid(pw->pw_gid) != 0 || ++ if ( initgroups(pw->pw_name, pw->pw_gid) != 0 || setgid(pw->pw_gid) != 0 || + setuid(pw->pw_uid) != 0 ) { + syslog(LOG_ERR, "Couldn't change to '%.32s' uid=%d gid=%d", user,pw->pw_uid, pw->pw_gid); + exit(1); -- cgit v1.2.3