aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authordinoex <dinoex@FreeBSD.org>2012-01-18 13:36:49 +0800
committerdinoex <dinoex@FreeBSD.org>2012-01-18 13:36:49 +0800
commit63b9242b198bce0cebeced1b297998d9f29365dc (patch)
tree8c8574f09f66d8cbbf6cc5c74ebaaaa0b097a7c3
parentf403c9c73dbede287f97c7823aeae186cfcbc047 (diff)
downloadfreebsd-ports-gnome-63b9242b198bce0cebeced1b297998d9f29365dc.tar.gz
freebsd-ports-gnome-63b9242b198bce0cebeced1b297998d9f29365dc.tar.zst
freebsd-ports-gnome-63b9242b198bce0cebeced1b297998d9f29365dc.zip
- Security patch to re-enable locking of temp files
Security: CVE-2011-4919
-rw-r--r--converters/mpack/Makefile2
-rw-r--r--converters/mpack/files/patch-decode.c24
-rw-r--r--converters/mpack/files/patch-unixos.c41
-rw-r--r--converters/mpack/files/patch-unixpk.c12
4 files changed, 48 insertions, 31 deletions
diff --git a/converters/mpack/Makefile b/converters/mpack/Makefile
index 871ec7d5720b..c73486e05e4b 100644
--- a/converters/mpack/Makefile
+++ b/converters/mpack/Makefile
@@ -7,7 +7,7 @@
PORTNAME= mpack
PORTVERSION= 1.6
-PORTREVISION= 2
+PORTREVISION= 3
CATEGORIES= converters mail news
MASTER_SITES= ftp://ftp.andrew.cmu.edu/pub/mpack/
diff --git a/converters/mpack/files/patch-decode.c b/converters/mpack/files/patch-decode.c
index 83c0ffc62109..f80f7efd10a6 100644
--- a/converters/mpack/files/patch-decode.c
+++ b/converters/mpack/files/patch-decode.c
@@ -1,5 +1,5 @@
---- decode.c.orig Mon Jul 21 23:47:54 2003
-+++ decode.c Sun Mar 26 23:08:44 2006
+--- decode.c.orig 2003-07-21 22:47:54.000000000 +0200
++++ decode.c 2012-01-12 19:22:04.000000000 +0100
@@ -26,8 +26,10 @@
* SOFTWARE. */
@@ -11,8 +11,11 @@
#include "xmalloc.h"
#include "common.h"
#include "part.h"
-@@ -37,6 +39,19 @@
+@@ -35,8 +37,22 @@
+
+ extern char *os_idtodir(char *id);
extern FILE *os_newtypedfile(char *fname, char *contentType, int flags, params contentParams);
++extern FILE *os_createfile(char *fname);
extern FILE *os_createnewfile(char *fname);
extern char *md5contextTo64(MD5_CTX *context);
+extern void warn(char *s);
@@ -31,7 +34,7 @@
/* The possible content transfer encodings */
enum encoding { enc_none, enc_qp, enc_base64 };
-@@ -49,6 +64,17 @@
+@@ -49,6 +65,17 @@
void from64(struct part *inpart, FILE *outfile, char **digestp, int suppressCR);
void fromqp(struct part *inpart, FILE *outfile, char **digestp);
void fromnone(struct part *inpart, FILE *outfile, char **digestp);
@@ -49,7 +52,7 @@
/*
* Read and handle an RFC 822 message from the body-part 'inpart'.
*/
-@@ -624,7 +650,7 @@
+@@ -624,7 +651,7 @@
}
thispart = atoi(p);
@@ -58,7 +61,16 @@
nparts = atoi(p);
if (nparts <= 0) {
warn("partial message has invalid number of parts");
-@@ -643,7 +669,7 @@
+@@ -632,7 +659,7 @@
+ }
+ /* Store number of parts in reassembly directory */
+ sprintf(buf, "%sCT", dir);
+- partfile = os_createnewfile(buf);
++ partfile = os_createfile(buf);
+ if (!partfile) {
+ os_perror(buf);
+ goto ignore;
+@@ -643,7 +670,7 @@
else {
/* Try to retrieve number of parts from reassembly directory */
sprintf(buf, "%sCT", dir);
diff --git a/converters/mpack/files/patch-unixos.c b/converters/mpack/files/patch-unixos.c
index 37f0668f8020..cb1c0619ae1d 100644
--- a/converters/mpack/files/patch-unixos.c
+++ b/converters/mpack/files/patch-unixos.c
@@ -1,5 +1,5 @@
---- unixos.c.orig Mon Jul 21 23:54:05 2003
-+++ unixos.c Sun Mar 26 23:03:33 2006
+--- unixos.c.orig 2003-07-21 22:54:05.000000000 +0200
++++ unixos.c 2012-01-12 19:22:31.000000000 +0100
@@ -23,24 +23,30 @@
* SOFTWARE.
*/
@@ -51,19 +51,28 @@
}
strcat(buf, "/m-prts-");
p = getenv("USER");
-@@ -136,11 +142,7 @@
- int fd;
- FILE *ret;
-
--#ifdef O_EXCL
-- fd=open(fname, O_RDWR|O_CREAT|O_EXCL, 0644);
--#else
- fd=open(fname, O_RDWR|O_CREAT|O_TRUNC, 0644);
--#endif
+@@ -131,6 +137,20 @@
+ rmdir(dir);
+ }
- if (fd == -1)
- return NULL;
-@@ -194,7 +196,7 @@
++FILE *os_createfile(char *fname)
++{
++ int fd;
++ FILE *ret;
++
++ fd=open(fname, O_RDWR|O_CREAT|O_TRUNC, 0600);
++
++ if (fd == -1)
++ return NULL;
++
++ ret=fdopen(fd, "w");
++ return ret;
++}
++
+ FILE *os_createnewfile(char *fname)
+ {
+ int fd;
+@@ -194,7 +214,7 @@
do {
if (outfile) fclose(outfile);
sprintf(buf, "part%d", ++filesuffix);
@@ -72,7 +81,7 @@
fname = buf;
}
else if (!overwrite_files && (outfile = fopen(fname, "r"))) {
-@@ -202,7 +204,7 @@
+@@ -202,7 +222,7 @@
fclose(outfile);
sprintf(buf, "%s.%d", fname, ++filesuffix);
@@ -81,7 +90,7 @@
fname = buf;
}
-@@ -228,7 +230,7 @@
+@@ -228,7 +248,7 @@
p = strchr(descfname, '/');
if (!p) p = descfname;
diff --git a/converters/mpack/files/patch-unixpk.c b/converters/mpack/files/patch-unixpk.c
index 4f5d5f4eb7a9..bd536cde9818 100644
--- a/converters/mpack/files/patch-unixpk.c
+++ b/converters/mpack/files/patch-unixpk.c
@@ -1,5 +1,5 @@
---- unixpk.c.orig Mon Jul 21 23:50:41 2003
-+++ unixpk.c Sun Mar 26 23:35:56 2006
+--- unixpk.c.orig 2003-07-21 22:50:41.000000000 +0200
++++ unixpk.c 2012-01-12 18:56:56.000000000 +0100
@@ -23,23 +23,25 @@
* SOFTWARE.
*/
@@ -41,7 +41,7 @@
subject = sbuf;
}
-@@ -164,10 +166,10 @@
+@@ -164,7 +166,7 @@
strcpy(fnamebuf, getenv("TMPDIR"));
}
else {
@@ -49,8 +49,4 @@
+ strcpy(fnamebuf, "/tmp");
}
strcat(fnamebuf, "/mpackXXXXXX");
-- mktemp(fnamebuf);
-+ close(mkstemp(fnamebuf));
- outfname = strsave(fnamebuf);
- }
-
+ mktemp(fnamebuf);