[pkgsrc/pkgsrc-2005Q2]: pkgsrc/emulators/wine Pullup ticket 679 - requested b...

[snj <snj%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/c9f1dd0942ae
branches:  pkgsrc-2005Q2
changeset: 495983:c9f1dd0942ae
user:      snj <snj%pkgsrc.org@localhost>
date:      Sat Aug 13 05:32:37 2005 +0000

description:
Pullup ticket 679 - requested by Lubomir Sedlacik
security fix for wine

Revisions pulled up:
- pkgsrc/emulators/wine/Makefile                1.89
- pkgsrc/emulators/wine/distinfo                1.35
- pkgsrc/emulators/wine/patches/patch-ai        1.5

   Module Name:    pkgsrc
   Committed By:   salo
   Date:           Fri Aug 12 13:57:44 UTC 2005

   Modified Files:
           pkgsrc/emulators/wine: Makefile distinfo
   Added Files:
           pkgsrc/emulators/wine/patches: patch-ai

   Log Message:
   Security fix for SA16352.

   "A vulnerability in wine can be exploited by malicious, local users to
   perform certain actions on a vulnerable system with escalated privileges.

   The vulnerability is caused due to a temporary file being created
   insecurely in "/tmp" by winelauncher.in under certain error conditions.
   This can be exploited via symlink attacks to create or overwrite
   arbitrary files with the privileges of the user running the affected
   application."

   http://secunia.com/advisories/16352/

   Patch from Wine CVS.

diffstat:

 emulators/wine/Makefile         |   5 +++--
 emulators/wine/distinfo         |   3 ++-
 emulators/wine/patches/patch-ai |  25 +++++++++++++++++++++++++
 3 files changed, 30 insertions(+), 3 deletions(-)

diffs (65 lines):

diff -r c92dafded074 -r c9f1dd0942ae emulators/wine/Makefile
--- a/emulators/wine/Makefile   Sat Aug 13 05:27:41 2005 +0000
+++ b/emulators/wine/Makefile   Sat Aug 13 05:32:37 2005 +0000
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.87 2005/06/01 18:02:48 jlam Exp $
+# $NetBSD: Makefile,v 1.87.2.1 2005/08/13 05:32:37 snj Exp $
 
 DISTNAME=      Wine-20050524
 PKGNAME=       ${DISTNAME:S/W/w/}
+PKGREVISION=   1
 CATEGORIES=    emulators
 MASTER_SITES=  ${MASTER_SITE_SOURCEFORGE:=wine/} \
                http://www.ibiblio.org/pub/Linux/ALPHA/wine/development/ \
@@ -19,7 +20,7 @@
 ONLY_FOR_PLATFORM+=    FreeBSD*-i386 Linux*-i386 SunOS*-i386 Darwin*-i386
 
 WRKSRC=                        ${WRKDIR}/${DISTNAME:S/W/w/}
-USE_TOOLS+=            bison gmake
+USE_TOOLS+=            bison gmake mktemp
 USE_LIBTOOL=           yes
 GNU_CONFIGURE=         yes
 CONFIGURE_ARGS+=       --without-curses --disable-trace #--disable-debug
diff -r c92dafded074 -r c9f1dd0942ae emulators/wine/distinfo
--- a/emulators/wine/distinfo   Sat Aug 13 05:27:41 2005 +0000
+++ b/emulators/wine/distinfo   Sat Aug 13 05:32:37 2005 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.33 2005/06/05 06:14:17 minskim Exp $
+$NetBSD: distinfo,v 1.33.2.1 2005/08/13 05:32:37 snj Exp $
 
 SHA1 (Wine-20050524.tar.gz) = 109fac3a1b9158a4d23ca8c003f6716dd8caf73f
 RMD160 (Wine-20050524.tar.gz) = 682795fd1cd156203c5766554f74e19e5060fa34
@@ -10,3 +10,4 @@
 SHA1 (patch-ae) = dbd40183fb8e1f1d7af9ab4e51910a2227524e3c
 SHA1 (patch-af) = 803e74ff592ce39f520c631a503d90b8abee190d
 SHA1 (patch-ag) = 656f9667da542489595d1db65c84579b3dfce279
+SHA1 (patch-ai) = f9f713431b32734398fe770e7600a8c9e6460f89
diff -r c92dafded074 -r c9f1dd0942ae emulators/wine/patches/patch-ai
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/emulators/wine/patches/patch-ai   Sat Aug 13 05:32:37 2005 +0000
@@ -0,0 +1,25 @@
+$NetBSD: patch-ai,v 1.4.14.1 2005/08/13 05:32:37 snj Exp $
+
+Fix for SA16352, from Wine CVS.
+
+--- programs/winelauncher.in.orig      2004-06-22 01:56:15.000000000 +0200
++++ programs/winelauncher.in   2005-08-12 16:15:19.000000000 +0200
+@@ -59,8 +59,8 @@
+ if [ $? -ne 0 ] ; then
+     # xmessage not found; make sure the user notices this error
+     # (GUI users wouldn't even notice if we printed the text on console !)
+-    MSGFILE=/tmp/WINE_CANNOT_FIND_XMESSAGE
+-    cat > $MSGFILE << EOF
++    MSGFILE=`mktemp "/tmp/wine.xmessage.XXXXXX"`
++    cat > $MSGFILE <<EOF
+ Warning:
+     The Wine launcher is unable to find the xmessage program,
+     which it needs to properly notify you of Wine execution status
+@@ -87,6 +87,7 @@
+ 
+     # ok, we really give up now, this system is hosed ;-)
+     cat $MSGFILE
++    rm $MSGFILE
+ else
+     XMESSAGE="xmessage $COLOR"
+ fi