From: "Tyler R. Retzlaff" <rtr@netbsd.org>
Subject: CVS commit: [pkgsrc-2008Q1] pkgsrc/benchmarks/netperf
To: pkgsrc-changes@NetBSD.org
Reply-To: rtr@netbsd.org
Message-Id: <20080513123513.7C5E8175D0@cvs.netbsd.org>
Date: Tue, 13 May 2008 12:35:13 +0000 (UTC)
Sender: pkgsrc-changes-owner@NetBSD.org
Precedence: list


Module Name:	pkgsrc
Committed By:	rtr
Date:		Tue May 13 12:35:13 UTC 2008

Modified Files:
	pkgsrc/benchmarks/netperf [pkgsrc-2008Q1]: Makefile distinfo
Added Files:
	pkgsrc/benchmarks/netperf/patches [pkgsrc-2008Q1]: patch-ah patch-ai
	    patch-ak

Log Message:
pullup ticket #2374 - requested by tonnerre
netperf: fix for symlink vulnerability

revisions pulled up:
- pkgsrc/benchmarks/netperf/Makefile		1.5
- pkgsrc/benchmarks/netperf/distinfo		1.3
- pkgsrc/benchmarks/netperf/patches/patch-ah	1.1
- pkgsrc/benchmarks/netperf/patches/patch-ai	1.1
- pkgsrc/benchmarks/netperf/patches/patch-ak	1.1

   Module Name:	pkgsrc
   Committed By:	tonnerre
   Date:		Mon May 12 15:49:31 UTC 2008

   Modified Files:
   	pkgsrc/benchmarks/netperf: Makefile distinfo
   Added Files:
   	pkgsrc/benchmarks/netperf/patches: patch-ah patch-ai patch-ak

   Log Message:
   Use mkstemp in netperf code to open the debug log in order to avoid
   a symlink vulnerability. This fixes CVE-2007-1444.


To generate a diff of this commit:
cvs rdiff -r1.4 -r1.4.4.1 pkgsrc/benchmarks/netperf/Makefile
cvs rdiff -r1.2 -r1.2.6.1 pkgsrc/benchmarks/netperf/distinfo
cvs rdiff -r0 -r1.1.2.2 pkgsrc/benchmarks/netperf/patches/patch-ah \
    pkgsrc/benchmarks/netperf/patches/patch-ai \
    pkgsrc/benchmarks/netperf/patches/patch-ak

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.