diff options
author | tonnerre <tonnerre@pkgsrc.org> | 2008-07-13 18:26:24 +0000 |
---|---|---|
committer | tonnerre <tonnerre@pkgsrc.org> | 2008-07-13 18:26:24 +0000 |
commit | 09408331eb320e5c21725da3d9edb3be189b2d31 (patch) | |
tree | 4bcc6e1234de9afbed1b154822e47c987710b79f /shells | |
parent | a71b8b103634493e1857eb729da7b54888099c01 (diff) | |
download | pkgsrc-09408331eb320e5c21725da3d9edb3be189b2d31.tar.gz |
Fix an insecure temp file creation vulnerability in zsh-current's difflog.pl
(CVE-2007-6209).
Diffstat (limited to 'shells')
-rw-r--r-- | shells/zsh-current/Makefile | 4 | ||||
-rw-r--r-- | shells/zsh-current/distinfo | 3 | ||||
-rw-r--r-- | shells/zsh-current/patches/patch-aa | 20 |
3 files changed, 24 insertions, 3 deletions
diff --git a/shells/zsh-current/Makefile b/shells/zsh-current/Makefile index 9a7b1529286..fbba2915aeb 100644 --- a/shells/zsh-current/Makefile +++ b/shells/zsh-current/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.13 2007/11/07 09:59:27 bjs Exp $ +# $NetBSD: Makefile,v 1.14 2008/07/13 18:26:24 tonnerre Exp $ .include "../../shells/zsh/Makefile.common" -PKGREVISION= 1 +PKGREVISION= 2 ZSH_VERSION= 4.3.4 ZSH_MAINTAINER= uebayasi@NetBSD.org diff --git a/shells/zsh-current/distinfo b/shells/zsh-current/distinfo index be90f0cda58..6c206ca6c4c 100644 --- a/shells/zsh-current/distinfo +++ b/shells/zsh-current/distinfo @@ -1,8 +1,9 @@ -$NetBSD: distinfo,v 1.11 2007/09/21 08:04:45 uebayasi Exp $ +$NetBSD: distinfo,v 1.12 2008/07/13 18:26:24 tonnerre Exp $ SHA1 (zsh-4.3.4.tar.bz2) = 6bd905c4bf61bf3df5e5bb78f64be68366ad7517 RMD160 (zsh-4.3.4.tar.bz2) = 2fe0fcf6371d2072c3b7eeae0392c7ef3665457c Size (zsh-4.3.4.tar.bz2) = 2374851 bytes +SHA1 (patch-aa) = 15f9d45ea98f89945ca274fc5b0298fa9397f89d SHA1 (patch-ab) = 799e63e51338d542d6247066d77647365fda09c9 SHA1 (patch-ac) = 95e15527e75685cbc140066efeec12127a4863ce SHA1 (patch-ae) = 62a763ee77b823d63f245f34122b232cf0344285 diff --git a/shells/zsh-current/patches/patch-aa b/shells/zsh-current/patches/patch-aa new file mode 100644 index 00000000000..cc700272cee --- /dev/null +++ b/shells/zsh-current/patches/patch-aa @@ -0,0 +1,20 @@ +$NetBSD: patch-aa,v 1.7 2008/07/13 18:26:24 tonnerre Exp $ + +--- Util/difflog.pl.orig 2002-04-18 16:35:17.000000000 +0200 ++++ Util/difflog.pl +@@ -2,10 +2,13 @@ + + use strict; + use IO::File; ++use File::Temp; + + my @differ = qw(diff -bw); +-my $oldtmp = "/tmp/difflog$$.old"; +-my $newtmp = "/tmp/difflog$$.new"; ++my $oldf = new File::Temp(TEMPLATE => 'difflogXXXXX', DIR => '/tmp/', SUFFIX => '.old'); ++my $newf = new File::Temp(TEMPLATE => 'difflogXXXXX', DIR => '/tmp/', SUFFIX => '.new'); ++my $oldtmp = $oldf->filename; ++my $newtmp = $newf->filename; + + my $newfn = pop(@ARGV); + my $oldfn = pop(@ARGV); |