diff options
author | dinoex <dinoex@FreeBSD.org> | 2012-01-18 13:36:49 +0800 |
---|---|---|
committer | dinoex <dinoex@FreeBSD.org> | 2012-01-18 13:36:49 +0800 |
commit | 63b9242b198bce0cebeced1b297998d9f29365dc (patch) | |
tree | 8c8574f09f66d8cbbf6cc5c74ebaaaa0b097a7c3 | |
parent | f403c9c73dbede287f97c7823aeae186cfcbc047 (diff) | |
download | freebsd-ports-gnome-63b9242b198bce0cebeced1b297998d9f29365dc.tar.gz freebsd-ports-gnome-63b9242b198bce0cebeced1b297998d9f29365dc.tar.zst freebsd-ports-gnome-63b9242b198bce0cebeced1b297998d9f29365dc.zip |
- Security patch to re-enable locking of temp files
Security: CVE-2011-4919
-rw-r--r-- | converters/mpack/Makefile | 2 | ||||
-rw-r--r-- | converters/mpack/files/patch-decode.c | 24 | ||||
-rw-r--r-- | converters/mpack/files/patch-unixos.c | 41 | ||||
-rw-r--r-- | converters/mpack/files/patch-unixpk.c | 12 |
4 files changed, 48 insertions, 31 deletions
diff --git a/converters/mpack/Makefile b/converters/mpack/Makefile index 871ec7d5720b..c73486e05e4b 100644 --- a/converters/mpack/Makefile +++ b/converters/mpack/Makefile @@ -7,7 +7,7 @@ PORTNAME= mpack PORTVERSION= 1.6 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= converters mail news MASTER_SITES= ftp://ftp.andrew.cmu.edu/pub/mpack/ diff --git a/converters/mpack/files/patch-decode.c b/converters/mpack/files/patch-decode.c index 83c0ffc62109..f80f7efd10a6 100644 --- a/converters/mpack/files/patch-decode.c +++ b/converters/mpack/files/patch-decode.c @@ -1,5 +1,5 @@ ---- decode.c.orig Mon Jul 21 23:47:54 2003 -+++ decode.c Sun Mar 26 23:08:44 2006 +--- decode.c.orig 2003-07-21 22:47:54.000000000 +0200 ++++ decode.c 2012-01-12 19:22:04.000000000 +0100 @@ -26,8 +26,10 @@ * SOFTWARE. */ @@ -11,8 +11,11 @@ #include "xmalloc.h" #include "common.h" #include "part.h" -@@ -37,6 +39,19 @@ +@@ -35,8 +37,22 @@ + + extern char *os_idtodir(char *id); extern FILE *os_newtypedfile(char *fname, char *contentType, int flags, params contentParams); ++extern FILE *os_createfile(char *fname); extern FILE *os_createnewfile(char *fname); extern char *md5contextTo64(MD5_CTX *context); +extern void warn(char *s); @@ -31,7 +34,7 @@ /* The possible content transfer encodings */ enum encoding { enc_none, enc_qp, enc_base64 }; -@@ -49,6 +64,17 @@ +@@ -49,6 +65,17 @@ void from64(struct part *inpart, FILE *outfile, char **digestp, int suppressCR); void fromqp(struct part *inpart, FILE *outfile, char **digestp); void fromnone(struct part *inpart, FILE *outfile, char **digestp); @@ -49,7 +52,7 @@ /* * Read and handle an RFC 822 message from the body-part 'inpart'. */ -@@ -624,7 +650,7 @@ +@@ -624,7 +651,7 @@ } thispart = atoi(p); @@ -58,7 +61,16 @@ nparts = atoi(p); if (nparts <= 0) { warn("partial message has invalid number of parts"); -@@ -643,7 +669,7 @@ +@@ -632,7 +659,7 @@ + } + /* Store number of parts in reassembly directory */ + sprintf(buf, "%sCT", dir); +- partfile = os_createnewfile(buf); ++ partfile = os_createfile(buf); + if (!partfile) { + os_perror(buf); + goto ignore; +@@ -643,7 +670,7 @@ else { /* Try to retrieve number of parts from reassembly directory */ sprintf(buf, "%sCT", dir); diff --git a/converters/mpack/files/patch-unixos.c b/converters/mpack/files/patch-unixos.c index 37f0668f8020..cb1c0619ae1d 100644 --- a/converters/mpack/files/patch-unixos.c +++ b/converters/mpack/files/patch-unixos.c @@ -1,5 +1,5 @@ ---- unixos.c.orig Mon Jul 21 23:54:05 2003 -+++ unixos.c Sun Mar 26 23:03:33 2006 +--- unixos.c.orig 2003-07-21 22:54:05.000000000 +0200 ++++ unixos.c 2012-01-12 19:22:31.000000000 +0100 @@ -23,24 +23,30 @@ * SOFTWARE. */ @@ -51,19 +51,28 @@ } strcat(buf, "/m-prts-"); p = getenv("USER"); -@@ -136,11 +142,7 @@ - int fd; - FILE *ret; - --#ifdef O_EXCL -- fd=open(fname, O_RDWR|O_CREAT|O_EXCL, 0644); --#else - fd=open(fname, O_RDWR|O_CREAT|O_TRUNC, 0644); --#endif +@@ -131,6 +137,20 @@ + rmdir(dir); + } - if (fd == -1) - return NULL; -@@ -194,7 +196,7 @@ ++FILE *os_createfile(char *fname) ++{ ++ int fd; ++ FILE *ret; ++ ++ fd=open(fname, O_RDWR|O_CREAT|O_TRUNC, 0600); ++ ++ if (fd == -1) ++ return NULL; ++ ++ ret=fdopen(fd, "w"); ++ return ret; ++} ++ + FILE *os_createnewfile(char *fname) + { + int fd; +@@ -194,7 +214,7 @@ do { if (outfile) fclose(outfile); sprintf(buf, "part%d", ++filesuffix); @@ -72,7 +81,7 @@ fname = buf; } else if (!overwrite_files && (outfile = fopen(fname, "r"))) { -@@ -202,7 +204,7 @@ +@@ -202,7 +222,7 @@ fclose(outfile); sprintf(buf, "%s.%d", fname, ++filesuffix); @@ -81,7 +90,7 @@ fname = buf; } -@@ -228,7 +230,7 @@ +@@ -228,7 +248,7 @@ p = strchr(descfname, '/'); if (!p) p = descfname; diff --git a/converters/mpack/files/patch-unixpk.c b/converters/mpack/files/patch-unixpk.c index 4f5d5f4eb7a9..bd536cde9818 100644 --- a/converters/mpack/files/patch-unixpk.c +++ b/converters/mpack/files/patch-unixpk.c @@ -1,5 +1,5 @@ ---- unixpk.c.orig Mon Jul 21 23:50:41 2003 -+++ unixpk.c Sun Mar 26 23:35:56 2006 +--- unixpk.c.orig 2003-07-21 22:50:41.000000000 +0200 ++++ unixpk.c 2012-01-12 18:56:56.000000000 +0100 @@ -23,23 +23,25 @@ * SOFTWARE. */ @@ -41,7 +41,7 @@ subject = sbuf; } -@@ -164,10 +166,10 @@ +@@ -164,7 +166,7 @@ strcpy(fnamebuf, getenv("TMPDIR")); } else { @@ -49,8 +49,4 @@ + strcpy(fnamebuf, "/tmp"); } strcat(fnamebuf, "/mpackXXXXXX"); -- mktemp(fnamebuf); -+ close(mkstemp(fnamebuf)); - outfname = strsave(fnamebuf); - } - + mktemp(fnamebuf); |