Fix an insecure temp file creation vulnerability in zsh's difflog.pl (CVE-2007-6209).diff -r1.51 -r1.52 pkgsrc/shells/zsh/Makefile
(tonnerre)
@@ -1,8 +1,9 @@ | @@ -1,8 +1,9 @@ | |||
1 | # $NetBSD: Makefile,v 1.51 2005/12/07 03:00:50 uebayasi Exp $ | 1 | # $NetBSD: Makefile,v 1.52 2008/07/13 18:22:01 tonnerre Exp $ | |
2 | 2 | |||
3 | .include "../../shells/zsh/Makefile.common" | 3 | .include "../../shells/zsh/Makefile.common" | |
4 | 4 | |||
5 | ZSH_VERSION= 4.2.6 | 5 | ZSH_VERSION= 4.2.6 | |
6 | ZSH_MAINTAINER= uebayasi@NetBSD.org | 6 | ZSH_MAINTAINER= uebayasi@NetBSD.org | |
7 | PKGREVISION= 1 | |||
7 | 8 | |||
8 | .include "../../mk/bsd.pkg.mk" | 9 | .include "../../mk/bsd.pkg.mk" |
@@ -1,38 +1,40 @@ | @@ -1,38 +1,40 @@ | |||
1 | # $NetBSD: Makefile.common,v 1.46 2008/07/03 09:07:26 uebayasi Exp $ | 1 | # $NetBSD: Makefile.common,v 1.47 2008/07/13 18:22:01 tonnerre Exp $ | |
2 | 2 | |||
3 | DISTNAME= zsh-${ZSH_VERSION} | 3 | DISTNAME= zsh-${ZSH_VERSION} | |
4 | CATEGORIES= shells | 4 | CATEGORIES= shells | |
5 | MASTER_SITES= ftp://mirrors.dotsrc.org/zsh/ \ | 5 | MASTER_SITES= ftp://mirrors.dotsrc.org/zsh/ \ | |
6 | ftp://ftp.fu-berlin.de/pub/unix/shells/zsh/ \ | 6 | ftp://ftp.fu-berlin.de/pub/unix/shells/zsh/ \ | |
7 | ftp://ftp.funet.fi/pub/unix/shells/zsh/ \ | 7 | ftp://ftp.funet.fi/pub/unix/shells/zsh/ \ | |
8 | http://www.math.technion.ac.il/pub/zsh/ \ | 8 | http://www.math.technion.ac.il/pub/zsh/ \ | |
9 | ftp://ftp.zsh.org/zsh/ | 9 | ftp://ftp.zsh.org/zsh/ | |
10 | EXTRACT_SUFX= .tar.bz2 | 10 | EXTRACT_SUFX= .tar.bz2 | |
11 | 11 | |||
12 | MAINTAINER= ${ZSH_MAINTAINER} | 12 | MAINTAINER= ${ZSH_MAINTAINER} | |
13 | HOMEPAGE= http://zsh.dotsrc.org/ | 13 | HOMEPAGE= http://zsh.dotsrc.org/ | |
14 | COMMENT= The Z shell | 14 | COMMENT= The Z shell | |
15 | 15 | |||
16 | PKG_DESTDIR_SUPPORT= user-destdir | 16 | PKG_DESTDIR_SUPPORT= user-destdir | |
17 | 17 | |||
18 | GNU_CONFIGURE= yes | 18 | GNU_CONFIGURE= yes | |
19 | 19 | |||
20 | CONFIGURE_ARGS+= --enable-etcdir=${PKG_SYSCONFDIR:Q} | 20 | CONFIGURE_ARGS+= --enable-etcdir=${PKG_SYSCONFDIR:Q} | |
21 | 21 | |||
22 | USE_TOOLS+= makeinfo | 22 | USE_TOOLS+= makeinfo | |
23 | INFO_FILES= # PLIST | 23 | INFO_FILES= # PLIST | |
24 | TEXINFO_REQD= 4.0 | 24 | TEXINFO_REQD= 4.0 | |
25 | 25 | |||
26 | DEPENDS+= p5-File-Temp-[0-9]*:../../devel/p5-File-Temp | |||
27 | ||||
26 | PKG_INSTALLATION_TYPES= overwrite pkgviews | 28 | PKG_INSTALLATION_TYPES= overwrite pkgviews | |
27 | 29 | |||
28 | .include "../../mk/bsd.prefs.mk" | 30 | .include "../../mk/bsd.prefs.mk" | |
29 | 31 | |||
30 | # Handle any PKG_OPTIONS that this package might have. | 32 | # Handle any PKG_OPTIONS that this package might have. | |
31 | .sinclude "options.mk" | 33 | .sinclude "options.mk" | |
32 | 34 | |||
33 | BUILD_DEFS+= ZSH_STATIC | 35 | BUILD_DEFS+= ZSH_STATIC | |
34 | MAKE_JOBS_SAFE= no | 36 | MAKE_JOBS_SAFE= no | |
35 | 37 | |||
36 | .if defined(ZSH_STATIC) && !empty(ZSH_STATIC:M[Yy][Ee][Ss]) | 38 | .if defined(ZSH_STATIC) && !empty(ZSH_STATIC:M[Yy][Ee][Ss]) | |
37 | CONFIGURE_ARGS+= --disable-dynamic | 39 | CONFIGURE_ARGS+= --disable-dynamic | |
38 | 40 |
@@ -1,8 +1,9 @@ | @@ -1,8 +1,9 @@ | |||
1 | $NetBSD: distinfo,v 1.26 2006/04/07 15:28:49 jlam Exp $ | 1 | $NetBSD: distinfo,v 1.27 2008/07/13 18:22:01 tonnerre Exp $ | |
2 | 2 | |||
3 | SHA1 (zsh-4.2.6.tar.bz2) = e00c3eda3f52c9514bb625bb56e4480358170d39 | 3 | SHA1 (zsh-4.2.6.tar.bz2) = e00c3eda3f52c9514bb625bb56e4480358170d39 | |
4 | RMD160 (zsh-4.2.6.tar.bz2) = e4400fc6311bf6996128ecf7899592d6d8cdb310 | 4 | RMD160 (zsh-4.2.6.tar.bz2) = e4400fc6311bf6996128ecf7899592d6d8cdb310 | |
5 | Size (zsh-4.2.6.tar.bz2) = 2098671 bytes | 5 | Size (zsh-4.2.6.tar.bz2) = 2098671 bytes | |
6 | SHA1 (patch-aa) = 15f9d45ea98f89945ca274fc5b0298fa9397f89d | |||
6 | SHA1 (patch-ab) = 815de90c379035dbc02b251cee148f6df47f9a65 | 7 | SHA1 (patch-ab) = 815de90c379035dbc02b251cee148f6df47f9a65 | |
7 | SHA1 (patch-ac) = 965b56e5ae39d6523416752c1390f01315c5d758 | 8 | SHA1 (patch-ac) = 965b56e5ae39d6523416752c1390f01315c5d758 | |
8 | SHA1 (patch-ae) = 7d4514d0bad6553d3c0cf115874bf50ed0da3d48 | 9 | SHA1 (patch-ae) = 7d4514d0bad6553d3c0cf115874bf50ed0da3d48 |
$NetBSD: patch-aa,v 1.7 2008/07/13 18:22:01 tonnerre Exp $
--- Util/difflog.pl.orig 2002-04-18 16:35:17.000000000 +0200
+++ Util/difflog.pl
@@ -2,10 +2,13 @@
use strict;
use IO::File;
+use File::Temp;
my @differ = qw(diff -bw);
-my $oldtmp = "/tmp/difflog$$.old";
-my $newtmp = "/tmp/difflog$$.new";
+my $oldf = new File::Temp(TEMPLATE => 'difflogXXXXX', DIR => '/tmp/', SUFFIX => '.old');
+my $newf = new File::Temp(TEMPLATE => 'difflogXXXXX', DIR => '/tmp/', SUFFIX => '.new');
+my $oldtmp = $oldf->filename;
+my $newtmp = $newf->filename;
my $newfn = pop(@ARGV);
my $oldfn = pop(@ARGV);