pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2006Q3]: pkgsrc/mail/mutt-devel Pullup ticket 1954 - requested...
details: https://anonhg.NetBSD.org/pkgsrc/rev/24a92cb9682e
branches: pkgsrc-2006Q3
changeset: 519257:24a92cb9682e
user: ghen <ghen%pkgsrc.org@localhost>
date: Mon Dec 11 14:07:43 2006 +0000
description:
Pullup ticket 1954 - requested by salo
security fix for mutt-devel
- pkgsrc/mail/mutt-devel/Makefile 1.53,1.55
- pkgsrc/mail/mutt-devel/distinfo 1.35,1.36
- pkgsrc/mail/mutt-devel/patches/patch-ae 1.7,1.8
Module Name: pkgsrc
Committed By: tonio
Date: Fri Nov 3 18:19:07 UTC 2006
Modified Files:
pkgsrc/mail/mutt-devel: Makefile distinfo
Added Files:
pkgsrc/mail/mutt-devel/patches: patch-ae
Log Message:
Make sure that a temporary has been opened with proper permissions.
Fixes the security problem reported in CVE-2006-5298.
Patch from tron@ for the mail/mutt package
---
Module Name: pkgsrc
Committed By: salo
Date: Mon Dec 11 12:47:13 UTC 2006
Modified Files:
pkgsrc/mail/mutt-devel: Makefile distinfo
pkgsrc/mail/mutt-devel/patches: patch-ae
Log Message:
Use official upstream patch for CVE-2006-5297 and CVE-2006-5298 security
issues from mutt GIT repo. Bump PKGREVISION.
diffstat:
mail/mutt-devel/Makefile | 3 +-
mail/mutt-devel/distinfo | 3 +-
mail/mutt-devel/patches/patch-ae | 91 ++++++++++++++++++++++++++++++++++++++++
3 files changed, 95 insertions(+), 2 deletions(-)
diffs (124 lines):
diff -r 97e4a99031a0 -r 24a92cb9682e mail/mutt-devel/Makefile
--- a/mail/mutt-devel/Makefile Mon Dec 11 13:55:22 2006 +0000
+++ b/mail/mutt-devel/Makefile Mon Dec 11 14:07:43 2006 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.52 2006/08/16 10:42:05 tonio Exp $
+# $NetBSD: Makefile,v 1.52.2.1 2006/12/11 14:07:43 ghen Exp $
DISTNAME= mutt-1.5.13
+PKGREVISION= 2
CATEGORIES= mail
MUTT_SITES= ftp://ftp.mutt.org/mutt/ \
ftp://ftp.stealth.net/pub/mirrors/ftp.mutt.org/pub/mutt/ \
diff -r 97e4a99031a0 -r 24a92cb9682e mail/mutt-devel/distinfo
--- a/mail/mutt-devel/distinfo Mon Dec 11 13:55:22 2006 +0000
+++ b/mail/mutt-devel/distinfo Mon Dec 11 14:07:43 2006 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.34 2006/08/19 18:43:02 tonio Exp $
+$NetBSD: distinfo,v 1.34.2.1 2006/12/11 14:07:43 ghen Exp $
SHA1 (mutt-1.5.13.tar.gz) = 6d5b88d33e1727bf0342c31f06d55d7a3d2d4e0a
RMD160 (mutt-1.5.13.tar.gz) = 9327b7f928aad78a20c2395629113ac2519bb945
@@ -10,6 +10,7 @@
SHA1 (patch-ab) = 67e0deb5af56830397d897979ac806f9c16fdbda
SHA1 (patch-ac) = b48ff9f66ff2b483b5aa0c312e08bd22c7cf03be
SHA1 (patch-ad) = ecfa994c7c5e494b6eb7356327b96de6559146fc
+SHA1 (patch-ae) = 1ff6efde4e7d380008c466800d6164b51a4b3414
SHA1 (patch-ag) = 84637d95fa9aa0cf58a6e6b2c82b783efa21cf66
SHA1 (patch-ah) = 4227c5768b900e58fa4a679e6ad67efc974a70b5
SHA1 (patch-ai) = 7d9883198a22615fb1792a41fce3ee9821f48f08
diff -r 97e4a99031a0 -r 24a92cb9682e mail/mutt-devel/patches/patch-ae
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/mail/mutt-devel/patches/patch-ae Mon Dec 11 14:07:43 2006 +0000
@@ -0,0 +1,91 @@
+$NetBSD: patch-ae,v 1.6.2.1 2006/12/11 14:07:43 ghen Exp $
+
+Security fixes for CVE-2006-5297 and CVE-2006-5298, from mutt git.
+
+--- lib.c.orig 2006-05-18 20:44:29.000000000 +0200
++++ lib.c 2006-12-11 13:39:27.000000000 +0100
+@@ -481,13 +481,84 @@ int safe_rename (const char *src, const
+ return 0;
+ }
+
++/* Create a temporary directory next to a file name */
++
++int mutt_mkwrapdir (const char *path, char *newfile, size_t nflen,
++ char *newdir, size_t ndlen)
++{
++ const char *basename;
++ char parent[_POSIX_PATH_MAX];
++ char *p;
++ int rv;
++
++ strfcpy (parent, NONULL (path), sizeof (parent));
++
++ if ((p = strrchr (parent, '/')))
++ {
++ *p = '\0';
++ basename = p + 1;
++ }
++ else
++ {
++ strfcpy (parent, ".", sizeof (parent));
++ basename = path;
++ }
++
++ do
++ {
++ snprintf (newdir, ndlen, "%s/%s", parent, ".muttXXXXXX");
++ mktemp (newdir);
++ }
++ while ((rv = mkdir (newdir, 0700)) == -1 && errno == EEXIST);
++
++ if (rv == -1)
++ return -1;
++
++ snprintf (newfile, nflen, "%s/%s", newdir, NONULL(basename));
++ return 0;
++}
++
++int mutt_put_file_in_place (const char *path, const char *safe_file, const char *safe_dir)
++{
++ int rv;
++
++ rv = safe_rename (safe_file, path);
++ unlink (safe_file);
++ rmdir (safe_dir);
++ return rv;
++}
++
+ int safe_open (const char *path, int flags)
+ {
+ struct stat osb, nsb;
+ int fd;
+
++ if (flags & O_EXCL)
++ {
++ char safe_file[_POSIX_PATH_MAX];
++ char safe_dir[_POSIX_PATH_MAX];
++
++ if (mutt_mkwrapdir (path, safe_file, sizeof (safe_file),
++ safe_dir, sizeof (safe_dir)) == -1)
++ return -1;
++
++ if ((fd = open (safe_file, flags, 0600)) < 0)
++ {
++ rmdir (safe_dir);
++ return fd;
++ }
++
++ if (mutt_put_file_in_place (path, safe_file, safe_dir) == -1)
++ {
++ close (fd);
++ return -1;
++ }
++ }
++ else
++ {
+ if ((fd = open (path, flags, 0600)) < 0)
+ return fd;
++ }
+
+ /* make sure the file is not symlink */
+ if (lstat (path, &osb) < 0 || fstat (fd, &nsb) < 0 ||
Home |
Main Index |
Thread Index |
Old Index