Fix an insecure temp file creation vulnerability in zsh-current's difflog.pl (CVE-2007-6209).diff -r1.13 -r1.14 pkgsrc/shells/zsh-current/Makefile
(tonnerre)
@@ -1,18 +1,18 @@ | @@ -1,18 +1,18 @@ | |||
1 | # $NetBSD: Makefile,v 1.13 2007/11/07 09:59:27 bjs Exp $ | 1 | # $NetBSD: Makefile,v 1.14 2008/07/13 18:26:24 tonnerre Exp $ | |
2 | 2 | |||
3 | .include "../../shells/zsh/Makefile.common" | 3 | .include "../../shells/zsh/Makefile.common" | |
4 | 4 | |||
5 | PKGREVISION= 1 | 5 | PKGREVISION= 2 | |
6 | 6 | |||
7 | ZSH_VERSION= 4.3.4 | 7 | ZSH_VERSION= 4.3.4 | |
8 | ZSH_MAINTAINER= uebayasi@NetBSD.org | 8 | ZSH_MAINTAINER= uebayasi@NetBSD.org | |
9 | 9 | |||
10 | USE_TOOLS+= env | 10 | USE_TOOLS+= env | |
11 | 11 | |||
12 | SUBST_CLASSES+= prefix-fixup | 12 | SUBST_CLASSES+= prefix-fixup | |
13 | SUBST_STAGE.prefix-fixup= pre-configure | 13 | SUBST_STAGE.prefix-fixup= pre-configure | |
14 | SUBST_FILES.prefix-fixup= \ | 14 | SUBST_FILES.prefix-fixup= \ | |
15 | Misc/globtests \ | 15 | Misc/globtests \ | |
16 | Misc/globtests.ksh \ | 16 | Misc/globtests.ksh \ | |
17 | Test/ztst.zsh \ | 17 | Test/ztst.zsh \ | |
18 | Util/reporter \ | 18 | Util/reporter \ |
@@ -1,11 +1,12 @@ | @@ -1,11 +1,12 @@ | |||
1 | $NetBSD: distinfo,v 1.11 2007/09/21 08:04:45 uebayasi Exp $ | 1 | $NetBSD: distinfo,v 1.12 2008/07/13 18:26:24 tonnerre Exp $ | |
2 | 2 | |||
3 | SHA1 (zsh-4.3.4.tar.bz2) = 6bd905c4bf61bf3df5e5bb78f64be68366ad7517 | 3 | SHA1 (zsh-4.3.4.tar.bz2) = 6bd905c4bf61bf3df5e5bb78f64be68366ad7517 | |
4 | RMD160 (zsh-4.3.4.tar.bz2) = 2fe0fcf6371d2072c3b7eeae0392c7ef3665457c | 4 | RMD160 (zsh-4.3.4.tar.bz2) = 2fe0fcf6371d2072c3b7eeae0392c7ef3665457c | |
5 | Size (zsh-4.3.4.tar.bz2) = 2374851 bytes | 5 | Size (zsh-4.3.4.tar.bz2) = 2374851 bytes | |
6 | SHA1 (patch-aa) = 15f9d45ea98f89945ca274fc5b0298fa9397f89d | |||
6 | SHA1 (patch-ab) = 799e63e51338d542d6247066d77647365fda09c9 | 7 | SHA1 (patch-ab) = 799e63e51338d542d6247066d77647365fda09c9 | |
7 | SHA1 (patch-ac) = 95e15527e75685cbc140066efeec12127a4863ce | 8 | SHA1 (patch-ac) = 95e15527e75685cbc140066efeec12127a4863ce | |
8 | SHA1 (patch-ae) = 62a763ee77b823d63f245f34122b232cf0344285 | 9 | SHA1 (patch-ae) = 62a763ee77b823d63f245f34122b232cf0344285 | |
9 | SHA1 (patch-af) = baceb8c014b1a6d8291412bf111ca117514ecb4e | 10 | SHA1 (patch-af) = baceb8c014b1a6d8291412bf111ca117514ecb4e | |
10 | SHA1 (patch-ag) = ddcefd4ebcb4457eaed0bcf70273c35641ca0bde | 11 | SHA1 (patch-ag) = ddcefd4ebcb4457eaed0bcf70273c35641ca0bde | |
11 | SHA1 (patch-ah) = 772f98cbc8487fb074b35030c2ad26eeedb7343a | 12 | SHA1 (patch-ah) = 772f98cbc8487fb074b35030c2ad26eeedb7343a |
$NetBSD: patch-aa,v 1.7 2008/07/13 18:26:24 tonnerre Exp $
--- Util/difflog.pl.orig 2002-04-18 16:35:17.000000000 +0200
+++ Util/difflog.pl
@@ -2,10 +2,13 @@
use strict;
use IO::File;
+use File::Temp;
my @differ = qw(diff -bw);
-my $oldtmp = "/tmp/difflog$$.old";
-my $newtmp = "/tmp/difflog$$.new";
+my $oldf = new File::Temp(TEMPLATE => 'difflogXXXXX', DIR => '/tmp/', SUFFIX => '.old');
+my $newf = new File::Temp(TEMPLATE => 'difflogXXXXX', DIR => '/tmp/', SUFFIX => '.new');
+my $oldtmp = $oldf->filename;
+my $newtmp = $newf->filename;
my $newfn = pop(@ARGV);
my $oldfn = pop(@ARGV);