From 9e53e215d8bbbec9dd0dafe2b59a2d6d96454fad Mon Sep 17 00:00:00 2001
From: Natanael Copa <ncopa@alpinelinux.org>
Date: Mon, 11 Jun 2012 09:20:10 +0000
Subject: [PATCH] main/arpwatch: security fix CVE-2012-2653

fixes #1202
---
 main/arpwatch/APKBUILD            | 17 ++++++++++++++++-
 main/arpwatch/CVE-2012-2653.patch | 12 ++++++++++++
 2 files changed, 28 insertions(+), 1 deletion(-)
 create mode 100644 main/arpwatch/CVE-2012-2653.patch

diff --git a/main/arpwatch/APKBUILD b/main/arpwatch/APKBUILD
index c71eb25e0676..b7dab0be59e5 100644
--- a/main/arpwatch/APKBUILD
+++ b/main/arpwatch/APKBUILD
@@ -2,7 +2,7 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=arpwatch
 pkgver=2.1a15
-pkgrel=3
+pkgrel=4
 pkgdesc="Ethernet monitoring program"
 url="http://www-nrg.ee.lbl.gov/"
 arch="all"
@@ -12,9 +12,19 @@ makedepends="libpcap-dev"
 install=
 subpackages=""
 source="ftp://ftp.ee.lbl.gov/$pkgname.tar.gz
+	CVE-2012-2653.patch
 	arpwatch.confd
 	arpwatch.initd"
 
+prepare() {
+	cd "$srcdir/$pkgname-$pkgver"
+	for i in $source; do
+		case $i in
+		*.oatch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
+		esac
+	done
+}
+
 build() {
 	cd "$srcdir/$pkgname-$pkgver"
 
@@ -23,6 +33,10 @@ build() {
 		--mandir=/usr/share/man \
 		--infodir=/usr/share/info
 	make -j1 || return 1
+}
+
+package() {
+	cd "$srcdir/$pkgname-$pkgver"
 	#install command wouldn't create directory ? 
 	mkdir -p "$pkgdir"/usr/sbin/
 	make -j1 DESTDIR="$pkgdir" install
@@ -33,5 +47,6 @@ build() {
 }
 
 md5sums="cebfeb99c4a7c2a6cee2564770415fe7  arpwatch.tar.gz
+af7d5a6cddca6c31fe84acd1d5209c8b  CVE-2012-2653.patch
 dc8300ce5f02d6be95899a2982397064  arpwatch.confd
 51ecada198c4f954ac4d5f5903198ebb  arpwatch.initd"
diff --git a/main/arpwatch/CVE-2012-2653.patch b/main/arpwatch/CVE-2012-2653.patch
new file mode 100644
index 000000000000..c37b5132ed70
--- /dev/null
+++ b/main/arpwatch/CVE-2012-2653.patch
@@ -0,0 +1,12 @@
+diff -u arpwatch-2.1a15/arpwatch.c arpwatch-2.1a15/arpwatch.c
+--- arpwatch-2.1a15/arpwatch.c
++++ arpwatch-2.1a15/arpwatch.c
+@@ -153,7 +153,7 @@
+        struct passwd* pw;
+        pw = getpwnam( user );
+        if ( pw ) {
+-               if ( initgroups(pw->pw_name, 0) != 0 || setgid(pw->pw_gid) != 0 ||
++               if ( initgroups(pw->pw_name, pw->pw_gid) != 0 || setgid(pw->pw_gid) != 0 ||
+                        setuid(pw->pw_uid) != 0 ) {
+                        syslog(LOG_ERR, "Couldn't change to '%.32s' uid=%d gid=%d", user,pw->pw_uid, pw->pw_gid);
+                        exit(1);
-- 
GitLab