[pkgsrc/trunk]: pkgsrc/shells/zsh Fix an insecure temp file creation vulnerab...

[tonnerre <tonnerre%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/631d585d5b3e
branches:  trunk
changeset: 544168:631d585d5b3e
user:      tonnerre <tonnerre%pkgsrc.org@localhost>
date:      Sun Jul 13 18:22:01 2008 +0000

description:
Fix an insecure temp file creation vulnerability in zsh's difflog.pl
(CVE-2007-6209).

diffstat:

 shells/zsh/Makefile         |   3 ++-
 shells/zsh/Makefile.common  |   4 +++-
 shells/zsh/distinfo         |   3 ++-
 shells/zsh/patches/patch-aa |  20 ++++++++++++++++++++
 4 files changed, 27 insertions(+), 3 deletions(-)

diffs (70 lines):

diff -r bf24c4d27964 -r 631d585d5b3e shells/zsh/Makefile
--- a/shells/zsh/Makefile       Sun Jul 13 18:06:47 2008 +0000
+++ b/shells/zsh/Makefile       Sun Jul 13 18:22:01 2008 +0000
@@ -1,8 +1,9 @@
-# $NetBSD: Makefile,v 1.51 2005/12/07 03:00:50 uebayasi Exp $
+# $NetBSD: Makefile,v 1.52 2008/07/13 18:22:01 tonnerre Exp $
 
 .include "../../shells/zsh/Makefile.common"
 
 ZSH_VERSION=   4.2.6
 ZSH_MAINTAINER=        uebayasi%NetBSD.org@localhost
+PKGREVISION=   1
 
 .include "../../mk/bsd.pkg.mk"
diff -r bf24c4d27964 -r 631d585d5b3e shells/zsh/Makefile.common
--- a/shells/zsh/Makefile.common        Sun Jul 13 18:06:47 2008 +0000
+++ b/shells/zsh/Makefile.common        Sun Jul 13 18:22:01 2008 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.common,v 1.46 2008/07/03 09:07:26 uebayasi Exp $
+# $NetBSD: Makefile.common,v 1.47 2008/07/13 18:22:01 tonnerre Exp $
 
 DISTNAME=      zsh-${ZSH_VERSION}
 CATEGORIES=    shells
@@ -23,6 +23,8 @@
 INFO_FILES=            # PLIST
 TEXINFO_REQD=          4.0
 
+DEPENDS+=      p5-File-Temp-[0-9]*:../../devel/p5-File-Temp
+
 PKG_INSTALLATION_TYPES=        overwrite pkgviews
 
 .include "../../mk/bsd.prefs.mk"
diff -r bf24c4d27964 -r 631d585d5b3e shells/zsh/distinfo
--- a/shells/zsh/distinfo       Sun Jul 13 18:06:47 2008 +0000
+++ b/shells/zsh/distinfo       Sun Jul 13 18:22:01 2008 +0000
@@ -1,8 +1,9 @@
-$NetBSD: distinfo,v 1.26 2006/04/07 15:28:49 jlam Exp $
+$NetBSD: distinfo,v 1.27 2008/07/13 18:22:01 tonnerre Exp $
 
 SHA1 (zsh-4.2.6.tar.bz2) = e00c3eda3f52c9514bb625bb56e4480358170d39
 RMD160 (zsh-4.2.6.tar.bz2) = e4400fc6311bf6996128ecf7899592d6d8cdb310
 Size (zsh-4.2.6.tar.bz2) = 2098671 bytes
+SHA1 (patch-aa) = 15f9d45ea98f89945ca274fc5b0298fa9397f89d
 SHA1 (patch-ab) = 815de90c379035dbc02b251cee148f6df47f9a65
 SHA1 (patch-ac) = 965b56e5ae39d6523416752c1390f01315c5d758
 SHA1 (patch-ae) = 7d4514d0bad6553d3c0cf115874bf50ed0da3d48
diff -r bf24c4d27964 -r 631d585d5b3e shells/zsh/patches/patch-aa
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/shells/zsh/patches/patch-aa       Sun Jul 13 18:22:01 2008 +0000
@@ -0,0 +1,20 @@
+$NetBSD: patch-aa,v 1.7 2008/07/13 18:22:01 tonnerre Exp $
+
+--- Util/difflog.pl.orig       2002-04-18 16:35:17.000000000 +0200
++++ Util/difflog.pl
+@@ -2,10 +2,13 @@
+ 
+ use strict;
+ use IO::File;
++use File::Temp;
+ 
+ my @differ = qw(diff -bw);
+-my $oldtmp = "/tmp/difflog$$.old";
+-my $newtmp = "/tmp/difflog$$.new";
++my $oldf = new File::Temp(TEMPLATE => 'difflogXXXXX', DIR => '/tmp/', SUFFIX => '.old');
++my $newf = new File::Temp(TEMPLATE => 'difflogXXXXX', DIR => '/tmp/', SUFFIX => '.new');
++my $oldtmp = $oldf->filename;
++my $newtmp = $newf->filename;
+ 
+ my $newfn = pop(@ARGV);
+ my $oldfn = pop(@ARGV);