pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/graphics/tuxpaint Add a patch via Debain to address:
details: https://anonhg.NetBSD.org/pkgsrc/rev/df346f872a6b
branches: trunk
changeset: 506504:df346f872a6b
user: adrianp <adrianp%pkgsrc.org@localhost>
date: Tue Jan 17 22:48:57 2006 +0000
description:
Add a patch via Debain to address:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3340
"The vulnerability is caused due to temporary files being created insecurely
in the "/tmp" directory by the tuxpaint-import.sh script. This can be exploited
via symlink attacks to create or overwrite arbitrary files with the privileges
of the user running the affected script."
Bump to nb6.
diffstat:
graphics/tuxpaint/Makefile | 4 ++--
graphics/tuxpaint/distinfo | 3 ++-
graphics/tuxpaint/patches/patch-ac | 14 ++++++++++++++
3 files changed, 18 insertions(+), 3 deletions(-)
diffs (45 lines):
diff -r 327fb6db3134 -r df346f872a6b graphics/tuxpaint/Makefile
--- a/graphics/tuxpaint/Makefile Tue Jan 17 22:46:13 2006 +0000
+++ b/graphics/tuxpaint/Makefile Tue Jan 17 22:48:57 2006 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.34 2005/12/29 06:21:45 jlam Exp $
+# $NetBSD: Makefile,v 1.35 2006/01/17 22:48:57 adrianp Exp $
#
DISTNAME= tuxpaint-0.9.14
-PKGREVISION= 5
+PKGREVISION= 6
CATEGORIES= graphics
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=tuxpaint/} \
ftp://ftp.sonic.net/pub/users/nbs/unix/x/tuxpaint/source/
diff -r 327fb6db3134 -r df346f872a6b graphics/tuxpaint/distinfo
--- a/graphics/tuxpaint/distinfo Tue Jan 17 22:46:13 2006 +0000
+++ b/graphics/tuxpaint/distinfo Tue Jan 17 22:48:57 2006 +0000
@@ -1,7 +1,8 @@
-$NetBSD: distinfo,v 1.17 2005/12/28 04:58:01 reed Exp $
+$NetBSD: distinfo,v 1.18 2006/01/17 22:48:57 adrianp Exp $
SHA1 (tuxpaint-0.9.14.tar.gz) = d899f15ae348413b85e5d0cacf971db2c604b036
RMD160 (tuxpaint-0.9.14.tar.gz) = b8bbf53eef48d17f8219ae2380e98570f574a326
Size (tuxpaint-0.9.14.tar.gz) = 3208894 bytes
SHA1 (patch-aa) = e2a238e16ab643a407f55e4275a5632b5cb023b2
SHA1 (patch-ab) = 03c1aa47c90cc598081a0bf39eb0606309371d0b
+SHA1 (patch-ac) = cb75efd7b6eb9c3bb6752b4bf1d56fb5dd0fdc58
diff -r 327fb6db3134 -r df346f872a6b graphics/tuxpaint/patches/patch-ac
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/tuxpaint/patches/patch-ac Tue Jan 17 22:48:57 2006 +0000
@@ -0,0 +1,14 @@
+$NetBSD: patch-ac,v 1.1 2006/01/17 22:48:57 adrianp Exp $
+
+--- src/tuxpaint-import.sh.orig 2003-06-17 10:10:59.000000000 +0100
++++ src/tuxpaint-import.sh
+@@ -12,8 +12,8 @@
+ # September 21, 2002 - June 17, 2003
+
+
+-TMPDIR=/tmp
+ SAVEDIR=$HOME/.tuxpaint/saved
++TMPDIR=$SAVEDIR
+
+
+ if [ $# -eq 0 ]; then
Home |
Main Index |
Thread Index |
Old Index