diff options
author | salo <salo@pkgsrc.org> | 2005-10-06 14:23:39 +0000 |
---|---|---|
committer | salo <salo@pkgsrc.org> | 2005-10-06 14:23:39 +0000 |
commit | 1405e0a7e302fccd5859390949810f7b46f81c6f (patch) | |
tree | c37475b222969b5799f757855fbfb06ea45bbdb1 /archivers | |
parent | 73e1d674663fd43b2daa80937134f074f1eb57a9 (diff) | |
download | pkgsrc-1405e0a7e302fccd5859390949810f7b46f81c6f.tar.gz |
Security fix for CAN-2005-2945 and CAN-2005-2992:
"arc 5.21j and earlier create temporary files with world-readable permissions,
which allows local users to read sensitive information from files created by
arc or marc."
http://www.zataz.net/adviso/arc-09052005.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2945
Patch from Debian.
Diffstat (limited to 'archivers')
-rw-r--r-- | archivers/arc/Makefile | 4 | ||||
-rw-r--r-- | archivers/arc/distinfo | 3 | ||||
-rw-r--r-- | archivers/arc/patches/patch-ae | 30 |
3 files changed, 34 insertions, 3 deletions
diff --git a/archivers/arc/Makefile b/archivers/arc/Makefile index 576cde1baaf..478afd58f95 100644 --- a/archivers/arc/Makefile +++ b/archivers/arc/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.23 2005/04/15 04:36:45 snj Exp $ +# $NetBSD: Makefile,v 1.24 2005/10/06 14:23:39 salo Exp $ DISTNAME= arc521e.pl8 PKGNAME= arc-5.21e -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES= archivers MASTER_SITES= ftp://ftp.kiarchive.ru/pub/unix/arcers/ EXTRACT_SUFX= .tar.Z diff --git a/archivers/arc/distinfo b/archivers/arc/distinfo index ba384b7e43b..518a4cc7b60 100644 --- a/archivers/arc/distinfo +++ b/archivers/arc/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.8 2005/05/08 05:45:42 minskim Exp $ +$NetBSD: distinfo,v 1.9 2005/10/06 14:23:39 salo Exp $ SHA1 (arc521e.pl8.tar.Z) = 34210f9aeaac39a15b34e6aa400b38127b6a2a20 RMD160 (arc521e.pl8.tar.Z) = 1fcd823b93b4e633244797ed231318c5bc741965 @@ -7,3 +7,4 @@ SHA1 (patch-aa) = 62324f346559b2997eba56698b1c0c1c29a328c3 SHA1 (patch-ab) = 64fba2f0b5d03f26e427ecddc70e2a9b6b2fc521 SHA1 (patch-ac) = 64d87af431c6bc0ded0b26167782309a7bfadd8a SHA1 (patch-ad) = 6f82d17b8eb2f2353d7ebfffaec1d52673acc7a0 +SHA1 (patch-ae) = bb176dee99c3fbc43e0fa00a2ae2ebe00865cc72 diff --git a/archivers/arc/patches/patch-ae b/archivers/arc/patches/patch-ae new file mode 100644 index 00000000000..759c05fe3bf --- /dev/null +++ b/archivers/arc/patches/patch-ae @@ -0,0 +1,30 @@ +$NetBSD: patch-ae,v 1.1 2005/10/06 14:23:39 salo Exp $ + +Security fix for CAN-2005-2945 and CAN-2005-2992, from Debian. + +--- arcsvc.c.orig 1992-04-15 00:58:40.000000000 +0200 ++++ arcsvc.c 2005-10-06 16:07:28.000000000 +0200 +@@ -17,6 +17,9 @@ + Computer Innovations Optimizing C86 + */ + #include <stdio.h> ++#include <sys/types.h> ++#include <sys/stat.h> ++#include <fcntl.h> + #include "arc.h" + #if _MTS + #include <mts.h> +@@ -52,7 +55,12 @@ + } + #endif + if (chg) { /* if opening for changes */ +- if (!(new = fopen(newname, OPEN_W))) ++ int fd; ++ ++ if ((fd = open(newname, O_CREAT|O_EXCL|O_RDWR, S_IREAD|S_IWRITE)) == -1) ++ arcdie("Cannot create archive copy: %s", newname); ++ ++ if (!(new = fdopen(fd, OPEN_W))) + arcdie("Cannot create archive copy: %s", newname); + + changing = chg; /* note if open for changes */ |