diff options
| author | salo <salo@pkgsrc.org> | 2006-12-11 12:47:13 +0000 |
|---|---|---|
| committer | salo <salo@pkgsrc.org> | 2006-12-11 12:47:13 +0000 |
| commit | 4027aab42d855115f4b50175bf30ed53461f7ebd (patch) | |
| tree | 7becdd11433f76bc988e5f6759eed82235860dff /mail/mutt-devel | |
| parent | 9c7d1b525ffd6e1005f03e13337bc6c2ba981643 (diff) | |
| download | pkgsrc-4027aab42d855115f4b50175bf30ed53461f7ebd.tar.gz | |
Use official upstream patch for CVE-2006-5297 and CVE-2006-5298 security
issues from mutt GIT repo. Bump PKGREVISION.
Diffstat (limited to 'mail/mutt-devel')
| -rw-r--r-- | mail/mutt-devel/Makefile | 4 | ||||
| -rw-r--r-- | mail/mutt-devel/distinfo | 4 | ||||
| -rw-r--r-- | mail/mutt-devel/patches/patch-ae | 106 |
3 files changed, 88 insertions, 26 deletions
diff --git a/mail/mutt-devel/Makefile b/mail/mutt-devel/Makefile index 40ee8e08f91..69b3879165e 100644 --- a/mail/mutt-devel/Makefile +++ b/mail/mutt-devel/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.54 2006/11/07 09:27:11 joerg Exp $ +# $NetBSD: Makefile,v 1.55 2006/12/11 12:47:13 salo Exp $ DISTNAME= mutt-1.5.13 -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES= mail MUTT_SITES= ftp://ftp.mutt.org/mutt/ \ ftp://ftp.stealth.net/pub/mirrors/ftp.mutt.org/pub/mutt/ \ diff --git a/mail/mutt-devel/distinfo b/mail/mutt-devel/distinfo index 2eb0318b7ae..8e9bdd88d6c 100644 --- a/mail/mutt-devel/distinfo +++ b/mail/mutt-devel/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.35 2006/11/03 18:19:07 tonio Exp $ +$NetBSD: distinfo,v 1.36 2006/12/11 12:47:13 salo Exp $ SHA1 (mutt-1.5.13.tar.gz) = 6d5b88d33e1727bf0342c31f06d55d7a3d2d4e0a RMD160 (mutt-1.5.13.tar.gz) = 9327b7f928aad78a20c2395629113ac2519bb945 @@ -10,7 +10,7 @@ SHA1 (patch-aa) = 59d89dce24110be2927c8a1ea1fa5b780d644372 SHA1 (patch-ab) = 67e0deb5af56830397d897979ac806f9c16fdbda SHA1 (patch-ac) = b48ff9f66ff2b483b5aa0c312e08bd22c7cf03be SHA1 (patch-ad) = ecfa994c7c5e494b6eb7356327b96de6559146fc -SHA1 (patch-ae) = e207b279b4b6cf9bd29f5537beedb3f34453b62d +SHA1 (patch-ae) = 1ff6efde4e7d380008c466800d6164b51a4b3414 SHA1 (patch-ag) = 84637d95fa9aa0cf58a6e6b2c82b783efa21cf66 SHA1 (patch-ah) = 4227c5768b900e58fa4a679e6ad67efc974a70b5 SHA1 (patch-ai) = 7d9883198a22615fb1792a41fce3ee9821f48f08 diff --git a/mail/mutt-devel/patches/patch-ae b/mail/mutt-devel/patches/patch-ae index 90dade48819..b67941237cb 100644 --- a/mail/mutt-devel/patches/patch-ae +++ b/mail/mutt-devel/patches/patch-ae @@ -1,29 +1,91 @@ -$NetBSD: patch-ae,v 1.7 2006/11/03 18:19:07 tonio Exp $ +$NetBSD: patch-ae,v 1.8 2006/12/11 12:47:13 salo Exp $ ---- lib.c.orig 2002-04-29 18:12:18.000000000 +0100 -+++ lib.c 2006-11-01 13:22:51.000000000 +0000 -@@ -351,8 +351,8 @@ +Security fixes for CVE-2006-5297 and CVE-2006-5298, from mutt git. + +--- lib.c.orig 2006-05-18 20:44:29.000000000 +0200 ++++ lib.c 2006-12-11 13:39:27.000000000 +0100 +@@ -481,13 +481,84 @@ int safe_rename (const char *src, const + return 0; + } + ++/* Create a temporary directory next to a file name */ ++ ++int mutt_mkwrapdir (const char *path, char *newfile, size_t nflen, ++ char *newdir, size_t ndlen) ++{ ++ const char *basename; ++ char parent[_POSIX_PATH_MAX]; ++ char *p; ++ int rv; ++ ++ strfcpy (parent, NONULL (path), sizeof (parent)); ++ ++ if ((p = strrchr (parent, '/'))) ++ { ++ *p = '\0'; ++ basename = p + 1; ++ } ++ else ++ { ++ strfcpy (parent, ".", sizeof (parent)); ++ basename = path; ++ } ++ ++ do ++ { ++ snprintf (newdir, ndlen, "%s/%s", parent, ".muttXXXXXX"); ++ mktemp (newdir); ++ } ++ while ((rv = mkdir (newdir, 0700)) == -1 && errno == EEXIST); ++ ++ if (rv == -1) ++ return -1; ++ ++ snprintf (newfile, nflen, "%s/%s", newdir, NONULL(basename)); ++ return 0; ++} ++ ++int mutt_put_file_in_place (const char *path, const char *safe_file, const char *safe_dir) ++{ ++ int rv; ++ ++ rv = safe_rename (safe_file, path); ++ unlink (safe_file); ++ rmdir (safe_dir); ++ return rv; ++} ++ + int safe_open (const char *path, int flags) + { struct stat osb, nsb; int fd; -- if ((fd = open (path, flags, 0600)) < 0) -- return fd; -+ if ((fd = open (path, flags, S_IRUSR|S_IWUSR)) < 0) -+ return (-1); ++ if (flags & O_EXCL) ++ { ++ char safe_file[_POSIX_PATH_MAX]; ++ char safe_dir[_POSIX_PATH_MAX]; ++ ++ if (mutt_mkwrapdir (path, safe_file, sizeof (safe_file), ++ safe_dir, sizeof (safe_dir)) == -1) ++ return -1; ++ ++ if ((fd = open (safe_file, flags, 0600)) < 0) ++ { ++ rmdir (safe_dir); ++ return fd; ++ } ++ ++ if (mutt_put_file_in_place (path, safe_file, safe_dir) == -1) ++ { ++ close (fd); ++ return -1; ++ } ++ } ++ else ++ { + if ((fd = open (path, flags, 0600)) < 0) + return fd; ++ } /* make sure the file is not symlink */ if (lstat (path, &osb) < 0 || fstat (fd, &nsb) < 0 || -@@ -363,6 +363,13 @@ - return (-1); - } - -+ /* Make sure the file is owned by us and has save permissions. */ -+ if (nsb.st_uid != geteuid() || -+ (nsb.st_mode & (S_IRWXG|S_IRWXO)) != 0) { -+ close (fd); -+ return (-1); -+ } -+ - return (fd); - } - |