diff options
author | tonnerre <tonnerre@pkgsrc.org> | 2008-07-13 20:35:46 +0000 |
---|---|---|
committer | tonnerre <tonnerre@pkgsrc.org> | 2008-07-13 20:35:46 +0000 |
commit | b2cec6ec67f4285f231df6ef880d91eea19a10b2 (patch) | |
tree | 381d14963b2ac95a3d4bf42ae2be0ed9bfa10f11 /www/wml | |
parent | 6233ffa98c34d846f6b9215dd48a743bf278b3a1 (diff) | |
download | pkgsrc-b2cec6ec67f4285f231df6ef880d91eea19a10b2.tar.gz |
Add patches for wml privilege escalation (CVE-2008-0665 and CVE-2008-0666).
Diffstat (limited to 'www/wml')
-rw-r--r-- | www/wml/Makefile | 4 | ||||
-rw-r--r-- | www/wml/distinfo | 5 | ||||
-rw-r--r-- | www/wml/patches/patch-aj | 20 | ||||
-rw-r--r-- | www/wml/patches/patch-ak | 13 | ||||
-rw-r--r-- | www/wml/patches/patch-al | 26 |
5 files changed, 65 insertions, 3 deletions
diff --git a/www/wml/Makefile b/www/wml/Makefile index 720eaf42236..9caf7e7bfdf 100644 --- a/www/wml/Makefile +++ b/www/wml/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.27 2007/09/29 21:23:12 heinz Exp $ +# $NetBSD: Makefile,v 1.28 2008/07/13 20:35:46 tonnerre Exp $ # DISTNAME= wml-2.0.9 -PKGREVISION= 2 +PKGREVISION= 3 CATEGORIES= www perl5 MASTER_SITES= http://thewml.org/distrib/ diff --git a/www/wml/distinfo b/www/wml/distinfo index 0f657ec79b9..fefbf8c53b3 100644 --- a/www/wml/distinfo +++ b/www/wml/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.8 2007/09/29 21:23:12 heinz Exp $ +$NetBSD: distinfo,v 1.9 2008/07/13 20:35:46 tonnerre Exp $ SHA1 (wml-2.0.9.tar.gz) = ce95ad9c55fd52e2028099d391858d88cffd5d9f RMD160 (wml-2.0.9.tar.gz) = bf14a4c09bdd850c5bad5f48f712717a13b13412 @@ -12,3 +12,6 @@ SHA1 (patch-af) = e7dcb9287066e962d3fedafcea4302c71fbf0dce SHA1 (patch-ag) = 642371cb755e993118f5cc6a16abeaa62ec8d163 SHA1 (patch-ah) = 8195a53d0a514b9ed1bd8e9460c8c3e77a1d0d8d SHA1 (patch-ai) = c376fe6308bd9defb66719a53a0e0da3953e2016 +SHA1 (patch-aj) = 1675e8778a01c66f8a91306532216fd859eb0ca3 +SHA1 (patch-ak) = 43419f8799888262c2365f9014fa4ed9dd89d030 +SHA1 (patch-al) = 0360574b0ec6df025efc14cd9d99bd5ab43a9537 diff --git a/www/wml/patches/patch-aj b/www/wml/patches/patch-aj new file mode 100644 index 00000000000..55c017eb4af --- /dev/null +++ b/www/wml/patches/patch-aj @@ -0,0 +1,20 @@ +$NetBSD: patch-aj,v 1.1 2008/07/13 20:35:46 tonnerre Exp $ + +--- work/wml-2.0.9/wml_contrib/wmg.cgi.orig 1999-05-20 13:39:28.000000000 +0200 ++++ work/wml-2.0.9/wml_contrib/wmg.cgi +@@ -367,14 +367,7 @@ if ($level >= 1) { + ($w, $h, $t) = Image::Size::imgsize(\$contents); + if ($w*$h == 1) { + # read image into GD +- $tmpfile = "/tmp/pe.tmp.$$"; +- unlink($tmpfile); +- open(TMP, ">$tmpfile"); +- print TMP $contents; +- close(TMP); +- open(TMP, "<$tmpfile"); +- $tmpimg = newFromGif GD::Image(TMP); +- close(TMP); ++ $tmpimg = newFromGifData GD::Image($contents); + unlink($tmpfile); + if ($tmpimg->transparent != -1) { + my $im = new GD::Image($w, $h); diff --git a/www/wml/patches/patch-ak b/www/wml/patches/patch-ak new file mode 100644 index 00000000000..7eef0733a7c --- /dev/null +++ b/www/wml/patches/patch-ak @@ -0,0 +1,13 @@ +$NetBSD: patch-ak,v 1.1 2008/07/13 20:35:46 tonnerre Exp $ + +--- work/wml-2.0.9/wml_backend/p1_ipp/ipp.src.orig 2002-04-20 23:26:19.000000000 +0200 ++++ work/wml-2.0.9/wml_backend/p1_ipp/ipp.src +@@ -565,6 +565,8 @@ foreach $str (@opt_D) { + # process the pre-loaded include files + # + $tmpdir = $ENV{'TMPDIR'} || '/tmp'; ++my $tmpldir = ($ENV{'TMPDIR'} || '/tmp') . '/ipp.XXXXXX'; ++$tmpdir = mkdtemp($tmpldir) or die "Unable to create temporary directory: $!\n"; + $tmpfile = $tmpdir . "/ipp.$$.tmp"; + unlink($tmpfile); + $tmp = new IO::File; diff --git a/www/wml/patches/patch-al b/www/wml/patches/patch-al new file mode 100644 index 00000000000..8f3a6c606bb --- /dev/null +++ b/www/wml/patches/patch-al @@ -0,0 +1,26 @@ +$NetBSD: patch-al,v 1.1 2008/07/13 20:35:46 tonnerre Exp $ + +--- work/wml-2.0.9/wml_backend/p3_eperl/eperl_sys.c.orig 2002-08-08 23:56:26.000000000 +0200 ++++ work/wml-2.0.9/wml_backend/p3_eperl/eperl_sys.c +@@ -211,13 +211,20 @@ char *mytmpfile(char *id) + { + char ca[1024]; + char *cp, *tmpdir; ++ char tmpfile[]="eperl_sourceXXXXXX"; + int i; ++ int fd=-1; + + tmpdir = getenv ("TMPDIR"); + if (tmpdir == (char *) NULL) + tmpdir="/tmp"; + +- snprintf(ca, sizeof(ca), "%s/%s.%d.tmp%d", tmpdir, id, (int)getpid(), mytmpfilecnt++); ++ snprintf(ca, sizeof(ca), "%s/%s", tmpdir, tmpfile); ++ if((fd = mkstemp(tmpfile)) == -1){ ++ perror("can not create tmpfile"); ++ return NULL; ++ } ++ close(fd); + ca[sizeof(ca)-1] = NUL; + cp = strdup(ca); + for (i = 0; mytmpfiles[i] != NULL; i++) |