pkgsrc-changes: CVS commit: [pkgsrc-2005Q4] pkgsrc/textproc/antiword

Subject: CVS commit: [pkgsrc-2005Q4] pkgsrc/textproc/antiword
To: None <pkgsrc-changes@NetBSD.org>
From: Soren Jacobsen <snj@netbsd.org>
List: pkgsrc-changes
Date: 01/25/2006 05:44:55

Module Name:	pkgsrc
Committed By:	snj
Date:		Wed Jan 25 05:44:55 UTC 2006

Modified Files:
	pkgsrc/textproc/antiword [pkgsrc-2005Q4]: Makefile distinfo
Added Files:
	pkgsrc/textproc/antiword/patches [pkgsrc-2005Q4]: patch-ab

Log Message:
Pullup ticket 1055 - requested by Lubomir Sedlacik
security fix for antiword

Revisions pulled up:
- pkgsrc/textproc/antiword/Makefile		1.18
- pkgsrc/textproc/antiword/distinfo		1.17
- pkgsrc/textproc/antiword/patches/patch-ab	1.11

   Module Name:    pkgsrc
   Committed By:   salo
   Date:           Mon Jan 23 14:23:56 UTC 2006

   Modified Files:
           pkgsrc/textproc/antiword: Makefile distinfo
   Added Files:
           pkgsrc/textproc/antiword/patches: patch-ab

   Log Message:
   Security fix for CVE-2005-3126:

   "The kantiword script in antiword allow local users to overwrite arbitrary
   files via a symlink attack on temporary output and error files."

   Replace the naive mktemp usage with something that actually works.


To generate a diff of this commit:
cvs rdiff -r1.17 -r1.17.2.1 pkgsrc/textproc/antiword/Makefile
cvs rdiff -r1.16 -r1.16.2.1 pkgsrc/textproc/antiword/distinfo
cvs rdiff -r0 -r1.10.2.1 pkgsrc/textproc/antiword/patches/patch-ab

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.