[pkgsrc/trunk]: pkgsrc/sysutils/coreutils Add a fix for coreutils' CVE-2009-4...

[tonnerre <tonnerre%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/082364b2a3a6
branches:  trunk
changeset: 568810:082364b2a3a6
user:      tonnerre <tonnerre%pkgsrc.org@localhost>
date:      Sun Dec 20 16:12:06 2009 +0000

description:
Add a fix for coreutils' CVE-2009-4135. Instead of using /tmp/coreutils
as temporary directory, use a directory in the builddir.

diffstat:

 sysutils/coreutils/Makefile         |   4 ++--
 sysutils/coreutils/distinfo         |   3 ++-
 sysutils/coreutils/patches/patch-ak |  32 ++++++++++++++++++++++++++++++++
 3 files changed, 36 insertions(+), 3 deletions(-)

diffs (64 lines):

diff -r 86d7aaee7a7e -r 082364b2a3a6 sysutils/coreutils/Makefile
--- a/sysutils/coreutils/Makefile       Sun Dec 20 15:47:04 2009 +0000
+++ b/sysutils/coreutils/Makefile       Sun Dec 20 16:12:06 2009 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.49 2009/08/12 13:36:06 asau Exp $
+# $NetBSD: Makefile,v 1.50 2009/12/20 16:12:06 tonnerre Exp $
 
 .include "../../sysutils/coreutils/Makefile.common"
 
-PKGREVISION=   2
+PKGREVISION=   3
 
 CONFLICTS=     fileutils-[0-9]* gnuls-[0-9]* linuxls-[0-9]* sh-utils-[0-9]* textutils-[0-9]*
 
diff -r 86d7aaee7a7e -r 082364b2a3a6 sysutils/coreutils/distinfo
--- a/sysutils/coreutils/distinfo       Sun Dec 20 15:47:04 2009 +0000
+++ b/sysutils/coreutils/distinfo       Sun Dec 20 16:12:06 2009 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.19 2009/06/12 15:09:46 joerg Exp $
+$NetBSD: distinfo,v 1.20 2009/12/20 16:12:06 tonnerre Exp $
 
 SHA1 (coreutils-6.12.tar.gz) = 1bb297fdf8b38ca19ab5252c6179b1b2aecd020e
 RMD160 (coreutils-6.12.tar.gz) = 95b941657242cfc3f67d721e582a60a4090802ec
@@ -11,3 +11,4 @@
 SHA1 (patch-ah) = 33fe73aac79731f980fcbe1afda4c64537aff742
 SHA1 (patch-ai) = 6b05293d6d151ca28ed897c47a1dad729306b770
 SHA1 (patch-aj) = 436e0a871617a2450eac8bec2751419b05020b7d
+SHA1 (patch-ak) = d71aca9d8d7b78e994156b888e1212bac8dac63a
diff -r 86d7aaee7a7e -r 082364b2a3a6 sysutils/coreutils/patches/patch-ak
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/sysutils/coreutils/patches/patch-ak       Sun Dec 20 16:12:06 2009 +0000
@@ -0,0 +1,32 @@
+$NetBSD: patch-ak,v 1.3 2009/12/20 16:12:06 tonnerre Exp $
+
+--- maint.mk.orig      2008-05-27 12:28:50.000000000 +0200
++++ maint.mk   2009-12-20 17:02:31.000000000 +0100
+@@ -629,8 +629,9 @@
+ 
+ write_loser = printf '\#!%s\necho $$0: bad path 1>&2; exit 1\n' '$(SHELL)'
+ 
+-TMPDIR ?= /tmp
+-t=$(TMPDIR)/$(PACKAGE)/test
++tmpdir = $(abs_top_builddir)/tests/torture
++
++t=$(tmpdir)/$(PACKAGE)/test
+ pfx=$(t)/i
+ 
+ # Verify that a twisted use of --program-transform-name=PROGRAM works.
+@@ -646,6 +647,7 @@
+ # Install, then verify that all binaries and man pages are in place.
+ # Note that neither the binary, ginstall, nor the ].1 man page is installed.
+ define my-instcheck
++  echo running my-instcheck;                          \
+   $(MAKE) prefix=$(pfx) install                               \
+     && test ! -f $(pfx)/bin/ginstall                  \
+     && { fail=0;                                      \
+@@ -713,6 +715,7 @@
+           && $(MAKE);                                                 \
+       fi
+       -rm -rf $(t)
++      rmdir $(tmpdir)/$(PACKAGE) $(tmpdir)
+       @echo "========================"; \
+       echo "$(distdir).tar.gz is ready for distribution"; \
+       echo "========================"