aboutsummaryrefslogtreecommitdiffstats
path: root/news/newsgrab
diff options
context:
space:
mode:
authorniels <niels@FreeBSD.org>2005-02-01 17:36:44 +0800
committerniels <niels@FreeBSD.org>2005-02-01 17:36:44 +0800
commit171562d5c1821bdb5c2339831c8fe0322d51cf19 (patch)
treeaad05c63df66800aea2fdc50fa6e07e83b87db28 /news/newsgrab
parenta60ed02c90311535e33ae60a4d20011c4815bf20 (diff)
downloadfreebsd-ports-gnome-171562d5c1821bdb5c2339831c8fe0322d51cf19.tar.gz
freebsd-ports-gnome-171562d5c1821bdb5c2339831c8fe0322d51cf19.tar.zst
freebsd-ports-gnome-171562d5c1821bdb5c2339831c8fe0322d51cf19.zip
Fixed directory traversal in file creation and fixed usage of insecure permissions.
Approved by: nectar (mentor), maintainer VuXML: http://vuxml.freebsd.org/35f6093c-73c3-11d9-8a93-00065be4b5b6.html VuXML: http://vuxml.freebsd.org/cd7e260a-6bff-11d9-a5df-00065be4b5b6.html
Diffstat (limited to 'news/newsgrab')
-rw-r--r--news/newsgrab/Makefile1
-rw-r--r--news/newsgrab/files/patch-newsgrab.pl43
2 files changed, 44 insertions, 0 deletions
diff --git a/news/newsgrab/Makefile b/news/newsgrab/Makefile
index 6d4640bb4013..8782c888aaf4 100644
--- a/news/newsgrab/Makefile
+++ b/news/newsgrab/Makefile
@@ -7,6 +7,7 @@
PORTNAME= newsgrab
PORTVERSION= 0.4.0
+PORTREVISION= 1
CATEGORIES= news
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE}
MASTER_SITE_SUBDIR= newsgrab
diff --git a/news/newsgrab/files/patch-newsgrab.pl b/news/newsgrab/files/patch-newsgrab.pl
new file mode 100644
index 000000000000..2c4227a0949f
--- /dev/null
+++ b/news/newsgrab/files/patch-newsgrab.pl
@@ -0,0 +1,43 @@
+--- newsgrab.pl.orig Wed Mar 26 14:07:11 2003
++++ newsgrab.pl Thu Jan 27 10:36:23 2005
+@@ -178,7 +178,7 @@
+ if ($input_outdir) {
+ # Create the directory for the files, if it doesn't exits.
+ if (! -e $input_outdir) {
+- if (!(mkdir $input_outdir, 0777)) {
++ if (!(mkdir $input_outdir, 0600)) {
+ stat_print "Unable to create output dir '$input_outdir'",
+ "ERROR";
+ exit 1;
+@@ -853,6 +853,7 @@
+ chomp;
+ if(/^begin\s*(\d*)\s*(.*)/) {
+ ($mode, $file) = ($1, $2);
++ $file =~ s/^.*\///g;
+ if (-e "$OUTDIR/$file") {
+ print STDERR "File: '$file' already exists. skipping\n";
+ undef $file;
+@@ -867,13 +868,8 @@
+ }
+ if (/^end/) {
+ close (OUT);
+- if (!($mode)) {
+- stat_print "No mode supplied for file", "Warning";
+- } elsif (!($file)) {
+- stat_print "No filename to chmod().. Wierd", "Error";
+- } else {
+- chmod oct($mode), "$OUTDIR/$file";
+- }
++
++ chmod 0600 , "$OUTDIR/$file";
+ # Set $file and $mode to undef, we have reached the end of this file
+ undef $file;
+ undef $mode;
+@@ -926,6 +922,7 @@
+ if(/ name=(.*)$/) {
+ $ydec_name = $1;
+ $ydec_name =~ s/\s+$//g; # Strip wierdo chars
++ $ydec_name =~ s/^.*\///g;
+ #print "Found attach ".$ydec_name." of size ".$ydec_size."\n";
+ } else {
+ print STDERR "Unknown attach name\n";