diff options
| author | tonnerre <tonnerre@pkgsrc.org> | 2008-07-13 18:22:01 +0000 |
|---|---|---|
| committer | tonnerre <tonnerre@pkgsrc.org> | 2008-07-13 18:22:01 +0000 |
| commit | 31a3e0d33ef018166c175c06ec1b680fd8cccce8 (patch) | |
| tree | 797adee0d3752f9c3d0c7958e7653a4a36b083d1 | |
| parent | 8ced111013a7984e261b3cc78e97ae402b849c2c (diff) | |
| download | pkgsrc-31a3e0d33ef018166c175c06ec1b680fd8cccce8.tar.gz | |
Fix an insecure temp file creation vulnerability in zsh's difflog.pl
(CVE-2007-6209).
| -rw-r--r-- | shells/zsh/Makefile | 3 | ||||
| -rw-r--r-- | shells/zsh/Makefile.common | 4 | ||||
| -rw-r--r-- | shells/zsh/distinfo | 3 | ||||
| -rw-r--r-- | shells/zsh/patches/patch-aa | 20 |
4 files changed, 27 insertions, 3 deletions
diff --git a/shells/zsh/Makefile b/shells/zsh/Makefile index 1984a2784b2..9578ecb1e3d 100644 --- a/shells/zsh/Makefile +++ b/shells/zsh/Makefile @@ -1,8 +1,9 @@ -# $NetBSD: Makefile,v 1.51 2005/12/07 03:00:50 uebayasi Exp $ +# $NetBSD: Makefile,v 1.52 2008/07/13 18:22:01 tonnerre Exp $ .include "../../shells/zsh/Makefile.common" ZSH_VERSION= 4.2.6 ZSH_MAINTAINER= uebayasi@NetBSD.org +PKGREVISION= 1 .include "../../mk/bsd.pkg.mk" diff --git a/shells/zsh/Makefile.common b/shells/zsh/Makefile.common index 8b17f3cc454..a16f812d633 100644 --- a/shells/zsh/Makefile.common +++ b/shells/zsh/Makefile.common @@ -1,4 +1,4 @@ -# $NetBSD: Makefile.common,v 1.46 2008/07/03 09:07:26 uebayasi Exp $ +# $NetBSD: Makefile.common,v 1.47 2008/07/13 18:22:01 tonnerre Exp $ DISTNAME= zsh-${ZSH_VERSION} CATEGORIES= shells @@ -23,6 +23,8 @@ USE_TOOLS+= makeinfo INFO_FILES= # PLIST TEXINFO_REQD= 4.0 +DEPENDS+= p5-File-Temp-[0-9]*:../../devel/p5-File-Temp + PKG_INSTALLATION_TYPES= overwrite pkgviews .include "../../mk/bsd.prefs.mk" diff --git a/shells/zsh/distinfo b/shells/zsh/distinfo index e52ee9a80fd..f01105b58dc 100644 --- a/shells/zsh/distinfo +++ b/shells/zsh/distinfo @@ -1,8 +1,9 @@ -$NetBSD: distinfo,v 1.26 2006/04/07 15:28:49 jlam Exp $ +$NetBSD: distinfo,v 1.27 2008/07/13 18:22:01 tonnerre Exp $ SHA1 (zsh-4.2.6.tar.bz2) = e00c3eda3f52c9514bb625bb56e4480358170d39 RMD160 (zsh-4.2.6.tar.bz2) = e4400fc6311bf6996128ecf7899592d6d8cdb310 Size (zsh-4.2.6.tar.bz2) = 2098671 bytes +SHA1 (patch-aa) = 15f9d45ea98f89945ca274fc5b0298fa9397f89d SHA1 (patch-ab) = 815de90c379035dbc02b251cee148f6df47f9a65 SHA1 (patch-ac) = 965b56e5ae39d6523416752c1390f01315c5d758 SHA1 (patch-ae) = 7d4514d0bad6553d3c0cf115874bf50ed0da3d48 diff --git a/shells/zsh/patches/patch-aa b/shells/zsh/patches/patch-aa new file mode 100644 index 00000000000..40ed01d4823 --- /dev/null +++ b/shells/zsh/patches/patch-aa @@ -0,0 +1,20 @@ +$NetBSD: patch-aa,v 1.7 2008/07/13 18:22:01 tonnerre Exp $ + +--- Util/difflog.pl.orig 2002-04-18 16:35:17.000000000 +0200 ++++ Util/difflog.pl +@@ -2,10 +2,13 @@ + + use strict; + use IO::File; ++use File::Temp; + + my @differ = qw(diff -bw); +-my $oldtmp = "/tmp/difflog$$.old"; +-my $newtmp = "/tmp/difflog$$.new"; ++my $oldf = new File::Temp(TEMPLATE => 'difflogXXXXX', DIR => '/tmp/', SUFFIX => '.old'); ++my $newf = new File::Temp(TEMPLATE => 'difflogXXXXX', DIR => '/tmp/', SUFFIX => '.new'); ++my $oldtmp = $oldf->filename; ++my $newtmp = $newf->filename; + + my $newfn = pop(@ARGV); + my $oldfn = pop(@ARGV); |