diff options
| author | snj <snj> | 2005-10-08 06:27:21 +0000 |
|---|---|---|
| committer | snj <snj> | 2005-10-08 06:27:21 +0000 |
| commit | 511ef73197b35500cada670ac9c24c378df7beb0 (patch) | |
| tree | b527d5aea4944d07534e10834c81f75048ba1a96 /archivers | |
| parent | c76941240bc25c88a1ed89ecd15211291ac0cc9f (diff) | |
| download | pkgsrc-511ef73197b35500cada670ac9c24c378df7beb0.tar.gz | |
Pullup ticket 810 - requested by Lubomir Sedlacik
security fix for arc
Revisions pulled up:
- pkgsrc/archivers/arc/Makefile 1.24
- pkgsrc/archivers/arc/distinfo 1.9
- pkgsrc/archivers/arc/patches/patch-ae 1.1
Module Name: pkgsrc
Committed By: salo
Date: Thu Oct 6 14:23:39 UTC 2005
Modified Files:
pkgsrc/archivers/arc: Makefile distinfo
Added Files:
pkgsrc/archivers/arc/patches: patch-ae
Log Message:
Security fix for CAN-2005-2945 and CAN-2005-2992:
"arc 5.21j and earlier create temporary files with world-readable
permissions, which allows local users to read sensitive information
from files created by arc or marc."
http://www.zataz.net/adviso/arc-09052005.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2945
Patch from Debian.
Diffstat (limited to 'archivers')
| -rw-r--r-- | archivers/arc/Makefile | 4 | ||||
| -rw-r--r-- | archivers/arc/distinfo | 3 | ||||
| -rw-r--r-- | archivers/arc/patches/patch-ae | 30 |
3 files changed, 34 insertions, 3 deletions
diff --git a/archivers/arc/Makefile b/archivers/arc/Makefile index 576cde1baaf..32657936f12 100644 --- a/archivers/arc/Makefile +++ b/archivers/arc/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.23 2005/04/15 04:36:45 snj Exp $ +# $NetBSD: Makefile,v 1.23.4.1 2005/10/08 06:27:21 snj Exp $ DISTNAME= arc521e.pl8 PKGNAME= arc-5.21e -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES= archivers MASTER_SITES= ftp://ftp.kiarchive.ru/pub/unix/arcers/ EXTRACT_SUFX= .tar.Z diff --git a/archivers/arc/distinfo b/archivers/arc/distinfo index ba384b7e43b..c6d9af766a4 100644 --- a/archivers/arc/distinfo +++ b/archivers/arc/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.8 2005/05/08 05:45:42 minskim Exp $ +$NetBSD: distinfo,v 1.8.4.1 2005/10/08 06:27:21 snj Exp $ SHA1 (arc521e.pl8.tar.Z) = 34210f9aeaac39a15b34e6aa400b38127b6a2a20 RMD160 (arc521e.pl8.tar.Z) = 1fcd823b93b4e633244797ed231318c5bc741965 @@ -7,3 +7,4 @@ SHA1 (patch-aa) = 62324f346559b2997eba56698b1c0c1c29a328c3 SHA1 (patch-ab) = 64fba2f0b5d03f26e427ecddc70e2a9b6b2fc521 SHA1 (patch-ac) = 64d87af431c6bc0ded0b26167782309a7bfadd8a SHA1 (patch-ad) = 6f82d17b8eb2f2353d7ebfffaec1d52673acc7a0 +SHA1 (patch-ae) = bb176dee99c3fbc43e0fa00a2ae2ebe00865cc72 diff --git a/archivers/arc/patches/patch-ae b/archivers/arc/patches/patch-ae new file mode 100644 index 00000000000..8d7d7f3f809 --- /dev/null +++ b/archivers/arc/patches/patch-ae @@ -0,0 +1,30 @@ +$NetBSD: patch-ae,v 1.1.2.2 2005/10/08 06:27:21 snj Exp $ + +Security fix for CAN-2005-2945 and CAN-2005-2992, from Debian. + +--- arcsvc.c.orig 1992-04-15 00:58:40.000000000 +0200 ++++ arcsvc.c 2005-10-06 16:07:28.000000000 +0200 +@@ -17,6 +17,9 @@ + Computer Innovations Optimizing C86 + */ + #include <stdio.h> ++#include <sys/types.h> ++#include <sys/stat.h> ++#include <fcntl.h> + #include "arc.h" + #if _MTS + #include <mts.h> +@@ -52,7 +55,12 @@ + } + #endif + if (chg) { /* if opening for changes */ +- if (!(new = fopen(newname, OPEN_W))) ++ int fd; ++ ++ if ((fd = open(newname, O_CREAT|O_EXCL|O_RDWR, S_IREAD|S_IWRITE)) == -1) ++ arcdie("Cannot create archive copy: %s", newname); ++ ++ if (!(new = fdopen(fd, OPEN_W))) + arcdie("Cannot create archive copy: %s", newname); + + changing = chg; /* note if open for changes */ |