pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/devel/gtexinfo Security fix for CAN-2005-3011:



details:   https://anonhg.NetBSD.org/pkgsrc/rev/eb53acc03f77
branches:  trunk
changeset: 500563:eb53acc03f77
user:      salo <salo%pkgsrc.org@localhost>
date:      Mon Oct 10 15:14:49 2005 +0000

description:
Security fix for CAN-2005-3011:

"texindex in texinfo 4.8 and earlier allows local users to overwrite arbitrary
files via a symlink attack on temporary files."

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3011

Patch from Ubuntu.

diffstat:

 devel/gtexinfo/Makefile         |   3 ++-
 devel/gtexinfo/distinfo         |   3 ++-
 devel/gtexinfo/patches/patch-al |  34 ++++++++++++++++++++++++++++++++++
 3 files changed, 38 insertions(+), 2 deletions(-)

diffs (65 lines):

diff -r 476cfb5d82eb -r eb53acc03f77 devel/gtexinfo/Makefile
--- a/devel/gtexinfo/Makefile   Mon Oct 10 15:13:58 2005 +0000
+++ b/devel/gtexinfo/Makefile   Mon Oct 10 15:14:49 2005 +0000
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.57 2005/04/11 21:45:24 tv Exp $
+# $NetBSD: Makefile,v 1.58 2005/10/10 15:14:49 salo Exp $
 
 DISTNAME=              texinfo-4.8
 PKGNAME=               g${DISTNAME}
+PKGREVISION=           1
 CATEGORIES=            devel
 MASTER_SITES=          ${MASTER_SITE_GNU:=texinfo/}
 EXTRACT_SUFX=          .tar.bz2
diff -r 476cfb5d82eb -r eb53acc03f77 devel/gtexinfo/distinfo
--- a/devel/gtexinfo/distinfo   Mon Oct 10 15:13:58 2005 +0000
+++ b/devel/gtexinfo/distinfo   Mon Oct 10 15:14:49 2005 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.21 2005/02/28 13:06:46 wiz Exp $
+$NetBSD: distinfo,v 1.22 2005/10/10 15:14:49 salo Exp $
 
 SHA1 (texinfo-4.8.tar.bz2) = b19e906f7220294c1e8b087d583c50f5c4d7c420
 RMD160 (texinfo-4.8.tar.bz2) = 5cb82cd240d1f22da813c7142df8828b4f6f1ea4
@@ -9,3 +9,4 @@
 SHA1 (patch-ad) = c5c3374322eb8a2c8dfc7871971b73194ab1b14c
 SHA1 (patch-aj) = d9071c62c993550d253c9e1889880d4fccf7d278
 SHA1 (patch-ak) = 2cef2ae464ddb5324acae000420017d4faf7b145
+SHA1 (patch-al) = 5d50cfe1c783b91d5983e67e8fe8a33a0476b531
diff -r 476cfb5d82eb -r eb53acc03f77 devel/gtexinfo/patches/patch-al
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/devel/gtexinfo/patches/patch-al   Mon Oct 10 15:14:49 2005 +0000
@@ -0,0 +1,34 @@
+$NetBSD: patch-al,v 1.1 2005/10/10 15:14:49 salo Exp $
+
+Security fix for CAN-2005-3011, from Ubuntu.
+
+--- util/texindex.c.orig       2004-04-11 19:56:47.000000000 +0200
++++ util/texindex.c    2005-10-10 16:46:44.000000000 +0200
+@@ -390,11 +390,12 @@
+ maketempname (int count)
+ {
+   static char *tempbase = NULL;
++  char *tempname;
+   char tempsuffix[10];
++  int fd;
+ 
+   if (!tempbase)
+     {
+-      int fd;
+       tempbase = concat (tempdir, "txidxXXXXXX");
+ 
+       fd = mkstemp (tempbase);
+@@ -403,7 +404,12 @@
+     }
+ 
+   sprintf (tempsuffix, ".%d", count);
+-  return concat (tempbase, tempsuffix);
++  tempname = concat (tempbase, tempsuffix);
++  fd = open (tempname, O_CREAT|O_EXCL|O_WRONLY, 0600);
++  if (fd == -1)
++    pfatal_with_name (tempname);
++  close (fd);
++  return tempname;
+ }
+ 
+ 



Home | Main Index | Thread Index | Old Index