pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/mail/mutt-devel Make sure that a temporary has been op...
details: https://anonhg.NetBSD.org/pkgsrc/rev/3533a90b191a
branches: trunk
changeset: 521001:3533a90b191a
user: tonio <tonio%pkgsrc.org@localhost>
date: Fri Nov 03 18:19:07 2006 +0000
description:
Make sure that a temporary has been opened with proper permissions.
Fixes the security problem reported in CVE-2006-5298.
Patch from tron@ for the mail/mutt package
diffstat:
mail/mutt-devel/Makefile | 3 ++-
mail/mutt-devel/distinfo | 3 ++-
mail/mutt-devel/patches/patch-ae | 29 +++++++++++++++++++++++++++++
3 files changed, 33 insertions(+), 2 deletions(-)
diffs (62 lines):
diff -r 1e30d9f03bc1 -r 3533a90b191a mail/mutt-devel/Makefile
--- a/mail/mutt-devel/Makefile Fri Nov 03 18:11:18 2006 +0000
+++ b/mail/mutt-devel/Makefile Fri Nov 03 18:19:07 2006 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.52 2006/08/16 10:42:05 tonio Exp $
+# $NetBSD: Makefile,v 1.53 2006/11/03 18:19:07 tonio Exp $
DISTNAME= mutt-1.5.13
+PKGREVISION= 1
CATEGORIES= mail
MUTT_SITES= ftp://ftp.mutt.org/mutt/ \
ftp://ftp.stealth.net/pub/mirrors/ftp.mutt.org/pub/mutt/ \
diff -r 1e30d9f03bc1 -r 3533a90b191a mail/mutt-devel/distinfo
--- a/mail/mutt-devel/distinfo Fri Nov 03 18:11:18 2006 +0000
+++ b/mail/mutt-devel/distinfo Fri Nov 03 18:19:07 2006 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.34 2006/08/19 18:43:02 tonio Exp $
+$NetBSD: distinfo,v 1.35 2006/11/03 18:19:07 tonio Exp $
SHA1 (mutt-1.5.13.tar.gz) = 6d5b88d33e1727bf0342c31f06d55d7a3d2d4e0a
RMD160 (mutt-1.5.13.tar.gz) = 9327b7f928aad78a20c2395629113ac2519bb945
@@ -10,6 +10,7 @@
SHA1 (patch-ab) = 67e0deb5af56830397d897979ac806f9c16fdbda
SHA1 (patch-ac) = b48ff9f66ff2b483b5aa0c312e08bd22c7cf03be
SHA1 (patch-ad) = ecfa994c7c5e494b6eb7356327b96de6559146fc
+SHA1 (patch-ae) = e207b279b4b6cf9bd29f5537beedb3f34453b62d
SHA1 (patch-ag) = 84637d95fa9aa0cf58a6e6b2c82b783efa21cf66
SHA1 (patch-ah) = 4227c5768b900e58fa4a679e6ad67efc974a70b5
SHA1 (patch-ai) = 7d9883198a22615fb1792a41fce3ee9821f48f08
diff -r 1e30d9f03bc1 -r 3533a90b191a mail/mutt-devel/patches/patch-ae
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/mail/mutt-devel/patches/patch-ae Fri Nov 03 18:19:07 2006 +0000
@@ -0,0 +1,29 @@
+$NetBSD: patch-ae,v 1.7 2006/11/03 18:19:07 tonio Exp $
+
+--- lib.c.orig 2002-04-29 18:12:18.000000000 +0100
++++ lib.c 2006-11-01 13:22:51.000000000 +0000
+@@ -351,8 +351,8 @@
+ struct stat osb, nsb;
+ int fd;
+
+- if ((fd = open (path, flags, 0600)) < 0)
+- return fd;
++ if ((fd = open (path, flags, S_IRUSR|S_IWUSR)) < 0)
++ return (-1);
+
+ /* make sure the file is not symlink */
+ if (lstat (path, &osb) < 0 || fstat (fd, &nsb) < 0 ||
+@@ -363,6 +363,13 @@
+ return (-1);
+ }
+
++ /* Make sure the file is owned by us and has save permissions. */
++ if (nsb.st_uid != geteuid() ||
++ (nsb.st_mode & (S_IRWXG|S_IRWXO)) != 0) {
++ close (fd);
++ return (-1);
++ }
++
+ return (fd);
+ }
+
Home |
Main Index |
Thread Index |
Old Index