summaryrefslogtreecommitdiff
path: root/converters
diff options
context:
space:
mode:
authortez <tez@pkgsrc.org>2012-01-10 21:09:55 +0000
committertez <tez@pkgsrc.org>2012-01-10 21:09:55 +0000
commit5be1f7fc220512c24e6e8c47061ae62df7664212 (patch)
tree81094532564833d9521c96fb8f3bc6bf7b78a7f9 /converters
parent46624e3f267542cceeb32f03de841c7d66d6f0af (diff)
downloadpkgsrc-5be1f7fc220512c24e6e8c47061ae62df7664212.tar.gz
add patch for CVE-2011-4919 (bad permissions on created files)
Diffstat (limited to 'converters')
-rw-r--r--converters/mpack/Makefile4
-rw-r--r--converters/mpack/distinfo4
-rw-r--r--converters/mpack/patches/patch-ab19
3 files changed, 20 insertions, 7 deletions
diff --git a/converters/mpack/Makefile b/converters/mpack/Makefile
index f947b00b3cb..ad9c8d416b7 100644
--- a/converters/mpack/Makefile
+++ b/converters/mpack/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.21 2010/11/17 22:24:40 is Exp $
+# $NetBSD: Makefile,v 1.22 2012/01/10 21:09:55 tez Exp $
DISTNAME= mpack-1.6
-PKGREVISION= 2
+PKGREVISION= 3
CATEGORIES= converters mail news
MASTER_SITES= ftp://ftp.andrew.cmu.edu/pub/mpack/
diff --git a/converters/mpack/distinfo b/converters/mpack/distinfo
index d6d4af79c2e..ab8c13e13ec 100644
--- a/converters/mpack/distinfo
+++ b/converters/mpack/distinfo
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.13 2011/08/01 04:08:51 dholland Exp $
+$NetBSD: distinfo,v 1.14 2012/01/10 21:09:55 tez Exp $
SHA1 (mpack-1.6.tar.gz) = 7fd3a73e0f131412920b6ff34872e7e7fa03e03b
RMD160 (mpack-1.6.tar.gz) = a83330aa15437dc3ca6475cbf6e35b09ab9cef07
Size (mpack-1.6.tar.gz) = 179850 bytes
-SHA1 (patch-ab) = a17706d20573b65bf21017096d4b2178c75dbacc
+SHA1 (patch-ab) = 8df8609e0a2268346d0a3a806f502b48193128de
SHA1 (patch-ac) = a69986a5c1b7659fac6df05f4db9a44df3110892
SHA1 (patch-ad) = 76f32d163021a81d73d8316f72b141ef3edf4f14
SHA1 (patch-ae) = 7cbc232a310d0aa2c18b8f2fc3dba0a3fae311b8
diff --git a/converters/mpack/patches/patch-ab b/converters/mpack/patches/patch-ab
index fb4d9036918..470570a15d9 100644
--- a/converters/mpack/patches/patch-ab
+++ b/converters/mpack/patches/patch-ab
@@ -1,13 +1,14 @@
-$NetBSD: patch-ab,v 1.8 2010/01/15 23:47:14 dholland Exp $
+$NetBSD: patch-ab,v 1.9 2012/01/10 21:09:55 tez Exp $
- Include fixes for modern Unix.
- Don't try to use /usr/tmp.
- Time handling fixes for NetBSD with 64-bit time_t.
+- Fix for CVE-2011-4919 (bad permissions on created files)
Upstream: as far as I know not actively maintained upstream.
---- unixos.c.orig 2003-07-21 16:54:05.000000000 -0400
-+++ unixos.c 2009-02-15 14:56:48.000000000 -0500
+--- unixos.c.orig 2003-07-21 20:54:05.000000000 +0000
++++ unixos.c
@@ -23,9 +23,11 @@
* SOFTWARE.
*/
@@ -53,3 +54,15 @@ Upstream: as far as I know not actively maintained upstream.
}
strcat(buf, "/m-prts-");
p = getenv("USER");
+@@ -137,9 +139,9 @@ FILE *os_createnewfile(char *fname)
+ FILE *ret;
+
+ #ifdef O_EXCL
+- fd=open(fname, O_RDWR|O_CREAT|O_EXCL, 0644);
++ fd=open(fname, O_RDWR|O_CREAT|O_EXCL, 0600);
+ #else
+- fd=open(fname, O_RDWR|O_CREAT|O_TRUNC, 0644);
++ fd=open(fname, O_RDWR|O_CREAT|O_TRUNC, 0600);
+ #endif
+
+ if (fd == -1)