Sun Jul 13 20:35:46 2008 UTC ()
Add patches for wml privilege escalation (CVE-2008-0665 and CVE-2008-0666).
(tonnerre)
diff -r1.27 -r1.28 pkgsrc/www/wml/Makefile
diff -r1.8 -r1.9 pkgsrc/www/wml/distinfo
diff -r0 -r1.1 pkgsrc/www/wml/patches/patch-aj
diff -r0 -r1.1 pkgsrc/www/wml/patches/patch-ak
diff -r0 -r1.1 pkgsrc/www/wml/patches/patch-al
--- pkgsrc/www/wml/Attic/Makefile 2007/09/29 21:23:12 1.27
+++ pkgsrc/www/wml/Attic/Makefile 2008/07/13 20:35:46 1.28
| @@ -1,18 +1,18 @@ | | | @@ -1,18 +1,18 @@ |
1 | # $NetBSD: Makefile,v 1.27 2007/09/29 21:23:12 heinz Exp $ | | 1 | # $NetBSD: Makefile,v 1.28 2008/07/13 20:35:46 tonnerre Exp $ |
2 | # | | 2 | # |
3 | | | 3 | |
4 | DISTNAME= wml-2.0.9 | | 4 | DISTNAME= wml-2.0.9 |
5 | PKGREVISION= 2 | | 5 | PKGREVISION= 3 |
6 | CATEGORIES= www perl5 | | 6 | CATEGORIES= www perl5 |
7 | MASTER_SITES= http://thewml.org/distrib/ | | 7 | MASTER_SITES= http://thewml.org/distrib/ |
8 | | | 8 | |
9 | MAINTAINER= kim@tac.nyc.ny.us | | 9 | MAINTAINER= kim@tac.nyc.ny.us |
10 | HOMEPAGE= http://thewml.org/ | | 10 | HOMEPAGE= http://thewml.org/ |
11 | COMMENT= Web Meta Language | | 11 | COMMENT= Web Meta Language |
12 | | | 12 | |
13 | PKG_DESTDIR_SUPPORT= user-destdir | | 13 | PKG_DESTDIR_SUPPORT= user-destdir |
14 | | | 14 | |
15 | DEPENDS+= p5-Bit-Vector>=5.2:../../devel/p5-Bit-Vector | | 15 | DEPENDS+= p5-Bit-Vector>=5.2:../../devel/p5-Bit-Vector |
16 | DEPENDS+= p5-Image-Size>=2.6:../../graphics/p5-Image-Size | | 16 | DEPENDS+= p5-Image-Size>=2.6:../../graphics/p5-Image-Size |
17 | DEPENDS+= p5-Term-ReadKey>=2.11:../../devel/p5-Term-ReadKey | | 17 | DEPENDS+= p5-Term-ReadKey>=2.11:../../devel/p5-Term-ReadKey |
18 | #DEPENDS+= tidy-[0-9]*:../../www/tidy | | 18 | #DEPENDS+= tidy-[0-9]*:../../www/tidy |
--- pkgsrc/www/wml/Attic/distinfo 2007/09/29 21:23:12 1.8
+++ pkgsrc/www/wml/Attic/distinfo 2008/07/13 20:35:46 1.9
| @@ -1,14 +1,17 @@ | | | @@ -1,14 +1,17 @@ |
1 | $NetBSD: distinfo,v 1.8 2007/09/29 21:23:12 heinz Exp $ | | 1 | $NetBSD: distinfo,v 1.9 2008/07/13 20:35:46 tonnerre Exp $ |
2 | | | 2 | |
3 | SHA1 (wml-2.0.9.tar.gz) = ce95ad9c55fd52e2028099d391858d88cffd5d9f | | 3 | SHA1 (wml-2.0.9.tar.gz) = ce95ad9c55fd52e2028099d391858d88cffd5d9f |
4 | RMD160 (wml-2.0.9.tar.gz) = bf14a4c09bdd850c5bad5f48f712717a13b13412 | | 4 | RMD160 (wml-2.0.9.tar.gz) = bf14a4c09bdd850c5bad5f48f712717a13b13412 |
5 | Size (wml-2.0.9.tar.gz) = 2570742 bytes | | 5 | Size (wml-2.0.9.tar.gz) = 2570742 bytes |
6 | SHA1 (patch-aa) = 398ddb03402c17306e259b10cf9b5d7ec774d71b | | 6 | SHA1 (patch-aa) = 398ddb03402c17306e259b10cf9b5d7ec774d71b |
7 | SHA1 (patch-ab) = dbd30a0a23189963aa60b06c319342fac4408a6b | | 7 | SHA1 (patch-ab) = dbd30a0a23189963aa60b06c319342fac4408a6b |
8 | SHA1 (patch-ac) = 80863037faadf220ba1d01ef2133cdc42e08f0fa | | 8 | SHA1 (patch-ac) = 80863037faadf220ba1d01ef2133cdc42e08f0fa |
9 | SHA1 (patch-ad) = 2955f349aa737f1758493897d1989a0b96220268 | | 9 | SHA1 (patch-ad) = 2955f349aa737f1758493897d1989a0b96220268 |
10 | SHA1 (patch-ae) = d250ebf44fa67fb247b0248476226d31a0c0c0c8 | | 10 | SHA1 (patch-ae) = d250ebf44fa67fb247b0248476226d31a0c0c0c8 |
11 | SHA1 (patch-af) = e7dcb9287066e962d3fedafcea4302c71fbf0dce | | 11 | SHA1 (patch-af) = e7dcb9287066e962d3fedafcea4302c71fbf0dce |
12 | SHA1 (patch-ag) = 642371cb755e993118f5cc6a16abeaa62ec8d163 | | 12 | SHA1 (patch-ag) = 642371cb755e993118f5cc6a16abeaa62ec8d163 |
13 | SHA1 (patch-ah) = 8195a53d0a514b9ed1bd8e9460c8c3e77a1d0d8d | | 13 | SHA1 (patch-ah) = 8195a53d0a514b9ed1bd8e9460c8c3e77a1d0d8d |
14 | SHA1 (patch-ai) = c376fe6308bd9defb66719a53a0e0da3953e2016 | | 14 | SHA1 (patch-ai) = c376fe6308bd9defb66719a53a0e0da3953e2016 |
| | | 15 | SHA1 (patch-aj) = 1675e8778a01c66f8a91306532216fd859eb0ca3 |
| | | 16 | SHA1 (patch-ak) = 43419f8799888262c2365f9014fa4ed9dd89d030 |
| | | 17 | SHA1 (patch-al) = 0360574b0ec6df025efc14cd9d99bd5ab43a9537 |
$NetBSD: patch-aj,v 1.1 2008/07/13 20:35:46 tonnerre Exp $
--- work/wml-2.0.9/wml_contrib/wmg.cgi.orig 1999-05-20 13:39:28.000000000 +0200
+++ work/wml-2.0.9/wml_contrib/wmg.cgi
@@ -367,14 +367,7 @@ if ($level >= 1) {
($w, $h, $t) = Image::Size::imgsize(\$contents);
if ($w*$h == 1) {
# read image into GD
- $tmpfile = "/tmp/pe.tmp.$$";
- unlink($tmpfile);
- open(TMP, ">$tmpfile");
- print TMP $contents;
- close(TMP);
- open(TMP, "<$tmpfile");
- $tmpimg = newFromGif GD::Image(TMP);
- close(TMP);
+ $tmpimg = newFromGifData GD::Image($contents);
unlink($tmpfile);
if ($tmpimg->transparent != -1) {
my $im = new GD::Image($w, $h);
$NetBSD: patch-ak,v 1.1 2008/07/13 20:35:46 tonnerre Exp $
--- work/wml-2.0.9/wml_backend/p1_ipp/ipp.src.orig 2002-04-20 23:26:19.000000000 +0200
+++ work/wml-2.0.9/wml_backend/p1_ipp/ipp.src
@@ -565,6 +565,8 @@ foreach $str (@opt_D) {
# process the pre-loaded include files
#
$tmpdir = $ENV{'TMPDIR'} || '/tmp';
+my $tmpldir = ($ENV{'TMPDIR'} || '/tmp') . '/ipp.XXXXXX';
+$tmpdir = mkdtemp($tmpldir) or die "Unable to create temporary directory: $!\n";
$tmpfile = $tmpdir . "/ipp.$$.tmp";
unlink($tmpfile);
$tmp = new IO::File;
$NetBSD: patch-al,v 1.1 2008/07/13 20:35:46 tonnerre Exp $
--- work/wml-2.0.9/wml_backend/p3_eperl/eperl_sys.c.orig 2002-08-08 23:56:26.000000000 +0200
+++ work/wml-2.0.9/wml_backend/p3_eperl/eperl_sys.c
@@ -211,13 +211,20 @@ char *mytmpfile(char *id)
{
char ca[1024];
char *cp, *tmpdir;
+ char tmpfile[]="eperl_sourceXXXXXX";
int i;
+ int fd=-1;
tmpdir = getenv ("TMPDIR");
if (tmpdir == (char *) NULL)
tmpdir="/tmp";
- snprintf(ca, sizeof(ca), "%s/%s.%d.tmp%d", tmpdir, id, (int)getpid(), mytmpfilecnt++);
+ snprintf(ca, sizeof(ca), "%s/%s", tmpdir, tmpfile);
+ if((fd = mkstemp(tmpfile)) == -1){
+ perror("can not create tmpfile");
+ return NULL;
+ }
+ close(fd);
ca[sizeof(ca)-1] = NUL;
cp = strdup(ca);
for (i = 0; mytmpfiles[i] != NULL; i++)