fix a possible information disclosure (CVE-2006-2442), from Debian

bump PKGREVISION

3 files changed, 26 insertions, 3 deletions

diff --git a/net/kphone/Makefile b/net/kphone/Makefile
index dc4756146b8..9b9b9fb625e 100644
--- a/net/kphone/Makefile
+++ b/net/kphone/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.20 2006/05/22 14:39:44 dsainty Exp $
+# $NetBSD: Makefile,v 1.21 2006/05/22 16:39:00 drochner Exp $
 
 DISTNAME=		kphone-4.2
-PKGREVISION=		3
+PKGREVISION=		4
 CATEGORIES=		net comms
 MASTER_SITES=		http://www.wirlab.net/kphone/
 
diff --git a/net/kphone/distinfo b/net/kphone/distinfo
index d1db90e38df..42dfa32082f 100644
--- a/net/kphone/distinfo
+++ b/net/kphone/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.12 2006/03/08 10:05:52 martin Exp $
+$NetBSD: distinfo,v 1.13 2006/05/22 16:39:00 drochner Exp $
 
 SHA1 (kphone-4.2.tar.gz) = 10c7559b79fb13f42714008cd89a3981f66df2cf
 RMD160 (kphone-4.2.tar.gz) = 6176a97d19fe05741503f5b81dfd21e6130193e1
@@ -15,3 +15,4 @@ SHA1 (patch-ai) = bba9c0f8ab9c34e65b43e283e4d29e78aecd642c
 SHA1 (patch-aj) = 600f96693fcf6f00f0b23a76923cdf0046116936
 SHA1 (patch-ak) = 4c3f498fe64df8dfbb5a93210d3eda8ac08c1f84
 SHA1 (patch-al) = 6c7a4017f8872769271b8660eb5c947620e76fb9
+SHA1 (patch-am) = 8012521be35d3e28a4632e70f0f19d5ff05b1a62
diff --git a/net/kphone/patches/patch-am b/net/kphone/patches/patch-am
new file mode 100644
index 00000000000..8321c3845c8
--- /dev/null
+++ b/net/kphone/patches/patch-am
@@ -0,0 +1,22 @@
+$NetBSD: patch-am,v 1.1 2006/05/22 16:39:00 drochner Exp $
+
+--- kphone/kphone.cpp.orig	2006-05-21 20:05:49.000000000 +0200
++++ kphone/kphone.cpp
+@@ -1,5 +1,8 @@
+ #include <stdio.h>
+ #include <stdlib.h>
++#include <sys/types.h>
++#include <sys/stat.h>
++
+ #include <qtimer.h>
+ #include <qsettings.h>
+ #include <qmenubar.h>
+@@ -32,6 +35,8 @@ KPhone::KPhone( unsigned int listenport,
+ 		userPrefix = "_" + prefix + "_";
+ 	}
+ 	QSettings settings;
++
++	umask(077);
+ 	Sip::setLocalAddress( settings.readEntry(
+ 		"/kphone/dissipate_addr", Sip::getLocalAddress() ) );
+ 	QString socketStr = settings.readEntry( "/kphone/General/SocketMode", "UDP" );