diff options
| author | bmah <bmah@FreeBSD.org> | 2001-01-17 04:19:10 +0800 |
|---|---|---|
| committer | bmah <bmah@FreeBSD.org> | 2001-01-17 04:19:10 +0800 |
| commit | 94a6747fb685b9cd69899034dc1f8143e39cfd2d (patch) | |
| tree | 9bd390e26cb577a51e752b6478cf1e300fa39386 /mail | |
| parent | c8340c296a8c54b09b0d6a3656cfd2c72159f533 (diff) | |
| download | freebsd-ports-gnome-94a6747fb685b9cd69899034dc1f8143e39cfd2d.tar.gz freebsd-ports-gnome-94a6747fb685b9cd69899034dc1f8143e39cfd2d.tar.zst freebsd-ports-gnome-94a6747fb685b9cd69899034dc1f8143e39cfd2d.zip | |
Fix for a symlink attack posted to bugtraq. The patches committed here
were generated from exmh's CVS source code respository, and will be
removed from the port directory when the next version of exmh is
released (RSN).
Bump PORTREVISION.
Obtained from: exmh CVS repository
Diffstat (limited to 'mail')
| -rw-r--r-- | mail/exmh2/Makefile | 1 | ||||
| -rw-r--r-- | mail/exmh2/files/patch-env.tcl | 59 | ||||
| -rw-r--r-- | mail/exmh2/files/patch-error.tcl | 20 |
3 files changed, 80 insertions, 0 deletions
diff --git a/mail/exmh2/Makefile b/mail/exmh2/Makefile index 6659ff2bbca8..548301d7f24c 100644 --- a/mail/exmh2/Makefile +++ b/mail/exmh2/Makefile @@ -8,6 +8,7 @@ # "+=" and "?=" lines are for sharing this Makefile with japanese/exmh2. PORTNAME= exmh PORTVERSION= 2.2 +PORTREVISION= 1 CATEGORIES+= mail tk82 MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} MASTER_SITE_SUBDIR= ${PORTNAME} diff --git a/mail/exmh2/files/patch-env.tcl b/mail/exmh2/files/patch-env.tcl new file mode 100644 index 000000000000..1143f6cc2bb2 --- /dev/null +++ b/mail/exmh2/files/patch-env.tcl @@ -0,0 +1,59 @@ +Index: lib/env.tcl +=================================================================== +RCS file: /cvsroot/exmh/exmh/lib/env.tcl,v +retrieving revision 1.1 +retrieving revision 1.3 +diff -c -r1.1 -r1.3 +*** lib/env.tcl 1998/05/05 17:55:23 1.1 +--- lib/env.tcl 2001/01/16 02:07:46 1.3 +*************** +*** 34,44 **** + } + + # Init TMPDIR +! if [info exists env(EXMHTMPDIR)] { + set env(TMPDIR) $env(EXMHTMPDIR) + } +! if {![info exists env(TMPDIR)] || ![file isdirectory $env(TMPDIR)]} { +! set env(TMPDIR) /tmp + } + + # Make sure MH is on the path +--- 34,45 ---- + } + + # Init TMPDIR +! +! if {[info exists env(EXMHTMPDIR)]} { + set env(TMPDIR) $env(EXMHTMPDIR) + } +! if {![info exists env(TMPDIR)]} { +! set env(TMPDIR) /tmp/$env(USER) + } + + # Make sure MH is on the path +*************** +*** 58,63 **** +--- 59,80 ---- + + proc Env_Tmp {} { + global env ++ ++ # Doing this every time we use the temp file directory ensures ++ # no-one steals it without the user knowing it. ++ ++ if {[catch { ++ file mkdir $env(TMPDIR) ++ if {$env(TMPDIR) != "/tmp"} { ++ file attributes $env(TMPDIR) -permissions 0700 ++ } ++ } err]} { ++ puts $err ++ catch {puts stderr "WARNING: exmh using unsafe /tmp directory"} ++ Exmh_Status "WARNING: exmh using unsafe /tmp directory" red ++ set env(TMPDIR) /tmp ++ } ++ + return $env(TMPDIR) + } + diff --git a/mail/exmh2/files/patch-error.tcl b/mail/exmh2/files/patch-error.tcl new file mode 100644 index 000000000000..8c429f98ae90 --- /dev/null +++ b/mail/exmh2/files/patch-error.tcl @@ -0,0 +1,20 @@ +Index: lib/error.tcl +=================================================================== +RCS file: /cvsroot/exmh/exmh/lib/error.tcl,v +retrieving revision 1.2 +retrieving revision 1.3 +diff -c -r1.2 -r1.3 +*** error.tcl 1999/03/26 18:02:56 1.2 +--- error.tcl 2001/01/03 23:51:59 1.3 +*************** +*** 118,123 **** +--- 118,126 ---- + + proc ExmhMailError { w errInfo } { + global exmh ++ if [file exists [Env_Tmp]/exmhErrorMsg] { ++ file delete [Env_Tmp]/exmhErrorMsg ++ } + if [catch {open [Env_Tmp]/exmhErrorMsg w} out] { + Exmh_Status "Cannot open [Env_Tmp]/exmhErrorMsg" purple + return |