pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/editors/xemacs-current Fix vcdiff insecure temp file c...
details: https://anonhg.NetBSD.org/pkgsrc/rev/06562fe84b9e
branches: trunk
changeset: 542137:06562fe84b9e
user: tonnerre <tonnerre%pkgsrc.org@localhost>
date: Sun May 04 22:27:07 2008 +0000
description:
Fix vcdiff insecure temp file creation vulnerability (CVE-2008-1694) for
xemacs-current as well.
diffstat:
editors/xemacs-current/Makefile | 4 +-
editors/xemacs-current/distinfo | 3 +-
editors/xemacs-current/patches/patch-am | 111 ++++++++++++++++++++++++++++++++
3 files changed, 115 insertions(+), 3 deletions(-)
diffs (147 lines):
diff -r 973a1a2e2b32 -r 06562fe84b9e editors/xemacs-current/Makefile
--- a/editors/xemacs-current/Makefile Sun May 04 16:50:59 2008 +0000
+++ b/editors/xemacs-current/Makefile Sun May 04 22:27:07 2008 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.64 2008/04/24 21:32:47 jlam Exp $
+# $NetBSD: Makefile,v 1.65 2008/05/04 22:27:07 tonnerre Exp $
PKGNAME?= ${DISTNAME}
COMMENT?= *BETA* XEmacs text editor version ${PKGVERSION_NOREV}
@@ -6,7 +6,7 @@
DISTNAME= xemacs-21.5.27
EMACSVERSION= 21.5-b27
EMACS_DISTNAME= xemacs-${EMACSVERSION}
-PKGREVISION= 1
+PKGREVISION= 2
CATEGORIES= editors
MASTER_SITES= ${MASTER_SITE_XEMACS:=${DISTNAME:C/[.][^.]*$//}/}
diff -r 973a1a2e2b32 -r 06562fe84b9e editors/xemacs-current/distinfo
--- a/editors/xemacs-current/distinfo Sun May 04 16:50:59 2008 +0000
+++ b/editors/xemacs-current/distinfo Sun May 04 22:27:07 2008 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.20 2008/04/24 21:32:47 jlam Exp $
+$NetBSD: distinfo,v 1.21 2008/05/04 22:27:07 tonnerre Exp $
SHA1 (xemacs-21.5.27.tar.gz) = 55fc3e9c8fe3cac92791ffe1a0870aeae1baf0b8
RMD160 (xemacs-21.5.27.tar.gz) = ee0caff8730c999d37aa3a19b19f23d5756837ad
@@ -15,3 +15,4 @@
SHA1 (patch-aj) = aeebaec687a1ea2974d909404938fc060d5df75f
SHA1 (patch-ak) = c8a3369efdd4af32b1a65cdb3d798724d63b3ed5
SHA1 (patch-al) = 33000a300de6358c0ba3260708d6d625dcd625a2
+SHA1 (patch-am) = 0ccbead4be5da92e73a15432ff1b063da13cf0b4
diff -r 973a1a2e2b32 -r 06562fe84b9e editors/xemacs-current/patches/patch-am
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/editors/xemacs-current/patches/patch-am Sun May 04 22:27:07 2008 +0000
@@ -0,0 +1,111 @@
+$NetBSD: patch-am,v 1.1 2008/05/04 22:27:07 tonnerre Exp $
+
+--- lib-src/vcdiff.orig 1996-12-18 22:42:33.000000000 +0000
++++ lib-src/vcdiff 2008-04-29 13:27:28.000000000 +0100
+@@ -1,23 +1,35 @@
+-#!/bin/sh
++#! /bin/sh
+ #
+ # Enhanced sccs diff utility for use with vc mode.
+ # This version is more compatible with rcsdiff(1).
+ #
+-# !Id: vcdiff,v 1.4 1993/12/03 09:29:18 eggert Exp !
++# Copyright (C) 1992, 1993, 1995, 1997, 2001, 2002, 2003, 2004,
++# 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
+ #
+-# Modified by: vladimir%Eng.Sun.COM@localhost on 95-06-07
+-# * Made sure that file arguments are specifed as s.<filename>.
+-# * Switched the assignments to $f inside the 3rd and 4th case statements of
+-# the first for-loop
+-# * Removed the incorrect initialization of sid1 before the first for-loop.
++# This file is part of GNU Emacs.
++#
++# GNU Emacs is free software; you can redistribute it and/or modify
++# it under the terms of the GNU General Public License as published by
++# the Free Software Foundation; either version 3, or (at your option)
++# any later version.
++#
++# GNU Emacs is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++# GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with GNU Emacs; see the file COPYING. If not, write to the
++# Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
++# Boston, MA 02110-1301, USA.
+ #
+
+ DIFF="diff"
+ usage="$0: Usage: vcdiff [--brief] [-q] [-r<sid1>] [-r<sid2>] [diffopts] sccsfile..."
+
+-PATH=$PATH:/usr/ccs/bin:/usr/sccs # common SCCS hangouts
++PATH=$PATH:/usr/ccs/bin:/usr/sccs:/usr/xpg4/bin # common SCCS hangouts
+
+-echo=
++echo="echo"
+ sid1= sid2=
+
+ for f
+@@ -31,14 +43,14 @@
+ echo=:;;
+ -r?*)
+ case $sid1 in
+- -r*)
+- sid2=$f
++ '')
++ sid1=$f
+ ;;
+- *)
++ *)
+ case $sid2 in
+- ?*) echo "$usage" >&2; exit 2 ;;
++ ?*) echo "$usage" >&2; exit 2 ;;
+ esac
+- sid1=$f
++ sid2=$f
+ ;;
+ esac
+ ;;
+@@ -67,31 +79,24 @@
+
+ for f
+ do
+- s=2
+-
+- # For files under SCCS control, fixup the file name to be the s. filename
+- if [ -d SCCS ]; then
+- if [ $f = `echo $f | sed -e 's|SCCS/s.||'` ]; then
+- f="SCCS/s.$f"
+- fi
+- fi
++ s=2
+
+ case $f in
+ s.* | */s.*)
+ if
+- rev1=/tmp/geta$$
++ rev1=`mktemp /tmp/geta.XXXXXXXX`
+ get -s -p -k $sid1 "$f" > $rev1 &&
+ case $sid2 in
+ '')
+ workfile=`expr " /$f" : '.*/s.\(.*\)'`
+ ;;
+ *)
+- rev2=/tmp/getb$$
++ rev2=`mktemp /tmp/getb.XXXXXXXX`
+ get -s -p -k $sid2 "$f" > $rev2
+ workfile=$rev2
+ esac
+ then
+- $echo $DIFF $options $sid1 $sid2 $workfile >&2
++ $echo $DIFF $options $rev1 $workfile >&2
+ $DIFF $options $rev1 $workfile
+ s=$?
+ fi
+@@ -104,3 +109,5 @@
+ then status=$s
+ fi
+ done
++
++# arch-tag: 4344ba3a-bcbe-4f77-971c-f43c1606953a
Home |
Main Index |
Thread Index |
Old Index