From ff9158c2adeff40725d998a959dd12230fce18af Mon Sep 17 00:00:00 2001 From: snj Date: Thu, 14 Apr 2005 04:22:27 +0000 Subject: Pullup ticket 437 - requested by Lubomir Sedlacik security fix for gsharutils Revisions pulled up: - pkgsrc/archivers/gsharutils/Makefile 1.26 - pkgsrc/archivers/gsharutils/distinfo 1.13 - pkgsrc/archivers/gsharutils/patches/patch-ah 1.6 Module Name: pkgsrc Committed By: salo Date: Mon Apr 11 18:44:54 UTC 2005 Modified Files: pkgsrc/archivers/gsharutils: Makefile distinfo pkgsrc/archivers/gsharutils/patches: patch-ah Log Message: Security fix for SA14551: "A vulnerability in GNU Sharutils was reported, which can be potentially exploited by malicious, local users to conduct certain actions on a vulnerable system with escalated privileges." Patch from Debian. Bump PKGREVISION. --- archivers/gsharutils/Makefile | 4 ++-- archivers/gsharutils/distinfo | 4 ++-- archivers/gsharutils/patches/patch-ah | 22 ++++++++++++++++++++-- 3 files changed, 24 insertions(+), 6 deletions(-) (limited to 'archivers') diff --git a/archivers/gsharutils/Makefile b/archivers/gsharutils/Makefile index 8f731314217..7785823e995 100644 --- a/archivers/gsharutils/Makefile +++ b/archivers/gsharutils/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.24.2.1 2005/04/01 05:03:52 snj Exp $ +# $NetBSD: Makefile,v 1.24.2.2 2005/04/14 04:22:27 snj Exp $ DISTNAME= sharutils-4.2.1 PKGNAME= g${DISTNAME} -PKGREVISION= 5 +PKGREVISION= 6 CATEGORIES= archivers MASTER_SITES= ${MASTER_SITE_GNU:=sharutils/} diff --git a/archivers/gsharutils/distinfo b/archivers/gsharutils/distinfo index 6759501542b..c2bfdeb1ca5 100644 --- a/archivers/gsharutils/distinfo +++ b/archivers/gsharutils/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.10.2.1 2005/04/01 05:03:52 snj Exp $ +$NetBSD: distinfo,v 1.10.2.2 2005/04/14 04:22:27 snj Exp $ SHA1 (sharutils-4.2.1.tar.gz) = 3f0c0af31bd429cee1e088eb74867f20f8d399ef RMD160 (sharutils-4.2.1.tar.gz) = 06e1629aa8a1c982e6032f194df6f5fe85f85b43 @@ -10,6 +10,6 @@ SHA1 (patch-ad) = fe6ba534c9830294c97dd37586aaa2c63d385a4c SHA1 (patch-ae) = 8b88d98af2d1f24ba2623e8d56b36061806f5e12 SHA1 (patch-af) = 50aee8dc24a33892a0f17f7aeb5cfbae1adcb0c9 SHA1 (patch-ag) = af78d21124b33f0d8bdc27969119222e4d79008e -SHA1 (patch-ah) = 1540064ef3a21a4486950ca24432f471bf1366a9 +SHA1 (patch-ah) = 90fed62712aa4d02d66098581d5e5602e391663e SHA1 (patch-ai) = a95e116d517e5fe536a31d12db1c33daaf2609af SHA1 (patch-aj) = 56ee560455a206c6fa5c106f1c759d0a0296dfd7 diff --git a/archivers/gsharutils/patches/patch-ah b/archivers/gsharutils/patches/patch-ah index 069fc6aefc7..3ea76d77254 100644 --- a/archivers/gsharutils/patches/patch-ah +++ b/archivers/gsharutils/patches/patch-ah @@ -1,7 +1,7 @@ -$NetBSD: patch-ah,v 1.4.12.1 2005/04/01 05:03:52 snj Exp $ +$NetBSD: patch-ah,v 1.4.12.2 2005/04/14 04:22:27 snj Exp $ --- src/unshar.c.orig 1995-11-21 17:22:14.000000000 +0100 -+++ src/unshar.c 2005-03-31 15:33:03.000000000 +0200 ++++ src/unshar.c 2005-04-11 20:37:40.000000000 +0200 @@ -346,8 +346,8 @@ { size_t size_read; @@ -34,3 +34,21 @@ $NetBSD: patch-ah,v 1.4.12.1 2005/04/01 05:03:52 snj Exp $ } if (file = fopen (name_buffer, "r"), !file) error (EXIT_FAILURE, errno, name_buffer); +@@ -424,13 +424,15 @@ + } + else + { ++#ifdef __MSDOS__ + sprintf (name_buffer, "/tmp/unsh.%05d", (int) getpid ()); + unlink (name_buffer); + + if (file = fopen (name_buffer, "w+"), !file) + error (EXIT_FAILURE, errno, name_buffer); +-#ifndef __MSDOS__ +- unlink (name_buffer); /* will be deleted on fclose */ ++#else ++ if (file = tmpfile(), !file) ++ error (EXIT_FAILURE, errno, "tmpfile"); + #endif + + while (size_read = fread (copy_buffer, 1, sizeof (copy_buffer), stdin), -- cgit v1.2.3