[pkgsrc/trunk]: pkgsrc/cad/gnetlist Address privilege-escalation vulnerabilit...

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/trunk]: pkgsrc/cad/gnetlist Address privilege-escalation vulnerabilit...
From: dmcmahill <dmcmahill%pkgsrc.org@localhost>
Date: Thu, 14 Oct 2021 06:57:47 +0000

details:   https://anonhg.NetBSD.org/pkgsrc/rev/63da9ff9fa1f
branches:  trunk
changeset: 550838:63da9ff9fa1f
user:      dmcmahill <dmcmahill%pkgsrc.org@localhost>
date:      Sun Nov 30 23:48:00 2008 +0000

description:
Address privilege-escalation vulnerability (http://secunia.com/advisories/32806/)
due to insecure temp file usage.

Bump pkgrev.

diffstat:

 cad/gnetlist/Makefile         |   3 +-
 cad/gnetlist/distinfo         |   4 +-
 cad/gnetlist/patches/patch-aa |  76 +++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 80 insertions(+), 3 deletions(-)

diffs (106 lines):

diff -r fa813950ee77 -r 63da9ff9fa1f cad/gnetlist/Makefile
--- a/cad/gnetlist/Makefile     Sun Nov 30 22:25:01 2008 +0000
+++ b/cad/gnetlist/Makefile     Sun Nov 30 23:48:00 2008 +0000
@@ -1,8 +1,9 @@
-# $NetBSD: Makefile,v 1.45 2008/06/20 01:09:08 joerg Exp $
+# $NetBSD: Makefile,v 1.46 2008/11/30 23:48:00 dmcmahill Exp $
 #
 
 DISTNAME=              geda-gnetlist-${PKGVERSION}
 PKGNAME=               gnetlist-${PKGVERSION}
+PKGREVISION=           1
 CATEGORIES=            cad
 
 MAINTAINER=            dmcmahill%NetBSD.org@localhost
diff -r fa813950ee77 -r 63da9ff9fa1f cad/gnetlist/distinfo
--- a/cad/gnetlist/distinfo     Sun Nov 30 22:25:01 2008 +0000
+++ b/cad/gnetlist/distinfo     Sun Nov 30 23:48:00 2008 +0000
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.24 2008/02/01 02:34:23 dmcmahill Exp $
+$NetBSD: distinfo,v 1.25 2008/11/30 23:48:00 dmcmahill Exp $
 
 SHA1 (geda/geda-gnetlist-1.4.0.tar.gz) = 494e4d9f323a935f6a858138101b5bed6788ce2f
 RMD160 (geda/geda-gnetlist-1.4.0.tar.gz) = 4e2c295ae6033da05cdffd62c28c41c4a5443843
 Size (geda/geda-gnetlist-1.4.0.tar.gz) = 402250 bytes
-SHA1 (patch-aa) = 1fdc681538545f5712a423bc62b1ce89fbc7ff4c
+SHA1 (patch-aa) = ce30c3a2d6541cc1e4c8b3762bbd1076d3748eb3
diff -r fa813950ee77 -r 63da9ff9fa1f cad/gnetlist/patches/patch-aa
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/cad/gnetlist/patches/patch-aa     Sun Nov 30 23:48:00 2008 +0000
@@ -0,0 +1,76 @@
+$NetBSD: patch-aa,v 1.13 2008/11/30 23:48:00 dmcmahill Exp $
+
+Address privilege-escalation vulnerability (http://secunia.com/advisories/32806/)
+due to insecure temp file usage.
+
+Patch from upstream sources.
+--- scripts/sch2eaglepos.sh.orig       2007-12-30 02:49:04.000000000 +0000
++++ scripts/sch2eaglepos.sh
+@@ -1,17 +1,23 @@
+-#!/bin/bash
++#!/bin/sh
+ # By Braddock Gaskill (braddock%braddock.com@localhost), August 2004.  This
+ # software is hereby declared to be in the public domain by Braddock
+ # Gaskill, the author.
+ FNAME="$1"
+ if [ -z "$FNAME" ]; then
+-    echo "$0 <inputfile.sch>"
+-    echo "This script will read a gschem schematic and attempt to
+-    extract the relative positions of the components in the schematic,
+-    and generate corresponding MOVE instructions for Eagle.  You will
+-    likely have to adjust XOFFSET, YOFFSET, XSCAL, and YSCALE at the
+-    top of the script to obtain usable positions."
+-    echo "By Braddock Gaskill (braddock%braddock.com@localhost), August 2004"
+-    exit -1;
++    cat << EOF
++
++$0 <inputfile.sch>
++
++This script will read a gschem schematic and attempt to
++extract the relative positions of the components in the schematic,
++and generate corresponding MOVE instructions for Eagle.  You will
++likely have to adjust XOFFSET, YOFFSET, XSCAL, and YSCALE at the
++top of the script to obtain usable positions.
++
++By Braddock Gaskill (braddock%braddock.com@localhost), August 2004
++
++EOF
++    exit -1
+ fi
+ XOFFSET=40000
+ YOFFSET=33000
+@@ -20,10 +26,24 @@ YOFFSET=33000
+ XSCALE=9000
+ YSCALE=9000
+ 
+-TMP=/tmp/$$
+-grep -B1 refdes= "$FNAME" |sed 's/=/ /' | cut -d" " -f2,3 |grep -v '^--' >/tmp/$$
++tmpdir=/tmp/$$
++mkdir -m 0700 -p $tmpdir
++rc=$?
++if test $rc -ne 0 ; then
++      cat << EOF
++
++$0: ERROR -- Failed to create $tmpdir with 0700 permissions.  mkdir returned $rc.
+ 
+-3<$TMP
++Make sure that $tmpdir does not already exist and that you have permissions to 
++create it.
++
++EOF
++      exit 1
++fi
++tmpf=${tmpdir}/tmpf
++grep -B1 refdes= "$FNAME" |sed 's/=/ /' | cut -d" " -f2,3 |grep -v '^--' >${tmpf}
++
++3<$tmpf
+ while read -u 3; do
+     # the directory on the client to backup
+     X=`echo $REPLY | cut -d' ' -f1`
+@@ -34,4 +54,5 @@ while read -u 3; do
+     Y=`echo "scale=5; ($Y - $YOFFSET) / $YSCALE" |bc`
+     echo "MOVE '$PART' ($X $Y);"
+ done
+-rm "$TMP"
++rm -fr "${tmpdir}"
++

Prev by Date: [pkgsrc/trunk]: pkgsrc/net/msdl Update msdl to 1.2.3.
Next by Date: [pkgsrc/trunk]: pkgsrc/doc Updated sysutils/hal to 0.5.11nb11
Previous by Thread: [pkgsrc/trunk]: pkgsrc/net/msdl Update msdl to 1.2.3.
Next by Thread: [pkgsrc/trunk]: pkgsrc/doc Updated sysutils/hal to 0.5.11nb11
Indexes:

Home | Main Index | Thread Index | Old Index