[pkgsrc/trunk]: pkgsrc/audio/cmus A security issue has been reported in cmus,...

[ahoka <ahoka%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/eaa2815f9922
branches:  trunk
changeset: 551571:eaa2815f9922
user:      ahoka <ahoka%pkgsrc.org@localhost>
date:      Wed Dec 17 23:49:57 2008 +0000

description:
A security issue has been reported in cmus, which can be exploited by
malicious, local users to perform certain actions with escalated
privileges.

The security issue is caused due to the "cmus-status-display" script using
temporary files in an insecure manner. This can be exploited to
e.g. overwrite arbitrary files via symlink attacks.

This commit fixes this issue.

diffstat:

 audio/cmus/Makefile         |   4 ++--
 audio/cmus/distinfo         |   3 ++-
 audio/cmus/patches/patch-ae |  19 +++++++++++++++++++
 3 files changed, 23 insertions(+), 3 deletions(-)

diffs (51 lines):

diff -r 4063ff79313c -r eaa2815f9922 audio/cmus/Makefile
--- a/audio/cmus/Makefile       Wed Dec 17 23:16:50 2008 +0000
+++ b/audio/cmus/Makefile       Wed Dec 17 23:49:57 2008 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.14 2008/11/17 13:30:34 ahoka Exp $
+# $NetBSD: Makefile,v 1.15 2008/12/17 23:49:57 ahoka Exp $
 #
 
 DISTNAME=              cmus-2.2.0
-PKGREVISION=           3
+PKGREVISION=           4
 CATEGORIES=            audio
 MASTER_SITES=          http://mirror.greaterscope.net/cmus/
 EXTRACT_SUFX=          .tar.bz2
diff -r 4063ff79313c -r eaa2815f9922 audio/cmus/distinfo
--- a/audio/cmus/distinfo       Wed Dec 17 23:16:50 2008 +0000
+++ b/audio/cmus/distinfo       Wed Dec 17 23:49:57 2008 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.4 2008/11/17 13:30:34 ahoka Exp $
+$NetBSD: distinfo,v 1.5 2008/12/17 23:49:57 ahoka Exp $
 
 SHA1 (cmus-2.2.0.tar.bz2) = a6472633ac55660eb3aec5d2ae0296da86903bb2
 RMD160 (cmus-2.2.0.tar.bz2) = 1287666c16332ad34222461e29d8355ef607e7b5
@@ -7,3 +7,4 @@
 SHA1 (patch-ab) = 1288149006ce37bd0ed69c020ae6e1992cb84743
 SHA1 (patch-ac) = 76f346d0338f38c3657f29851d717c62b89d0791
 SHA1 (patch-ad) = 8f750a81966d83839f7ca2d66728ce4a48072d73
+SHA1 (patch-ae) = 12565109f672b7bdeeb8b263952376eaaca25f53
diff -r 4063ff79313c -r eaa2815f9922 audio/cmus/patches/patch-ae
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/audio/cmus/patches/patch-ae       Wed Dec 17 23:49:57 2008 +0000
@@ -0,0 +1,19 @@
+$NetBSD: patch-ae,v 1.1 2008/12/17 23:49:57 ahoka Exp $
+
+--- cmus-status-display.orig   2007-07-27 16:52:13.000000000 +0200
++++ cmus-status-display
+@@ -18,8 +18,13 @@
+ 
+ output()
+ {
++      # write status to stdout
++      echo "$*"
++
+       # write status to /tmp/cmus-status (not very useful though)
+-      echo "$*" >> /tmp/cmus-status 2>&1
++      # WARNING! This opens a vulnerability to overwrite files with
++      # symlink attack if you use a predictable filename in /tmp.
++      #echo "$*" >> /tmp/cmus-status 2>&1
+ 
+       # WMI (http://wmi.modprobe.de/)
+       #wmiremote -t "$*" &> /dev/null