diff options
| author | tonnerre <tonnerre> | 2008-06-04 22:10:11 +0000 |
|---|---|---|
| committer | tonnerre <tonnerre> | 2008-06-04 22:10:11 +0000 |
| commit | d56f4c9b5c970ded20f16061107eb3af3b51187e (patch) | |
| tree | 61a1679e2b36bc5b29ed08d6d2328213d4b82464 | |
| parent | 4bea7ac90f72893008732662e757ffd4a79bdd7c (diff) | |
| download | pkgsrc-d56f4c9b5c970ded20f16061107eb3af3b51187e.tar.gz | |
Stop po4a from writing files with known names into world-writable directories.
Fixes CVE-2007-4462.
| -rw-r--r-- | textproc/po4a/Makefile | 4 | ||||
| -rw-r--r-- | textproc/po4a/distinfo | 3 | ||||
| -rw-r--r-- | textproc/po4a/patches/patch-ab | 21 |
3 files changed, 25 insertions, 3 deletions
diff --git a/textproc/po4a/Makefile b/textproc/po4a/Makefile index b5ab72df6cd..1bdcc562d62 100644 --- a/textproc/po4a/Makefile +++ b/textproc/po4a/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.9 2007/07/25 17:13:58 he Exp $ +# $NetBSD: Makefile,v 1.10 2008/06/04 22:10:11 tonnerre Exp $ # DISTNAME= po4a-0.23 -PKGREVISION= 3 +PKGREVISION= 4 CATEGORIES= textproc MASTER_SITES= http://alioth.debian.org/download.php/1317/ diff --git a/textproc/po4a/distinfo b/textproc/po4a/distinfo index 29ccc1b6490..a529c3a6a29 100644 --- a/textproc/po4a/distinfo +++ b/textproc/po4a/distinfo @@ -1,6 +1,7 @@ -$NetBSD: distinfo,v 1.1.1.1 2006/01/13 18:21:56 wiz Exp $ +$NetBSD: distinfo,v 1.2 2008/06/04 22:10:11 tonnerre Exp $ SHA1 (po4a-0.23.tar.gz) = 749a7823c976befc6a84d443ef7225bd41477b59 RMD160 (po4a-0.23.tar.gz) = 79174c0ed576ac793495be7addb407d919f3daf9 Size (po4a-0.23.tar.gz) = 736399 bytes SHA1 (patch-aa) = 501a5fc0265d06285c13f3501793ad2a92c95081 +SHA1 (patch-ab) = 3c3745e57464e8ed2c5389f2490bbb28d400026d diff --git a/textproc/po4a/patches/patch-ab b/textproc/po4a/patches/patch-ab new file mode 100644 index 00000000000..4d9aa1c6618 --- /dev/null +++ b/textproc/po4a/patches/patch-ab @@ -0,0 +1,21 @@ +$NetBSD: patch-ab,v 1.1 2008/06/04 22:10:11 tonnerre Exp $ + +--- lib/Locale/Po4a/Po.pm.orig 2005-12-09 18:24:46.000000000 +0100 ++++ lib/Locale/Po4a/Po.pm +@@ -426,14 +426,14 @@ sub gettextize { + # Make sure both type are the same + # + if ($typeorig ne $typetrans){ +- $pores->write("/tmp/gettextization.failed.po"); ++ $pores->write("gettextization.failed.po"); + die wrap_msg(dgettext("po4a", + "po4a gettextization: Structure disparity between original and translated files:\n". + "msgid (at %s) is of type '%s' while\n". + "msgstr (at %s) is of type '%s'.\n". + "Original text: %s\n". + "Translated text: %s\n". +- "(result so far dumped to /tmp/gettextization.failed.po)")."%s", ++ "(result so far dumped to gettextization.failed.po)")."%s", + $reforig, $typeorig, $reftrans, $typetrans, $orig, $trans,$toobad); + } + |