head	1.3;
access;
symbols
	pkgsrc-2013Q2:1.3.0.10
	pkgsrc-2013Q2-base:1.3
	pkgsrc-2012Q4:1.3.0.8
	pkgsrc-2012Q4-base:1.3
	pkgsrc-2011Q4:1.3.0.6
	pkgsrc-2011Q4-base:1.3
	pkgsrc-2011Q2:1.3.0.4
	pkgsrc-2011Q2-base:1.3
	pkgsrc-2009Q4:1.3.0.2
	pkgsrc-2009Q4-base:1.3
	pkgsrc-2009Q1:1.2.0.4
	pkgsrc-2009Q1-base:1.2
	pkgsrc-2008Q4:1.2.0.2;
locks; strict;
comment	@# @;


1.3
date	2009.04.07.00.21.47;	author mjl;	state dead;
branches;
next	1.2;

1.2
date	2009.02.11.17.59.32;	author drochner;	state Exp;
branches
	1.2.2.1;
next	1.1;

1.1
date	2009.02.04.21.20.39;	author drochner;	state Exp;
branches;
next	;

1.2.2.1
date	2009.02.11.17.59.32;	author rtr;	state dead;
branches;
next	1.2.2.2;

1.2.2.2
date	2009.02.28.12.47.22;	author rtr;	state Exp;
branches;
next	;


desc
@@


1.3
log
@Update privoxy to 3.0.12
This is a stable release which includes many enhancements but no major
new features. The most prominent improvement is support for keep-alive
connections.

Also add a patch to deal with non-availability of gethostbyname_r()
on NetBSD -- privoxy then uses gethostbyname() in a mutexed section,
effectively single threading DNS lookup. This is extremely annoying when
running into DNS timeouts. Hack around it by implementing functionality
using getaddrinfo().
@
text
@$NetBSD: patch-af,v 1.2 2009/02/11 17:59:32 drochner Exp $

--- ./jcc.c.orig	2008-06-27 13:13:56.000000000 +0200
+++ ./jcc.c
@@@@ -3349,6 +3349,17 @@@@ int main(int argc, const char *argv[])
       {
          log_error(LOG_LEVEL_FATAL, "Cannot setgid(): Insufficient permissions.");
       }
+      if (NULL != grp)
+      {
+         if (setgroups(1, &grp->gr_gid))
+         {
+            log_error(LOG_LEVEL_FATAL, "setgroups() failed: %E");
+         }
+      }
+      else if (initgroups(pw->pw_name, pw->pw_gid))
+      {
+         log_error(LOG_LEVEL_FATAL, "initgroups() failed: %E");
+      }
       if (do_chroot)
       {
          if (!pw->pw_dir)
@


1.2
log
@replace my quick-and-dirty setgroups/initgroups patch by the upstream
version, to ease further updates
@
text
@d1 1
a1 1
$NetBSD$
@


1.2.2.1
log
@file patch-af was added on branch pkgsrc-2008Q4 on 2009-02-28 12:47:22 +0000
@
text
@d1 22
@


1.2.2.2
log
@pullup ticket #2711 - requested by drochner
privoxy: update for security fix

revisions pulled up:
pkgsrc/www/privoxy/Makefile		1.35,1.36
pkgsrc/www/privoxy/files/privoxy.sh	1.4,1.5
pkgsrc/www/privoxy/distinfo		1.9
pkgsrc/www/privoxy/patches/patch-af	1.1

   Module Name:    pkgsrc
   Committed By:   jnemeth
   Date:           Mon Feb  2 20:00:41 UTC 2009

   Modified Files:
           pkgsrc/www/privoxy: Makefile
           pkgsrc/www/privoxy/files: privoxy.sh

   Log Message:
   PR/40532 - Cem Kayali -- group permissions too broad
   Just fixing security issue, will leave pkg update for MAINTAINER for now.

------------------------------------------------------------------------
   Module Name:   pkgsrc
   Committed By:  drochner
   Date:          Wed Feb  4 21:20:39 UTC 2009


   Modified Files:
          pkgsrc/www/privoxy: Makefile distinfo
          pkgsrc/www/privoxy/files: privoxy.sh
   Added Files:
          pkgsrc/www/privoxy/patches: patch-af


   Log Message:
   give up supplementary group memberships on uid/gid switch, fixes
   unexpected privileges reported in PR pkg/40532 by Cem Kayali,
   the issue is being discussed with upstream,
   thanks to Cem for detailed reports,
   also back out explicit passing of PRIVOXY_GROUP to the program --
   while it does not hurt it is redundant because PRIVOXY_GROUP is already
   the primary group of PRIVOXY_USER
@
text
@a0 15
$NetBSD: patch-af,v 1.1 2009/02/04 21:20:39 drochner Exp $

--- ./jcc.c.orig	2007-12-16 19:32:46.000000000 +0100
+++ ./jcc.c
@@@@ -3299,6 +3299,10 @@@@ int main(int argc, const char *argv[])
       {
          log_error(LOG_LEVEL_FATAL, "Cannot setgid(): Insufficient permissions.");
       }
+      if (grp)
+	setgroups(1, &grp->gr_gid);
+      else
+      	initgroups(pw->pw_name, pw->pw_gid);
       if (do_chroot)
       {
          if (!pw->pw_dir)
@


1.1
log
@give up supplementary group memberships on uid/gid switch, fixes
unexpected privileges reported in PR pkg/40532 by Cem Kayali,
the issue is being discussed with upstream,
thanks to Cem for detailed reports,
also back out explicit passing of PRIVOXY_GROUP to the program --
while it does not hurt it is redundant because PRIVOXY_GROUP is already
the primary group of PRIVOXY_USER
@
text
@d3 1
a3 1
--- ./jcc.c.orig	2007-12-16 19:32:46.000000000 +0100
d5 1
a5 1
@@@@ -3299,6 +3299,10 @@@@ int main(int argc, const char *argv[])
d9 11
a19 4
+      if (grp)
+	setgroups(1, &grp->gr_gid);
+      else
+      	initgroups(pw->pw_name, pw->pw_gid);
@