pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/graphics/tuxpaint Add a patch via Debain to address:



details:   https://anonhg.NetBSD.org/pkgsrc/rev/df346f872a6b
branches:  trunk
changeset: 506504:df346f872a6b
user:      adrianp <adrianp%pkgsrc.org@localhost>
date:      Tue Jan 17 22:48:57 2006 +0000

description:
Add a patch via Debain to address:
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3340

"The vulnerability is caused due to temporary files being created insecurely
in the "/tmp" directory by the tuxpaint-import.sh script. This can be exploited
via symlink attacks to create or overwrite arbitrary files with the privileges
of the user running the affected script."

Bump to nb6.

diffstat:

 graphics/tuxpaint/Makefile         |   4 ++--
 graphics/tuxpaint/distinfo         |   3 ++-
 graphics/tuxpaint/patches/patch-ac |  14 ++++++++++++++
 3 files changed, 18 insertions(+), 3 deletions(-)

diffs (45 lines):

diff -r 327fb6db3134 -r df346f872a6b graphics/tuxpaint/Makefile
--- a/graphics/tuxpaint/Makefile        Tue Jan 17 22:46:13 2006 +0000
+++ b/graphics/tuxpaint/Makefile        Tue Jan 17 22:48:57 2006 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.34 2005/12/29 06:21:45 jlam Exp $
+# $NetBSD: Makefile,v 1.35 2006/01/17 22:48:57 adrianp Exp $
 #
 
 DISTNAME=      tuxpaint-0.9.14
-PKGREVISION=   5
+PKGREVISION=   6
 CATEGORIES=    graphics
 MASTER_SITES=  ${MASTER_SITE_SOURCEFORGE:=tuxpaint/} \
                ftp://ftp.sonic.net/pub/users/nbs/unix/x/tuxpaint/source/
diff -r 327fb6db3134 -r df346f872a6b graphics/tuxpaint/distinfo
--- a/graphics/tuxpaint/distinfo        Tue Jan 17 22:46:13 2006 +0000
+++ b/graphics/tuxpaint/distinfo        Tue Jan 17 22:48:57 2006 +0000
@@ -1,7 +1,8 @@
-$NetBSD: distinfo,v 1.17 2005/12/28 04:58:01 reed Exp $
+$NetBSD: distinfo,v 1.18 2006/01/17 22:48:57 adrianp Exp $
 
 SHA1 (tuxpaint-0.9.14.tar.gz) = d899f15ae348413b85e5d0cacf971db2c604b036
 RMD160 (tuxpaint-0.9.14.tar.gz) = b8bbf53eef48d17f8219ae2380e98570f574a326
 Size (tuxpaint-0.9.14.tar.gz) = 3208894 bytes
 SHA1 (patch-aa) = e2a238e16ab643a407f55e4275a5632b5cb023b2
 SHA1 (patch-ab) = 03c1aa47c90cc598081a0bf39eb0606309371d0b
+SHA1 (patch-ac) = cb75efd7b6eb9c3bb6752b4bf1d56fb5dd0fdc58
diff -r 327fb6db3134 -r df346f872a6b graphics/tuxpaint/patches/patch-ac
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/tuxpaint/patches/patch-ac        Tue Jan 17 22:48:57 2006 +0000
@@ -0,0 +1,14 @@
+$NetBSD: patch-ac,v 1.1 2006/01/17 22:48:57 adrianp Exp $
+
+--- src/tuxpaint-import.sh.orig        2003-06-17 10:10:59.000000000 +0100
++++ src/tuxpaint-import.sh
+@@ -12,8 +12,8 @@
+ # September 21, 2002 - June 17, 2003
+ 
+ 
+-TMPDIR=/tmp
+ SAVEDIR=$HOME/.tuxpaint/saved
++TMPDIR=$SAVEDIR
+ 
+ 
+ if [ $# -eq 0 ]; then



Home | Main Index | Thread Index | Old Index