From 232d51be165e895549ed110152dd69efd5ced751 Mon Sep 17 00:00:00 2001 From: tron Date: Fri, 15 Apr 2005 16:36:39 +0000 Subject: - Fix unsafe file operations in "rpdump" utility (CAN-2005-1066). - Install manual pages for "rpdump" and "rpload" utilities. Bump package revision because of the above changes. --- mail/pine/Makefile | 14 ++++++++------ mail/pine/PLIST | 4 +++- mail/pine/distinfo | 3 ++- mail/pine/patches/patch-ah | 48 ++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 61 insertions(+), 8 deletions(-) create mode 100644 mail/pine/patches/patch-ah (limited to 'mail/pine') diff --git a/mail/pine/Makefile b/mail/pine/Makefile index 5ec2f3c1fe3..eab3f3574c0 100644 --- a/mail/pine/Makefile +++ b/mail/pine/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.103 2005/04/11 21:46:22 tv Exp $ +# $NetBSD: Makefile,v 1.104 2005/04/15 16:36:39 tron Exp $ DISTNAME= pine4.62 PKGNAME= pine-4.62 -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES= mail news MASTER_SITES= ftp://ftp.cac.washington.edu/pine/ \ ftp://ftp.fu-berlin.de/unix/mail/pine/ @@ -80,11 +80,13 @@ do-build: EXTRALDFLAGS="${LDFLAGS} ${LIBS}" do-install: - ${INSTALL_PROGRAM} ${WRKSRC}/bin/pine ${PREFIX}/bin/ - ${INSTALL_PROGRAM} ${WRKSRC}/bin/rpdump ${PREFIX}/bin/ - ${INSTALL_PROGRAM} ${WRKSRC}/bin/rpload ${PREFIX}/bin/ + ${INSTALL_PROGRAM} ${WRKSRC}/bin/pine ${PREFIX}/bin + ${INSTALL_PROGRAM} ${WRKSRC}/bin/rpdump ${PREFIX}/bin + ${INSTALL_PROGRAM} ${WRKSRC}/bin/rpload ${PREFIX}/bin ${INSTALL_DATA_DIR} ${PREFIX}/share/examples/pine - ${INSTALL_MAN} ${WRKSRC}/doc/pine.1 ${PREFIX}/man/man1/pine.1 + ${INSTALL_MAN} ${WRKSRC}/doc/pine.1 ${PREFIX}/man/man1 + ${INSTALL_MAN} ${WRKSRC}/doc/rpdump.1 ${PREFIX}/man/man1 + ${INSTALL_MAN} ${WRKSRC}/doc/rpload.1 ${PREFIX}/man/man1 ( ${ECHO} '# (This file is not part of the pine distribution! - HF)' ; \ ${PREFIX}/bin/pine -conf ) | ${SED} \ -e 's|^\(use-only-domain-name\)=.*$$|\1=No|g' \ diff --git a/mail/pine/PLIST b/mail/pine/PLIST index 51a3b3cb9bf..403bd199750 100644 --- a/mail/pine/PLIST +++ b/mail/pine/PLIST @@ -1,8 +1,10 @@ -@comment $NetBSD: PLIST,v 1.5 2004/05/07 20:00:53 reed Exp $ +@comment $NetBSD: PLIST,v 1.6 2005/04/15 16:36:39 tron Exp $ bin/pine bin/rpdump bin/rpload man/man1/pine.1 +man/man1/rpdump.1 +man/man1/rpload.1 share/pine/tech-notes.txt share/pine/contrib/krb5-setup share/pine/contrib/ldap-setup diff --git a/mail/pine/distinfo b/mail/pine/distinfo index 1a87a168235..a7e2ad87ea5 100644 --- a/mail/pine/distinfo +++ b/mail/pine/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.27 2005/03/19 12:52:28 schwarz Exp $ +$NetBSD: distinfo,v 1.28 2005/04/15 16:36:39 tron Exp $ SHA1 (pine4.62.tar.bz2) = 7011a1030fcf3f78d8fb7d5b7bf2cd46037668f7 RMD160 (pine4.62.tar.bz2) = f906b4db71aa72a1c4f638d0ea046e352a002c34 @@ -10,6 +10,7 @@ SHA1 (patch-ad) = 68e3238369bcdf49867e2facc876a8f434136228 SHA1 (patch-ae) = 0faf3a4161cba517a559a776d2a3a7fcb5116570 SHA1 (patch-af) = 1cd12e0b7aea804528730ed7323e7ea1ac385466 SHA1 (patch-ag) = 74d7e2dc9b986148825335f6f2b52bde963f9a67 +SHA1 (patch-ah) = cb29b1112cb77e96d6a7563dc329bc2e86a725aa SHA1 (patch-al) = 0e25dad2c4caf71b4204f137eee3f85d7b9b507c SHA1 (patch-ap) = ad1733f86195ecbd2211f3af7671c1d1c35803bc SHA1 (patch-aq) = 127023252f8984651c861be23735d50ae85eaa1e diff --git a/mail/pine/patches/patch-ah b/mail/pine/patches/patch-ah new file mode 100644 index 00000000000..170246490ba --- /dev/null +++ b/mail/pine/patches/patch-ah @@ -0,0 +1,48 @@ +$NetBSD: patch-ah,v 1.5 2005/04/15 16:36:39 tron Exp $ + +--- pine/rpdump.c.orig 2004-05-07 23:55:32.000000000 +0100 ++++ pine/rpdump.c 2005-04-15 17:31:21.000000000 +0100 +@@ -82,6 +82,7 @@ + char *argv[]; + { + MAILSTREAM *stream = NULL; ++ int fd; + FILE *fp; + int usage = 0; + char buf[10000]; +@@ -126,6 +127,7 @@ + exit(-1); + } + ++#ifdef UNSECURE_CODE_WITH_RACE_CONDITION + if(access(local, ACCESS_EXISTS) == 0){ + if(access(local, WRITE_ACCESS) == 0){ + +@@ -141,6 +143,7 @@ + exit(-1); + } + } ++#endif + + /* + * Try opening the remote folder. +@@ -206,11 +209,18 @@ + /* + * Try opening the local file. + */ +- if((fp = fopen(local, "w")) == NULL){ ++ if ((fd = open(local, O_WRONLY|O_CREAT|O_EXCL, ++ S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH)) < 0){ + fprintf(stderr, "Can't open \"%s\": %s\n", local, err_desc(errno)); + mail_close(stream); + exit(-1); + } ++ if((fp = fdopen(fd, "w")) == NULL){ ++ fprintf(stderr, "Can't open \"%s\": %s\n", local, err_desc(errno)); ++ mail_close(stream); ++ close(fd); ++ exit(-1); ++ } + + p = data; + for(p = data; p < data+i; p++){ -- cgit v1.2.3