Fix a security bug in the rscsi client code.

Approved by:	netchild
Obtained from:	cdrtools 2.01a38

2 files changed, 17 insertions, 1 deletions

diff --git a/sysutils/cdrtools/Makefile b/sysutils/cdrtools/Makefile
index 068efd797988..6c011dc6a10e 100644
--- a/sysutils/cdrtools/Makefile
+++ b/sysutils/cdrtools/Makefile
@@ -7,7 +7,7 @@
 
 PORTNAME=	cdrtools
 PORTVERSION?=	2.0.3
-PORTREVISION?=	3
+PORTREVISION?=	4
 CATEGORIES?=	sysutils audio
 MASTER_SITES=	ftp://ftp.berlios.de/pub/cdrecord/ \
 		ftp://ftp.cs.tu-berlin.de/pub/misc/cdrecord/ \
diff --git a/sysutils/cdrtools/files/patch-librscg::scsi-remote.c b/sysutils/cdrtools/files/patch-librscg::scsi-remote.c
new file mode 100644
index 000000000000..ee8e1039d1d6
--- /dev/null
+++ b/sysutils/cdrtools/files/patch-librscg::scsi-remote.c
@@ -0,0 +1,16 @@
+--- librscg/scsi-remote.c.orig	Thu Jan 15 01:25:09 2004
++++ librscg/scsi-remote.c	Tue Aug 24 00:11:42 2004
+@@ -1074,6 +1074,13 @@
+ 		if (getuid() != pw->pw_uid &&
+ 		    setuid(pw->pw_uid) == -1) {
+ 			errmsg("setuid(%lld) failed.\n",
++							(Llong)pw->pw_uid);
++			_exit(EX_BAD);
++			/* NOTREACHED */
++		}
++		if (getuid() != geteuid() &&
++		    seteuid(pw->pw_uid) == -1) {
++			errmsg("seteuid(%lld) failed.\n",
+ 							(Llong)pw->pw_uid);
+ 			_exit(EX_BAD);
+ 			/* NOTREACHED */