pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/devel/gtexinfo Security fix for CAN-2005-3011:
details: https://anonhg.NetBSD.org/pkgsrc/rev/eb53acc03f77
branches: trunk
changeset: 500563:eb53acc03f77
user: salo <salo%pkgsrc.org@localhost>
date: Mon Oct 10 15:14:49 2005 +0000
description:
Security fix for CAN-2005-3011:
"texindex in texinfo 4.8 and earlier allows local users to overwrite arbitrary
files via a symlink attack on temporary files."
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3011
Patch from Ubuntu.
diffstat:
devel/gtexinfo/Makefile | 3 ++-
devel/gtexinfo/distinfo | 3 ++-
devel/gtexinfo/patches/patch-al | 34 ++++++++++++++++++++++++++++++++++
3 files changed, 38 insertions(+), 2 deletions(-)
diffs (65 lines):
diff -r 476cfb5d82eb -r eb53acc03f77 devel/gtexinfo/Makefile
--- a/devel/gtexinfo/Makefile Mon Oct 10 15:13:58 2005 +0000
+++ b/devel/gtexinfo/Makefile Mon Oct 10 15:14:49 2005 +0000
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.57 2005/04/11 21:45:24 tv Exp $
+# $NetBSD: Makefile,v 1.58 2005/10/10 15:14:49 salo Exp $
DISTNAME= texinfo-4.8
PKGNAME= g${DISTNAME}
+PKGREVISION= 1
CATEGORIES= devel
MASTER_SITES= ${MASTER_SITE_GNU:=texinfo/}
EXTRACT_SUFX= .tar.bz2
diff -r 476cfb5d82eb -r eb53acc03f77 devel/gtexinfo/distinfo
--- a/devel/gtexinfo/distinfo Mon Oct 10 15:13:58 2005 +0000
+++ b/devel/gtexinfo/distinfo Mon Oct 10 15:14:49 2005 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.21 2005/02/28 13:06:46 wiz Exp $
+$NetBSD: distinfo,v 1.22 2005/10/10 15:14:49 salo Exp $
SHA1 (texinfo-4.8.tar.bz2) = b19e906f7220294c1e8b087d583c50f5c4d7c420
RMD160 (texinfo-4.8.tar.bz2) = 5cb82cd240d1f22da813c7142df8828b4f6f1ea4
@@ -9,3 +9,4 @@
SHA1 (patch-ad) = c5c3374322eb8a2c8dfc7871971b73194ab1b14c
SHA1 (patch-aj) = d9071c62c993550d253c9e1889880d4fccf7d278
SHA1 (patch-ak) = 2cef2ae464ddb5324acae000420017d4faf7b145
+SHA1 (patch-al) = 5d50cfe1c783b91d5983e67e8fe8a33a0476b531
diff -r 476cfb5d82eb -r eb53acc03f77 devel/gtexinfo/patches/patch-al
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/devel/gtexinfo/patches/patch-al Mon Oct 10 15:14:49 2005 +0000
@@ -0,0 +1,34 @@
+$NetBSD: patch-al,v 1.1 2005/10/10 15:14:49 salo Exp $
+
+Security fix for CAN-2005-3011, from Ubuntu.
+
+--- util/texindex.c.orig 2004-04-11 19:56:47.000000000 +0200
++++ util/texindex.c 2005-10-10 16:46:44.000000000 +0200
+@@ -390,11 +390,12 @@
+ maketempname (int count)
+ {
+ static char *tempbase = NULL;
++ char *tempname;
+ char tempsuffix[10];
++ int fd;
+
+ if (!tempbase)
+ {
+- int fd;
+ tempbase = concat (tempdir, "txidxXXXXXX");
+
+ fd = mkstemp (tempbase);
+@@ -403,7 +404,12 @@
+ }
+
+ sprintf (tempsuffix, ".%d", count);
+- return concat (tempbase, tempsuffix);
++ tempname = concat (tempbase, tempsuffix);
++ fd = open (tempname, O_CREAT|O_EXCL|O_WRONLY, 0600);
++ if (fd == -1)
++ pfatal_with_name (tempname);
++ close (fd);
++ return tempname;
+ }
+
+
Home |
Main Index |
Thread Index |
Old Index