diff options
author | snj <snj@pkgsrc.org> | 2006-03-11 03:48:05 +0000 |
---|---|---|
committer | snj <snj@pkgsrc.org> | 2006-03-11 03:48:05 +0000 |
commit | dd3b85931582601d867363f79dd13bde560d4b75 (patch) | |
tree | 6ab5d9c8a018ea8e9257bf5b2a5889583a368324 | |
parent | aa2f01ff6aea9fab5b4bdcb97ad76484fdef8470 (diff) | |
download | pkgsrc-dd3b85931582601d867363f79dd13bde560d4b75.tar.gz |
Pullup ticket 1203 - requested by Joerg Sonnenberger
security fix for tuxpaint
Revisions pulled up:
- pkgsrc/graphics/tuxpaint/Makefile 1.35
- pkgsrc/graphics/tuxpaint/distinfo 1.18
- pkgsrc/graphics/tuxpaint/patches/patch-ac 1.1
Module Name: pkgsrc
Committed By: adrianp
Date: Tue Jan 17 22:48:57 UTC 2006
Modified Files:
pkgsrc/graphics/tuxpaint: Makefile distinfo
Added Files:
pkgsrc/graphics/tuxpaint/patches: patch-ac
Log Message:
Add a patch via Debain to address:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3340
"The vulnerability is caused due to temporary files being created insecurely
in the "/tmp" directory by the tuxpaint-import.sh script. This can be
exploited via symlink attacks to create or overwrite arbitrary files with
the privileges of the user running the affected script."
Bump to nb6.
-rw-r--r-- | graphics/tuxpaint/Makefile | 4 | ||||
-rw-r--r-- | graphics/tuxpaint/distinfo | 3 | ||||
-rw-r--r-- | graphics/tuxpaint/patches/patch-ac | 14 |
3 files changed, 18 insertions, 3 deletions
diff --git a/graphics/tuxpaint/Makefile b/graphics/tuxpaint/Makefile index 77ddd4ff7d2..a71cffe2391 100644 --- a/graphics/tuxpaint/Makefile +++ b/graphics/tuxpaint/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.33 2005/12/11 09:40:45 wiz Exp $ +# $NetBSD: Makefile,v 1.33.2.1 2006/03/11 03:48:05 snj Exp $ # DISTNAME= tuxpaint-0.9.14 -PKGREVISION= 5 +PKGREVISION= 6 CATEGORIES= graphics MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=tuxpaint/} \ ftp://ftp.sonic.net/pub/users/nbs/unix/x/tuxpaint/source/ diff --git a/graphics/tuxpaint/distinfo b/graphics/tuxpaint/distinfo index 81c999c382a..86fed650a34 100644 --- a/graphics/tuxpaint/distinfo +++ b/graphics/tuxpaint/distinfo @@ -1,7 +1,8 @@ -$NetBSD: distinfo,v 1.16 2005/02/24 08:45:13 agc Exp $ +$NetBSD: distinfo,v 1.16.8.1 2006/03/11 03:48:05 snj Exp $ SHA1 (tuxpaint-0.9.14.tar.gz) = d899f15ae348413b85e5d0cacf971db2c604b036 RMD160 (tuxpaint-0.9.14.tar.gz) = b8bbf53eef48d17f8219ae2380e98570f574a326 Size (tuxpaint-0.9.14.tar.gz) = 3208894 bytes SHA1 (patch-aa) = 1319f4cfab14cf1d5f592ab1c615f03b4fbd76ac SHA1 (patch-ab) = 03c1aa47c90cc598081a0bf39eb0606309371d0b +SHA1 (patch-ac) = cb75efd7b6eb9c3bb6752b4bf1d56fb5dd0fdc58 diff --git a/graphics/tuxpaint/patches/patch-ac b/graphics/tuxpaint/patches/patch-ac new file mode 100644 index 00000000000..d46065e3916 --- /dev/null +++ b/graphics/tuxpaint/patches/patch-ac @@ -0,0 +1,14 @@ +$NetBSD: patch-ac,v 1.1.2.2 2006/03/11 03:48:05 snj Exp $ + +--- src/tuxpaint-import.sh.orig 2003-06-17 10:10:59.000000000 +0100 ++++ src/tuxpaint-import.sh +@@ -12,8 +12,8 @@ + # September 21, 2002 - June 17, 2003 + + +-TMPDIR=/tmp + SAVEDIR=$HOME/.tuxpaint/saved ++TMPDIR=$SAVEDIR + + + if [ $# -eq 0 ]; then |