[pkgsrc/trunk]: pkgsrc/archivers/gsharutils Security fix for SA14551:

[salo <salo%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/21ae499ed9b6
branches:  trunk
changeset: 492392:21ae499ed9b6
user:      salo <salo%pkgsrc.org@localhost>
date:      Mon Apr 11 18:44:54 2005 +0000

description:
Security fix for SA14551:

"A vulnerability in GNU Sharutils was reported, which can be potentially
 exploited by malicious, local users to conduct certain actions on
 a vulnerable system with escalated privileges."

Patch from Debian.  Bump PKGREVISION.

diffstat:

 archivers/gsharutils/Makefile         |   4 ++--
 archivers/gsharutils/distinfo         |   4 ++--
 archivers/gsharutils/patches/patch-ah |  22 ++++++++++++++++++++--
 3 files changed, 24 insertions(+), 6 deletions(-)

diffs (66 lines):

diff -r 72f9d20b769a -r 21ae499ed9b6 archivers/gsharutils/Makefile
--- a/archivers/gsharutils/Makefile     Mon Apr 11 18:08:09 2005 +0000
+++ b/archivers/gsharutils/Makefile     Mon Apr 11 18:44:54 2005 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.25 2005/03/31 14:17:05 salo Exp $
+# $NetBSD: Makefile,v 1.26 2005/04/11 18:44:54 salo Exp $
 
 DISTNAME=      sharutils-4.2.1
 PKGNAME=       g${DISTNAME}
-PKGREVISION=   5
+PKGREVISION=   6
 CATEGORIES=    archivers
 MASTER_SITES=  ${MASTER_SITE_GNU:=sharutils/}
 
diff -r 72f9d20b769a -r 21ae499ed9b6 archivers/gsharutils/distinfo
--- a/archivers/gsharutils/distinfo     Mon Apr 11 18:08:09 2005 +0000
+++ b/archivers/gsharutils/distinfo     Mon Apr 11 18:44:54 2005 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.12 2005/03/31 14:41:48 salo Exp $
+$NetBSD: distinfo,v 1.13 2005/04/11 18:44:54 salo Exp $
 
 SHA1 (sharutils-4.2.1.tar.gz) = 3f0c0af31bd429cee1e088eb74867f20f8d399ef
 RMD160 (sharutils-4.2.1.tar.gz) = 06e1629aa8a1c982e6032f194df6f5fe85f85b43
@@ -10,6 +10,6 @@
 SHA1 (patch-ae) = 8b88d98af2d1f24ba2623e8d56b36061806f5e12
 SHA1 (patch-af) = 50aee8dc24a33892a0f17f7aeb5cfbae1adcb0c9
 SHA1 (patch-ag) = af78d21124b33f0d8bdc27969119222e4d79008e
-SHA1 (patch-ah) = 1540064ef3a21a4486950ca24432f471bf1366a9
+SHA1 (patch-ah) = 90fed62712aa4d02d66098581d5e5602e391663e
 SHA1 (patch-ai) = a95e116d517e5fe536a31d12db1c33daaf2609af
 SHA1 (patch-aj) = 56ee560455a206c6fa5c106f1c759d0a0296dfd7
diff -r 72f9d20b769a -r 21ae499ed9b6 archivers/gsharutils/patches/patch-ah
--- a/archivers/gsharutils/patches/patch-ah     Mon Apr 11 18:08:09 2005 +0000
+++ b/archivers/gsharutils/patches/patch-ah     Mon Apr 11 18:44:54 2005 +0000
@@ -1,7 +1,7 @@
-$NetBSD: patch-ah,v 1.5 2005/03/31 14:17:05 salo Exp $
+$NetBSD: patch-ah,v 1.6 2005/04/11 18:44:54 salo Exp $
 
 --- src/unshar.c.orig  1995-11-21 17:22:14.000000000 +0100
-+++ src/unshar.c       2005-03-31 15:33:03.000000000 +0200
++++ src/unshar.c       2005-04-11 20:37:40.000000000 +0200
 @@ -346,8 +346,8 @@
  {
    size_t size_read;
@@ -34,3 +34,21 @@
          }
        if (file = fopen (name_buffer, "r"), !file)
          error (EXIT_FAILURE, errno, name_buffer);
+@@ -424,13 +424,15 @@
+       }
+   else
+     {
++#ifdef __MSDOS__
+       sprintf (name_buffer, "/tmp/unsh.%05d", (int) getpid ());
+       unlink (name_buffer);
+ 
+       if (file = fopen (name_buffer, "w+"), !file)
+       error (EXIT_FAILURE, errno, name_buffer);
+-#ifndef __MSDOS__
+-      unlink (name_buffer);   /* will be deleted on fclose */
++#else
++      if (file = tmpfile(), !file)
++        error (EXIT_FAILURE, errno, "tmpfile");
+ #endif
+ 
+       while (size_read = fread (copy_buffer, 1, sizeof (copy_buffer), stdin),