[pkgsrc/trunk]: pkgsrc/archivers/gcpio Security fix for CAN-1999-1572.

[salo <salo%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/716310c3bdcb
branches:  trunk
changeset: 490816:716310c3bdcb
user:      salo <salo%pkgsrc.org@localhost>
date:      Sun Mar 20 19:53:09 2005 +0000

description:
Security fix for CAN-1999-1572.

"cpio uses a 0 umask when creating files using the -O (archive) or -F
 options, which creates the files with mode 0666 and allows local users
 to read or overwrite those files."

Patch inspired by Debian.  Bump PKGREVISION.

diffstat:

 archivers/gcpio/Makefile         |   3 ++-
 archivers/gcpio/distinfo         |   3 ++-
 archivers/gcpio/patches/patch-ah |  20 ++++++++++++++++++++
 3 files changed, 24 insertions(+), 2 deletions(-)

diffs (52 lines):

diff -r aa20c2e5cf60 -r 716310c3bdcb archivers/gcpio/Makefile
--- a/archivers/gcpio/Makefile  Sun Mar 20 18:51:04 2005 +0000
+++ b/archivers/gcpio/Makefile  Sun Mar 20 19:53:09 2005 +0000
@@ -1,8 +1,9 @@
-# $NetBSD: Makefile,v 1.22 2004/06/06 21:35:09 minskim Exp $
+# $NetBSD: Makefile,v 1.23 2005/03/20 19:53:09 salo Exp $
 #
 
 DISTNAME=       cpio-2.5
 PKGNAME=       g${DISTNAME}
+PKGREVISION=   1
 CATEGORIES=    archivers
 MASTER_SITES=   ${MASTER_SITE_GNU:=cpio/}
 
diff -r aa20c2e5cf60 -r 716310c3bdcb archivers/gcpio/distinfo
--- a/archivers/gcpio/distinfo  Sun Mar 20 18:51:04 2005 +0000
+++ b/archivers/gcpio/distinfo  Sun Mar 20 19:53:09 2005 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.7 2005/02/23 14:45:23 agc Exp $
+$NetBSD: distinfo,v 1.8 2005/03/20 19:53:09 salo Exp $
 
 SHA1 (cpio-2.5.tar.gz) = d5908ee20484f092e591a430620feec33060528c
 RMD160 (cpio-2.5.tar.gz) = 92ab8152b03eae064f24909d76bad31a331d283d
@@ -10,3 +10,4 @@
 SHA1 (patch-ae) = 5de604f8278756e1ef8d4b72f9cd7638cb0496ab
 SHA1 (patch-af) = d42ed286fa508dc2be2415614412cac8929f19f8
 SHA1 (patch-ag) = aadb8f4fa2ec467905ad83558227dcc244405b3e
+SHA1 (patch-ah) = 6de4e6d3a4965a8dd59929360865c2b0b3b877ca
diff -r aa20c2e5cf60 -r 716310c3bdcb archivers/gcpio/patches/patch-ah
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/archivers/gcpio/patches/patch-ah  Sun Mar 20 19:53:09 2005 +0000
@@ -0,0 +1,20 @@
+$NetBSD: patch-ah,v 1.1 2005/03/20 19:53:09 salo Exp $
+
+--- main.c.orig        2001-12-06 05:54:06.000000000 +0100
++++ main.c     2005-03-20 20:34:33.000000000 +0100
+@@ -512,7 +512,6 @@
+      char *argv[];
+ {
+   program_name = argv[0];
+-  umask (0);
+ 
+ #ifdef __TURBOC__
+   _fmode = O_BINARY;          /* Put stdin and stdout in binary mode.  */
+@@ -523,6 +522,7 @@
+ #endif
+ 
+   process_args (argc, argv);
++  umask (0);
+ 
+   initialize_buffers ();
+