pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2005Q2]: pkgsrc/emulators/wine Pullup ticket 679 - requested b...
details: https://anonhg.NetBSD.org/pkgsrc/rev/c9f1dd0942ae
branches: pkgsrc-2005Q2
changeset: 495983:c9f1dd0942ae
user: snj <snj%pkgsrc.org@localhost>
date: Sat Aug 13 05:32:37 2005 +0000
description:
Pullup ticket 679 - requested by Lubomir Sedlacik
security fix for wine
Revisions pulled up:
- pkgsrc/emulators/wine/Makefile 1.89
- pkgsrc/emulators/wine/distinfo 1.35
- pkgsrc/emulators/wine/patches/patch-ai 1.5
Module Name: pkgsrc
Committed By: salo
Date: Fri Aug 12 13:57:44 UTC 2005
Modified Files:
pkgsrc/emulators/wine: Makefile distinfo
Added Files:
pkgsrc/emulators/wine/patches: patch-ai
Log Message:
Security fix for SA16352.
"A vulnerability in wine can be exploited by malicious, local users to
perform certain actions on a vulnerable system with escalated privileges.
The vulnerability is caused due to a temporary file being created
insecurely in "/tmp" by winelauncher.in under certain error conditions.
This can be exploited via symlink attacks to create or overwrite
arbitrary files with the privileges of the user running the affected
application."
http://secunia.com/advisories/16352/
Patch from Wine CVS.
diffstat:
emulators/wine/Makefile | 5 +++--
emulators/wine/distinfo | 3 ++-
emulators/wine/patches/patch-ai | 25 +++++++++++++++++++++++++
3 files changed, 30 insertions(+), 3 deletions(-)
diffs (65 lines):
diff -r c92dafded074 -r c9f1dd0942ae emulators/wine/Makefile
--- a/emulators/wine/Makefile Sat Aug 13 05:27:41 2005 +0000
+++ b/emulators/wine/Makefile Sat Aug 13 05:32:37 2005 +0000
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.87 2005/06/01 18:02:48 jlam Exp $
+# $NetBSD: Makefile,v 1.87.2.1 2005/08/13 05:32:37 snj Exp $
DISTNAME= Wine-20050524
PKGNAME= ${DISTNAME:S/W/w/}
+PKGREVISION= 1
CATEGORIES= emulators
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=wine/} \
http://www.ibiblio.org/pub/Linux/ALPHA/wine/development/ \
@@ -19,7 +20,7 @@
ONLY_FOR_PLATFORM+= FreeBSD*-i386 Linux*-i386 SunOS*-i386 Darwin*-i386
WRKSRC= ${WRKDIR}/${DISTNAME:S/W/w/}
-USE_TOOLS+= bison gmake
+USE_TOOLS+= bison gmake mktemp
USE_LIBTOOL= yes
GNU_CONFIGURE= yes
CONFIGURE_ARGS+= --without-curses --disable-trace #--disable-debug
diff -r c92dafded074 -r c9f1dd0942ae emulators/wine/distinfo
--- a/emulators/wine/distinfo Sat Aug 13 05:27:41 2005 +0000
+++ b/emulators/wine/distinfo Sat Aug 13 05:32:37 2005 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.33 2005/06/05 06:14:17 minskim Exp $
+$NetBSD: distinfo,v 1.33.2.1 2005/08/13 05:32:37 snj Exp $
SHA1 (Wine-20050524.tar.gz) = 109fac3a1b9158a4d23ca8c003f6716dd8caf73f
RMD160 (Wine-20050524.tar.gz) = 682795fd1cd156203c5766554f74e19e5060fa34
@@ -10,3 +10,4 @@
SHA1 (patch-ae) = dbd40183fb8e1f1d7af9ab4e51910a2227524e3c
SHA1 (patch-af) = 803e74ff592ce39f520c631a503d90b8abee190d
SHA1 (patch-ag) = 656f9667da542489595d1db65c84579b3dfce279
+SHA1 (patch-ai) = f9f713431b32734398fe770e7600a8c9e6460f89
diff -r c92dafded074 -r c9f1dd0942ae emulators/wine/patches/patch-ai
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/emulators/wine/patches/patch-ai Sat Aug 13 05:32:37 2005 +0000
@@ -0,0 +1,25 @@
+$NetBSD: patch-ai,v 1.4.14.1 2005/08/13 05:32:37 snj Exp $
+
+Fix for SA16352, from Wine CVS.
+
+--- programs/winelauncher.in.orig 2004-06-22 01:56:15.000000000 +0200
++++ programs/winelauncher.in 2005-08-12 16:15:19.000000000 +0200
+@@ -59,8 +59,8 @@
+ if [ $? -ne 0 ] ; then
+ # xmessage not found; make sure the user notices this error
+ # (GUI users wouldn't even notice if we printed the text on console !)
+- MSGFILE=/tmp/WINE_CANNOT_FIND_XMESSAGE
+- cat > $MSGFILE << EOF
++ MSGFILE=`mktemp "/tmp/wine.xmessage.XXXXXX"`
++ cat > $MSGFILE <<EOF
+ Warning:
+ The Wine launcher is unable to find the xmessage program,
+ which it needs to properly notify you of Wine execution status
+@@ -87,6 +87,7 @@
+
+ # ok, we really give up now, this system is hosed ;-)
+ cat $MSGFILE
++ rm $MSGFILE
+ else
+ XMESSAGE="xmessage $COLOR"
+ fi
Home |
Main Index |
Thread Index |
Old Index