pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/mail/p5-Mail-Audit Security fix for SA18652 / CVE-2005...
details: https://anonhg.NetBSD.org/pkgsrc/rev/3d317005d073
branches: trunk
changeset: 507451:3d317005d073
user: salo <salo%pkgsrc.org@localhost>
date: Thu Feb 02 12:08:14 2006 +0000
description:
Security fix for SA18652 / CVE-2005-4536:
"Mail::Audit module logs to a temporary file with a predictable filename
in an insecure fashion when logging is turned on."
Patch from Debian.
diffstat:
mail/p5-Mail-Audit/Makefile | 4 +-
mail/p5-Mail-Audit/distinfo | 4 ++-
mail/p5-Mail-Audit/patches/patch-aa | 29 ++++++++++++++++++++++++++++
mail/p5-Mail-Audit/patches/patch-ab | 38 +++++++++++++++++++++++++++++++++++++
4 files changed, 72 insertions(+), 3 deletions(-)
diffs (102 lines):
diff -r 7afef286300a -r 3d317005d073 mail/p5-Mail-Audit/Makefile
--- a/mail/p5-Mail-Audit/Makefile Thu Feb 02 09:29:25 2006 +0000
+++ b/mail/p5-Mail-Audit/Makefile Thu Feb 02 12:08:14 2006 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.16 2005/08/06 06:19:22 jlam Exp $
+# $NetBSD: Makefile,v 1.17 2006/02/02 12:08:14 salo Exp $
DISTNAME= Mail-Audit-2.1
PKGNAME= p5-${DISTNAME}
SVR4_PKGNAME= p5mau
-PKGREVISION= 1
+PKGREVISION= 2
CATEGORIES= mail perl5
MASTER_SITES= ${MASTER_SITE_PERL_CPAN:=Mail/}
diff -r 7afef286300a -r 3d317005d073 mail/p5-Mail-Audit/distinfo
--- a/mail/p5-Mail-Audit/distinfo Thu Feb 02 09:29:25 2006 +0000
+++ b/mail/p5-Mail-Audit/distinfo Thu Feb 02 12:08:14 2006 +0000
@@ -1,5 +1,7 @@
-$NetBSD: distinfo,v 1.4 2005/04/18 16:57:13 wiz Exp $
+$NetBSD: distinfo,v 1.5 2006/02/02 12:08:14 salo Exp $
SHA1 (Mail-Audit-2.1.tar.gz) = 4fbfc782c8230025b793c2e15eff231acfa55f57
RMD160 (Mail-Audit-2.1.tar.gz) = c59d006f1f9aa544e854be089f3fe793a8694d4f
Size (Mail-Audit-2.1.tar.gz) = 21669 bytes
+SHA1 (patch-aa) = 8d1646afb5ac34de60fa19c2aa15c80210c9d6a7
+SHA1 (patch-ab) = e7d95c44d63dc2e78f30774e0c1092e59268376d
diff -r 7afef286300a -r 3d317005d073 mail/p5-Mail-Audit/patches/patch-aa
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/mail/p5-Mail-Audit/patches/patch-aa Thu Feb 02 12:08:14 2006 +0000
@@ -0,0 +1,29 @@
+$NetBSD: patch-aa,v 1.1 2006/02/02 12:08:14 salo Exp $
+
+Security fix for SA18656, from Debian.
+
+--- Audit.pm.orig 2002-03-03 18:11:20.000000000 +0100
++++ Audit.pm 2006-02-02 12:48:52.000000000 +0100
+@@ -4,7 +4,13 @@
+
+ my $logging;
+ my $loglevel=3;
+-my $logfile = "/tmp/".getpwuid($>)."-audit.log";
++my $logfile;
++if (exists $ENV{HOME} and defined $ENV{HOME} and -d $ENV{HOME}) {
++ $logfile = "$ENV{HOME}/.mail_audit.log"
++}
++else {
++ (undef,$logfile) = tempfile("mail_audit.log-XXXXX",TMPDIR=>1);
++}
+
+ # ----------------------------------------------------------
+ # no user-modifiable parts below this line.
+@@ -18,6 +24,7 @@
+ use vars qw($VERSION @ISA @EXPORT @EXPORT_OK $ASSUME_MSGPREFIX);
+ # @ISA will depend on whether the message is MIME; if it is, we'll be MIME::Entity. if not, we'll be Mail::Internet.
+ use Fcntl ':flock';
++use File::Temp qw(tempfile);
+
+ $ASSUME_MSGPREFIX = 0;
+
diff -r 7afef286300a -r 3d317005d073 mail/p5-Mail-Audit/patches/patch-ab
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/mail/p5-Mail-Audit/patches/patch-ab Thu Feb 02 12:08:14 2006 +0000
@@ -0,0 +1,38 @@
+$NetBSD: patch-ab,v 1.1 2006/02/02 12:08:14 salo Exp $
+
+Security fix for SA18656, from Debian.
+
+--- Audit/MimeEntity.pm.orig 2002-01-18 01:23:32.000000000 +0100
++++ Audit/MimeEntity.pm 2006-02-02 12:48:52.000000000 +0100
+@@ -4,6 +4,7 @@
+
+ use strict;
+ use File::Path;
++use File::Temp qw(tempdir)
+ use MIME::Parser;
+ use MIME::Entity;
+ use Mail::Audit::MailInternet;
+@@ -12,10 +13,12 @@
+
+ $VERSION = '2.0';
+
+-$MIME_PARSER_TMPDIR = "/tmp/".getpwuid($>)."-mailaudit";
+-
+ my $parser = MIME::Parser->new();
+
++# Create a tempdir using File::Temp::tempdir, have it be destroyed at
++# END{} time.
++$MIME_PARSER_TMPDIR = tempdir(CLEANUP => 1);
++
+ my @to_rmdir;
+
+ sub autotype_new {
+@@ -23,8 +26,6 @@
+ my $mailinternet = shift;
+
+ $parser->ignore_errors(1);
+- mkdir ($MIME_PARSER_TMPDIR, 0777);
+- if (! -d $MIME_PARSER_TMPDIR) { $MIME_PARSER_TMPDIR = "/tmp" }
+ $parser->output_under($MIME_PARSER_TMPDIR);
+
+ # todo: add eval error trapping. if there's a problem, return Mail::Audit::MailInternet as a fallback.
Home |
Main Index |
Thread Index |
Old Index