diff options
| author | adrianp <adrianp@pkgsrc.org> | 2006-01-17 22:48:57 +0000 |
|---|---|---|
| committer | adrianp <adrianp@pkgsrc.org> | 2006-01-17 22:48:57 +0000 |
| commit | 3e1f5f983f1a47a97f76d773bcb598c49828a1a5 (patch) | |
| tree | 49af2be4a6b55266919404b4413ff1c806ea6899 /graphics/tuxpaint | |
| parent | b3f5814d615d21d7a679eafdbc8b46c1a17fc113 (diff) | |
| download | pkgsrc-3e1f5f983f1a47a97f76d773bcb598c49828a1a5.tar.gz | |
Add a patch via Debain to address:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3340
"The vulnerability is caused due to temporary files being created insecurely
in the "/tmp" directory by the tuxpaint-import.sh script. This can be exploited
via symlink attacks to create or overwrite arbitrary files with the privileges
of the user running the affected script."
Bump to nb6.
Diffstat (limited to 'graphics/tuxpaint')
| -rw-r--r-- | graphics/tuxpaint/Makefile | 4 | ||||
| -rw-r--r-- | graphics/tuxpaint/distinfo | 3 | ||||
| -rw-r--r-- | graphics/tuxpaint/patches/patch-ac | 14 |
3 files changed, 18 insertions, 3 deletions
diff --git a/graphics/tuxpaint/Makefile b/graphics/tuxpaint/Makefile index 3f04deb7e53..cf002777f70 100644 --- a/graphics/tuxpaint/Makefile +++ b/graphics/tuxpaint/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.34 2005/12/29 06:21:45 jlam Exp $ +# $NetBSD: Makefile,v 1.35 2006/01/17 22:48:57 adrianp Exp $ # DISTNAME= tuxpaint-0.9.14 -PKGREVISION= 5 +PKGREVISION= 6 CATEGORIES= graphics MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=tuxpaint/} \ ftp://ftp.sonic.net/pub/users/nbs/unix/x/tuxpaint/source/ diff --git a/graphics/tuxpaint/distinfo b/graphics/tuxpaint/distinfo index aca51d54741..3063ff32513 100644 --- a/graphics/tuxpaint/distinfo +++ b/graphics/tuxpaint/distinfo @@ -1,7 +1,8 @@ -$NetBSD: distinfo,v 1.17 2005/12/28 04:58:01 reed Exp $ +$NetBSD: distinfo,v 1.18 2006/01/17 22:48:57 adrianp Exp $ SHA1 (tuxpaint-0.9.14.tar.gz) = d899f15ae348413b85e5d0cacf971db2c604b036 RMD160 (tuxpaint-0.9.14.tar.gz) = b8bbf53eef48d17f8219ae2380e98570f574a326 Size (tuxpaint-0.9.14.tar.gz) = 3208894 bytes SHA1 (patch-aa) = e2a238e16ab643a407f55e4275a5632b5cb023b2 SHA1 (patch-ab) = 03c1aa47c90cc598081a0bf39eb0606309371d0b +SHA1 (patch-ac) = cb75efd7b6eb9c3bb6752b4bf1d56fb5dd0fdc58 diff --git a/graphics/tuxpaint/patches/patch-ac b/graphics/tuxpaint/patches/patch-ac new file mode 100644 index 00000000000..0d67a50028f --- /dev/null +++ b/graphics/tuxpaint/patches/patch-ac @@ -0,0 +1,14 @@ +$NetBSD: patch-ac,v 1.1 2006/01/17 22:48:57 adrianp Exp $ + +--- src/tuxpaint-import.sh.orig 2003-06-17 10:10:59.000000000 +0100 ++++ src/tuxpaint-import.sh +@@ -12,8 +12,8 @@ + # September 21, 2002 - June 17, 2003 + + +-TMPDIR=/tmp + SAVEDIR=$HOME/.tuxpaint/saved ++TMPDIR=$SAVEDIR + + + if [ $# -eq 0 ]; then |