From owner-freebsd-ports-bugs@FreeBSD.ORG Sun Jun 1 16:20:20 2003 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AC8E237B401 for ; Sun, 1 Jun 2003 16:20:20 -0700 (PDT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 915DC43F3F for ; Sun, 1 Jun 2003 16:20:19 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.9/8.12.9) with ESMTP id h51NKJUp079318 for ; Sun, 1 Jun 2003 16:20:19 -0700 (PDT) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.9/8.12.9/Submit) id h51NKJ09079317; Sun, 1 Jun 2003 16:20:19 -0700 (PDT) Resent-Date: Sun, 1 Jun 2003 16:20:19 -0700 (PDT) Resent-Message-Id: <200306012320.h51NKJ09079317@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, marius Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8577F37B401; Sun, 1 Jun 2003 16:15:53 -0700 (PDT) Received: from alchemy.franken.de (alchemy.franken.de [194.94.249.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id 84D5C43F3F; Sun, 1 Jun 2003 16:15:52 -0700 (PDT) (envelope-from marius@alchemy.franken.de) Received: from alchemy.franken.de (localhost [127.0.0.1]) id h51NFoOJ052837; Mon, 2 Jun 2003 01:15:50 +0200 (CEST) (envelope-from marius@alchemy.franken.de) Received: (from marius@localhost) by alchemy.franken.de (8.12.9/8.12.9/Submit) id h51NFo8x052836; Mon, 2 Jun 2003 01:15:50 +0200 (CEST) (envelope-from marius) Message-Id: <200306012315.h51NFo8x052836@alchemy.franken.de> Date: Mon, 2 Jun 2003 01:15:50 +0200 (CEST) From: marius To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 cc: dirk@FreeBSD.org cc: oliver@FreeBSD.org Subject: ports/52849: [update/new port] Fix a security issue in cdrtools by updating to version 2.00.3 and add a new port for the development version X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: marius List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 Jun 2003 23:20:21 -0000 >Number: 52849 >Category: ports >Synopsis: [update/new port] Fix a security issue in cdrtools by updating to version 2.00.3 and add a new port for the development version >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Sun Jun 01 16:20:19 PDT 2003 >Closed-Date: >Last-Modified: >Originator: marius >Release: FreeBSD 5.1-BETA sparc64 >Organization: >Environment: System: FreeBSD alchemy.franken.de 5.1-BETA FreeBSD 5.1-BETA #0: Thu May 29 14:55:16 CEST 2003 marius@alchemy.franken.de:/tmp/sys/sparc64/compile/alchemy sparc64 >Description: Version 2.0_1 of sysutils/cdrtools has a bug in scsitransp.c which might also lead to a root exploit similar to the bug in scsiopen.c. From the release notes at ftp://ftp.berlios.de/pub/cdrecord/AN-2.00.3 - Security update for scsiopen.c Fixed a problem with possible suid root exploit in the SCSI error string. Thanks to Stefano Di Paola for reporting. - Security update for scsitransp.c (similar to scsiopen.c) As with the last bug fixed in version 2.0_1, this also is only an issue if the binaries are set suid root which is not done by the port but might be done locally to give other users the possibility to burn cds. Besides adding another patch to fix the bug it can be also fixed by updating the port to one of two possible newer versions, version 2.00.3 and version 2.01a15. Version 2.00.3 is a maintenance release fixing security and portability issues. Version 2.01a15 is the latest alpha release. As cdrtools resp. mkisofs is used for release engineering it would be better to update to 2.00.3 in my opinion rather than updating to the latest bleeding edge development version as done in the past with this port. However, one might also want a port of the latest alpha release because of support for a previously unsupported drive, testing new features etc.. Therefor I did two sets of patches, the first updates sysutils/cdrtools to version 2.00.3 and sysutils/mkisofs to version 2.0.3. The second set creates two new ports, sysutils/cdrtools-devel (version 2.01a15) and sysutils/mkisofs-devel (2.01a12), both assuming repo-copies of the respective ports. The patch for sysutils/cdrtools is at: ftp://ftp.zeist.de/pub/patches/sysutils::cdrtools.diff As version 2.00.3 includes the fix for scsiopen.c, patch-libscg::scsiopen.c has to be removed form the FILESDIR. The update for sysutils is at: ftp://ftp.zeist.de/pub/patches/sysutils::mkisofs.diff It also re-aranges the MASTERDIR variable to calm down portlint and adds CONFLICTS variables for the devel-ports as does the above patch for cdrtools. The patches to create the ports of the development version are at: ftp://ftp.zeist.de/pub/patches/sysutils::cdrtools-devel.diff ftp://ftp.zeist.de/pub/patches/sysutils::mkisofs-devel.diff As with sysutils::cdrtools.diff, patch-libscg::scsiopen.c has to be deleted form the FILESDIR while there is a whole bunch of new files do add: pkg-message pkg-message.conf_prefix files/patch-RULES::rules.cnf files/patch-cdda2wav::setuid.c files/patch-cdrecord::cdrecord.1 files/patch-cdrecord::cdrecord.c files/patch-cdrecord::cdrecord.dfl files/patch-cdrecord::defaults.c files/patch-include::deflts.h files/patch-mkisofs::mkisofs.c files/patch-readcd::readcd.1 files/patch-readcd::readcd.c files/patch-rscsi::rscsi.c files/patch-rscsi::rscsi.dfl files/patch-scgcheck::scgcheck.1 The additional patches are for several enhancements of the port in comparison to sysutils/cdrtools resp. sysutils/mkisofs. For cdrtools-devel these are: - Swap over to the bz2 tarball. - Fix COMMENT, this port doesn't install mkisofs. - Respect CC already at the configure-stage. - Install scgcheck, a tool to check and validate the ABI of libscg. - Patch cdrecord to install and use the configuration file at overrideable location, defaulting to ${PREFIX}/etc, rather than using /etc/default. This also patches the installed documentaion and adds a PKGMESSAGE reflecting the change as required by the license of cdrtools. See also PR ports/50835. (This is partly based on the NetBSD port/pkgsrc of cdrtools). - Install a sample configuration file for cdrecord. - Patch manpages to better correspond to files and locations on FreeBSD. - Install rcsi, a tool to allow using SCSI-devices over the network. Install a sample configuration file for it, give short instructions in PKGMESSAGE how to set it up. This has been successfully tested by buring a CD on a sparc64 machine via a CD-burner in an i386 machine. - Delete the targets for mkisofs and friends to speed up the build of this port. - Add patches to prefer seteuid(2) over setreuid(2). (Mostly based on the NetBSD port/pkgsrc of cdrtools). For mkisofs-devel: - Respect CC already at the configure-stage. - Add MLINKS for devdump.8, isodump.8, isovfy.8 to isoinfo.8. - Remove apple_driver.8, this tool doesn't get installed. - Replace mkhybrid.8 (just includes mkisofs.8, broken without patching) with a MLINKS to mkisofs.8. - Delete the targets for cdrecord and friends to speed up the build of this port. - Add patches to prefer seteuid(2) over setreuid(2). (Mostly based on the NetBSD port/pkgsrc of cdrtools). Maybe parts of these changes should be brought back to sysutils/cdrtools if they have proven good. >How-To-Repeat: >Fix: >Release-Note: >Audit-Trail: >Unformatted: