From 46ab41257ae465b8e54008b4990086ffe89f8e61 Mon Sep 17 00:00:00 2001 From: salo Date: Mon, 11 Apr 2005 18:44:54 +0000 Subject: Security fix for SA14551: "A vulnerability in GNU Sharutils was reported, which can be potentially exploited by malicious, local users to conduct certain actions on a vulnerable system with escalated privileges." Patch from Debian. Bump PKGREVISION. --- archivers/gsharutils/Makefile | 4 ++-- archivers/gsharutils/distinfo | 4 ++-- archivers/gsharutils/patches/patch-ah | 22 ++++++++++++++++++++-- 3 files changed, 24 insertions(+), 6 deletions(-) (limited to 'archivers') diff --git a/archivers/gsharutils/Makefile b/archivers/gsharutils/Makefile index 733a464bb3e..fce1ceb869c 100644 --- a/archivers/gsharutils/Makefile +++ b/archivers/gsharutils/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.25 2005/03/31 14:17:05 salo Exp $ +# $NetBSD: Makefile,v 1.26 2005/04/11 18:44:54 salo Exp $ DISTNAME= sharutils-4.2.1 PKGNAME= g${DISTNAME} -PKGREVISION= 5 +PKGREVISION= 6 CATEGORIES= archivers MASTER_SITES= ${MASTER_SITE_GNU:=sharutils/} diff --git a/archivers/gsharutils/distinfo b/archivers/gsharutils/distinfo index be049fb7171..2f421aeb159 100644 --- a/archivers/gsharutils/distinfo +++ b/archivers/gsharutils/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.12 2005/03/31 14:41:48 salo Exp $ +$NetBSD: distinfo,v 1.13 2005/04/11 18:44:54 salo Exp $ SHA1 (sharutils-4.2.1.tar.gz) = 3f0c0af31bd429cee1e088eb74867f20f8d399ef RMD160 (sharutils-4.2.1.tar.gz) = 06e1629aa8a1c982e6032f194df6f5fe85f85b43 @@ -10,6 +10,6 @@ SHA1 (patch-ad) = fe6ba534c9830294c97dd37586aaa2c63d385a4c SHA1 (patch-ae) = 8b88d98af2d1f24ba2623e8d56b36061806f5e12 SHA1 (patch-af) = 50aee8dc24a33892a0f17f7aeb5cfbae1adcb0c9 SHA1 (patch-ag) = af78d21124b33f0d8bdc27969119222e4d79008e -SHA1 (patch-ah) = 1540064ef3a21a4486950ca24432f471bf1366a9 +SHA1 (patch-ah) = 90fed62712aa4d02d66098581d5e5602e391663e SHA1 (patch-ai) = a95e116d517e5fe536a31d12db1c33daaf2609af SHA1 (patch-aj) = 56ee560455a206c6fa5c106f1c759d0a0296dfd7 diff --git a/archivers/gsharutils/patches/patch-ah b/archivers/gsharutils/patches/patch-ah index 088399f8c18..8d693bcf6c0 100644 --- a/archivers/gsharutils/patches/patch-ah +++ b/archivers/gsharutils/patches/patch-ah @@ -1,7 +1,7 @@ -$NetBSD: patch-ah,v 1.5 2005/03/31 14:17:05 salo Exp $ +$NetBSD: patch-ah,v 1.6 2005/04/11 18:44:54 salo Exp $ --- src/unshar.c.orig 1995-11-21 17:22:14.000000000 +0100 -+++ src/unshar.c 2005-03-31 15:33:03.000000000 +0200 ++++ src/unshar.c 2005-04-11 20:37:40.000000000 +0200 @@ -346,8 +346,8 @@ { size_t size_read; @@ -34,3 +34,21 @@ $NetBSD: patch-ah,v 1.5 2005/03/31 14:17:05 salo Exp $ } if (file = fopen (name_buffer, "r"), !file) error (EXIT_FAILURE, errno, name_buffer); +@@ -424,13 +424,15 @@ + } + else + { ++#ifdef __MSDOS__ + sprintf (name_buffer, "/tmp/unsh.%05d", (int) getpid ()); + unlink (name_buffer); + + if (file = fopen (name_buffer, "w+"), !file) + error (EXIT_FAILURE, errno, name_buffer); +-#ifndef __MSDOS__ +- unlink (name_buffer); /* will be deleted on fclose */ ++#else ++ if (file = tmpfile(), !file) ++ error (EXIT_FAILURE, errno, "tmpfile"); + #endif + + while (size_read = fread (copy_buffer, 1, sizeof (copy_buffer), stdin), -- cgit v1.2.3