Security fix for SA16352.

"A vulnerability in wine can be exploited by malicious, local users to
perform certain actions on a vulnerable system with escalated privileges.

The vulnerability is caused due to a temporary file being created
insecurely in "/tmp" by winelauncher.in under certain error conditions.
This can be exploited via symlink attacks to create or overwrite
arbitrary files with the privileges of the user running the affected
application."

http://secunia.com/advisories/16352/

Patch from Wine CVS.

1 files changed, 25 insertions, 0 deletions

diff --git a/emulators/wine/patches/patch-ai b/emulators/wine/patches/patch-ai
new file mode 100644
index 00000000000..10080b21c6d
--- /dev/null
+++ b/emulators/wine/patches/patch-ai
@@ -0,0 +1,25 @@
+$NetBSD: patch-ai,v 1.5 2005/08/12 13:57:44 salo Exp $
+
+Fix for SA16352, from Wine CVS.
+
+--- programs/winelauncher.in.orig	2004-06-22 01:56:15.000000000 +0200
++++ programs/winelauncher.in	2005-08-12 15:11:18.000000000 +0200
+@@ -59,8 +59,8 @@
+ if [ $? -ne 0 ] ; then
+     # xmessage not found; make sure the user notices this error
+     # (GUI users wouldn't even notice if we printed the text on console !)
+-    MSGFILE=/tmp/WINE_CANNOT_FIND_XMESSAGE
+-    cat > $MSGFILE << EOF
++    MSGFILE=`mktemp "/tmp/wine.xmessage.XXXXXX"`
++    cat > $MSGFILE <<EOF
+ Warning:
+     The Wine launcher is unable to find the xmessage program,
+     which it needs to properly notify you of Wine execution status
+@@ -87,6 +87,7 @@
+ 
+     # ok, we really give up now, this system is hosed ;-)
+     cat $MSGFILE
++    rm $MSGFILE
+ else
+     XMESSAGE="xmessage $COLOR"
+ fi