Added patch to fix a local root exploit (Bug #63927)

5 files changed, 33 insertions, 16 deletions

diff --git a/app-admin/sus/ChangeLog b/app-admin/sus/ChangeLog
index 342dd702c228..5d27cb42784e 100644
--- a/app-admin/sus/ChangeLog
+++ b/app-admin/sus/ChangeLog
@@ -1,7 +1,13 @@
 # ChangeLog for app-admin/sus
 # Copyright 2000-2004 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-admin/sus/ChangeLog,v 1.4 2004/06/24 21:38:34 agriffis Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-admin/sus/ChangeLog,v 1.5 2004/09/13 20:39:01 kumba Exp $
 
+*sus-2.0.2-r1 (13 Sep 2004)
+
+  13 Sep 2004; Joshua Kinard <kumba@gentoo.org>
+  +files/sus-2.0.2-syslog-vuln-fix.patch, +sus-2.0.2-r1.ebuild,
+  -sus-2.0.2.ebuild:
+  Added patch to fix a local root exploit (Bug #63927)
 
 *sus-2.0.2 (10 Aug 2003)
 
diff --git a/app-admin/sus/Manifest b/app-admin/sus/Manifest
index bd98ba97232a..7565a20ddf2c 100644
--- a/app-admin/sus/Manifest
+++ b/app-admin/sus/Manifest
@@ -1,14 +1,5 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
-
-MD5 a022dfc64e37f286ba94f96ce6e58bdd ChangeLog 735
-MD5 c344b044f5b66d586304b4c00eb53762 sus-2.0.2.ebuild 1256
-MD5 37ab627480600ea8a18055974761eb3c files/digest-sus-2.0.2 60
+MD5 092e797aa873dcfada15ebba9e927098 ChangeLog 952
+MD5 080b12f499f9f5e6cb2a9869767f9879 sus-2.0.2-r1.ebuild 1392
+MD5 37ab627480600ea8a18055974761eb3c files/digest-sus-2.0.2-r1 60
 MD5 e551ecc3164caa7ab831c58f5f7244a5 files/susers.cpp 988
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.9.8 (GNU/Linux)
-
-iD8DBQFA3K6mHTu7gpaalycRAqsfAKC8AQj4GCAncmlJpLrgYgky8GSeNgCgxm3V
-X8ggh2Umc4qvry5K74WV45g=
-=4K6c
------END PGP SIGNATURE-----
+MD5 01f6c4974f79047b74718f27c22b2ae5 files/sus-2.0.2-syslog-vuln-fix.patch 406
diff --git a/app-admin/sus/files/digest-sus-2.0.2 b/app-admin/sus/files/digest-sus-2.0.2-r1
index 5211b8cc7bc0..5211b8cc7bc0 100644
--- a/app-admin/sus/files/digest-sus-2.0.2
+++ b/app-admin/sus/files/digest-sus-2.0.2-r1
diff --git a/app-admin/sus/files/sus-2.0.2-syslog-vuln-fix.patch b/app-admin/sus/files/sus-2.0.2-syslog-vuln-fix.patch
new file mode 100644
index 000000000000..3357b1337e99
--- /dev/null
+++ b/app-admin/sus/files/sus-2.0.2-syslog-vuln-fix.patch
@@ -0,0 +1,12 @@
+diff -Naurp sus-2.0.2.orig/log.c sus-2.0.2/log.c
+--- sus-2.0.2.orig/log.c	2002-04-06 03:19:14.000000000 -0500
++++ sus-2.0.2/log.c	2004-09-13 16:16:39.376881320 -0400
+@@ -150,7 +150,7 @@ log(char * msg)
+ 		}
+ 
+ 		openlog(ident, LOG_PID|LOG_CONS, facility);
+-		syslog(level, msg);
++		syslog(level, "%s", msg);
+ #ifdef	DEBUG
+ 		if (g_debug)
+ 			(void) fprintf(stderr,"syslog: ident \"%s\", level %d, \"%s\"",
diff --git a/app-admin/sus/sus-2.0.2.ebuild b/app-admin/sus/sus-2.0.2-r1.ebuild
index f1f1b091ab35..91aca3fc04be 100644
--- a/app-admin/sus/sus-2.0.2.ebuild
+++ b/app-admin/sus/sus-2.0.2-r1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2004 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-admin/sus/sus-2.0.2.ebuild,v 1.7 2004/06/25 23:00:43 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-admin/sus/sus-2.0.2-r1.ebuild,v 1.1 2004/09/13 20:39:01 kumba Exp $
 
 inherit gcc
 
@@ -10,12 +10,20 @@ SRC_URI="http://pdg.uow.edu.au/sus/${P}.tar.Z"
 
 LICENSE="GPL-2"
 SLOT="0"
-KEYWORDS="x86 ~sparc mips"
+KEYWORDS="x86 sparc mips"
 IUSE="pam"
 
 DEPEND="virtual/libc
 	pam? ( >=sys-libs/pam-0.73-r1 )"
 
+src_unpack() {
+	unpack ${A}
+	cd ${S}
+
+	# Fixes a local root vulnerability (Bug #63927)
+	epatch ${FILESDIR}/${P}-syslog-vuln-fix.patch
+}
+
 src_compile() {
 	local myconf
 	local lflags