diff options
author | tez <tez@pkgsrc.org> | 2012-01-10 21:09:55 +0000 |
---|---|---|
committer | tez <tez@pkgsrc.org> | 2012-01-10 21:09:55 +0000 |
commit | 5be1f7fc220512c24e6e8c47061ae62df7664212 (patch) | |
tree | 81094532564833d9521c96fb8f3bc6bf7b78a7f9 /converters | |
parent | 46624e3f267542cceeb32f03de841c7d66d6f0af (diff) | |
download | pkgsrc-5be1f7fc220512c24e6e8c47061ae62df7664212.tar.gz |
add patch for CVE-2011-4919 (bad permissions on created files)
Diffstat (limited to 'converters')
-rw-r--r-- | converters/mpack/Makefile | 4 | ||||
-rw-r--r-- | converters/mpack/distinfo | 4 | ||||
-rw-r--r-- | converters/mpack/patches/patch-ab | 19 |
3 files changed, 20 insertions, 7 deletions
diff --git a/converters/mpack/Makefile b/converters/mpack/Makefile index f947b00b3cb..ad9c8d416b7 100644 --- a/converters/mpack/Makefile +++ b/converters/mpack/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.21 2010/11/17 22:24:40 is Exp $ +# $NetBSD: Makefile,v 1.22 2012/01/10 21:09:55 tez Exp $ DISTNAME= mpack-1.6 -PKGREVISION= 2 +PKGREVISION= 3 CATEGORIES= converters mail news MASTER_SITES= ftp://ftp.andrew.cmu.edu/pub/mpack/ diff --git a/converters/mpack/distinfo b/converters/mpack/distinfo index d6d4af79c2e..ab8c13e13ec 100644 --- a/converters/mpack/distinfo +++ b/converters/mpack/distinfo @@ -1,9 +1,9 @@ -$NetBSD: distinfo,v 1.13 2011/08/01 04:08:51 dholland Exp $ +$NetBSD: distinfo,v 1.14 2012/01/10 21:09:55 tez Exp $ SHA1 (mpack-1.6.tar.gz) = 7fd3a73e0f131412920b6ff34872e7e7fa03e03b RMD160 (mpack-1.6.tar.gz) = a83330aa15437dc3ca6475cbf6e35b09ab9cef07 Size (mpack-1.6.tar.gz) = 179850 bytes -SHA1 (patch-ab) = a17706d20573b65bf21017096d4b2178c75dbacc +SHA1 (patch-ab) = 8df8609e0a2268346d0a3a806f502b48193128de SHA1 (patch-ac) = a69986a5c1b7659fac6df05f4db9a44df3110892 SHA1 (patch-ad) = 76f32d163021a81d73d8316f72b141ef3edf4f14 SHA1 (patch-ae) = 7cbc232a310d0aa2c18b8f2fc3dba0a3fae311b8 diff --git a/converters/mpack/patches/patch-ab b/converters/mpack/patches/patch-ab index fb4d9036918..470570a15d9 100644 --- a/converters/mpack/patches/patch-ab +++ b/converters/mpack/patches/patch-ab @@ -1,13 +1,14 @@ -$NetBSD: patch-ab,v 1.8 2010/01/15 23:47:14 dholland Exp $ +$NetBSD: patch-ab,v 1.9 2012/01/10 21:09:55 tez Exp $ - Include fixes for modern Unix. - Don't try to use /usr/tmp. - Time handling fixes for NetBSD with 64-bit time_t. +- Fix for CVE-2011-4919 (bad permissions on created files) Upstream: as far as I know not actively maintained upstream. ---- unixos.c.orig 2003-07-21 16:54:05.000000000 -0400 -+++ unixos.c 2009-02-15 14:56:48.000000000 -0500 +--- unixos.c.orig 2003-07-21 20:54:05.000000000 +0000 ++++ unixos.c @@ -23,9 +23,11 @@ * SOFTWARE. */ @@ -53,3 +54,15 @@ Upstream: as far as I know not actively maintained upstream. } strcat(buf, "/m-prts-"); p = getenv("USER"); +@@ -137,9 +139,9 @@ FILE *os_createnewfile(char *fname) + FILE *ret; + + #ifdef O_EXCL +- fd=open(fname, O_RDWR|O_CREAT|O_EXCL, 0644); ++ fd=open(fname, O_RDWR|O_CREAT|O_EXCL, 0600); + #else +- fd=open(fname, O_RDWR|O_CREAT|O_TRUNC, 0644); ++ fd=open(fname, O_RDWR|O_CREAT|O_TRUNC, 0600); + #endif + + if (fd == -1) |