From 2819c3047d8deaddfdfb53f07e7ecd2d31fd37ac Mon Sep 17 00:00:00 2001 From: adrianp Date: Sat, 16 Jul 2005 18:55:22 +0000 Subject: Bump to nb1 for security issue Patch via debian --- chat/centericq/Makefile | 3 ++- chat/centericq/distinfo | 3 ++- chat/centericq/patches/patch-ae | 37 +++++++++++++++++++++++++++++++++++++ 3 files changed, 41 insertions(+), 2 deletions(-) create mode 100644 chat/centericq/patches/patch-ae (limited to 'chat') diff --git a/chat/centericq/Makefile b/chat/centericq/Makefile index c8f7867227c..b2ea1c3eb62 100644 --- a/chat/centericq/Makefile +++ b/chat/centericq/Makefile @@ -1,7 +1,8 @@ -# $NetBSD: Makefile,v 1.51 2005/07/16 01:19:07 jlam Exp $ +# $NetBSD: Makefile,v 1.52 2005/07/16 18:55:22 adrianp Exp $ # DISTNAME= centericq-4.20.0 +PKGREVISION= 1 CATEGORIES= chat MASTER_SITES= http://konst.org.ua/download/ \ http://centericq.de/archive/source/releases/ diff --git a/chat/centericq/distinfo b/chat/centericq/distinfo index ef5ed2ffb2f..455f905d27a 100644 --- a/chat/centericq/distinfo +++ b/chat/centericq/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.15 2005/04/05 12:44:17 wiz Exp $ +$NetBSD: distinfo,v 1.16 2005/07/16 18:55:23 adrianp Exp $ SHA1 (centericq-4.20.0.tar.bz2) = 14b37c5257039853f0a1b948c7eaa49581a5913c RMD160 (centericq-4.20.0.tar.bz2) = 7f17cd87aa4b98269fa65173b3e6317143c7c8ca @@ -7,3 +7,4 @@ SHA1 (patch-aa) = 47dc554bb923e8fe3c5aeb3792166dc3fea1b46a SHA1 (patch-ab) = 6d9beb28024666bbfef2e95cab648d7058f8136c SHA1 (patch-ac) = 74ae25e19bf5d250a407a937bf78405b38cc86da SHA1 (patch-ad) = be8ba5c952bf560b0758c97ba81c4faef04ffe49 +SHA1 (patch-ae) = 01b4bf2e26c9974b189ffe5d0361651aabaef549 diff --git a/chat/centericq/patches/patch-ae b/chat/centericq/patches/patch-ae new file mode 100644 index 00000000000..46dd6943eeb --- /dev/null +++ b/chat/centericq/patches/patch-ae @@ -0,0 +1,37 @@ +$NetBSD: patch-ae,v 1.1 2005/07/16 18:55:23 adrianp Exp $ + +--- src/hooks/gaduhook.cc.orig 2005-01-18 23:20:17.000000000 +0000 ++++ src/hooks/gaduhook.cc +@@ -893,6 +893,7 @@ static char *token_ocr(const char *ocr, + string gaduhook::handletoken(struct gg_http *h) { + struct gg_token *t; + string fname, r; ++ char *tmpfilep = NULL; + + if(!h) + return ""; +@@ -906,8 +907,22 @@ string gaduhook::handletoken(struct gg_h + if(!(t = (struct gg_token *) h->data) || !h->body) + return ""; + +- fname = (getenv("TMPDIR") ? getenv("TMPDIR") : "/tmp"); +- fname += "/gg.token." + i2str(getpid()); ++ while (tmpfilep == NULL) { ++ char tmpnam[100]; ++ int tmpfiledes; ++ if (getenv("TMPDIR") && strlen(getenv("TMPDIR")) < 50) ++ sprintf (tmpnam, "%s/gg.token.XXXXXX", getenv("TMPDIR")); ++ else ++ sprintf (tmpnam, "/tmp/gg.token.XXXXXX"); ++ ++ if ((tmpfilep = mktemp (tmpnam)) != NULL) { ++ if ((tmpfiledes = open (tmpnam, O_CREAT | O_EXCL, S_IREAD | S_IWRITE)) == -1) ++ tmpfilep = NULL; ++ else ++ close (tmpfiledes); ++ } ++ fname = tmpnam; ++ } + + ofstream bf(fname.c_str()); + -- cgit v1.2.3