[pkgsrc/trunk]: pkgsrc/www/wml Add patches for wml privilege escalation (CVE-...

[tonnerre <tonnerre%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/668dec78bbf0
branches:  trunk
changeset: 544176:668dec78bbf0
user:      tonnerre <tonnerre%pkgsrc.org@localhost>
date:      Sun Jul 13 20:35:46 2008 +0000

description:
Add patches for wml privilege escalation (CVE-2008-0665 and CVE-2008-0666).

diffstat:

 www/wml/Makefile         |   4 ++--
 www/wml/distinfo         |   5 ++++-
 www/wml/patches/patch-aj |  20 ++++++++++++++++++++
 www/wml/patches/patch-ak |  13 +++++++++++++
 www/wml/patches/patch-al |  26 ++++++++++++++++++++++++++
 5 files changed, 65 insertions(+), 3 deletions(-)

diffs (101 lines):

diff -r 801ef542f5f5 -r 668dec78bbf0 www/wml/Makefile
--- a/www/wml/Makefile  Sun Jul 13 19:12:44 2008 +0000
+++ b/www/wml/Makefile  Sun Jul 13 20:35:46 2008 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.27 2007/09/29 21:23:12 heinz Exp $
+# $NetBSD: Makefile,v 1.28 2008/07/13 20:35:46 tonnerre Exp $
 #
 
 DISTNAME=      wml-2.0.9
-PKGREVISION=   2
+PKGREVISION=   3
 CATEGORIES=    www perl5
 MASTER_SITES=  http://thewml.org/distrib/
 
diff -r 801ef542f5f5 -r 668dec78bbf0 www/wml/distinfo
--- a/www/wml/distinfo  Sun Jul 13 19:12:44 2008 +0000
+++ b/www/wml/distinfo  Sun Jul 13 20:35:46 2008 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.8 2007/09/29 21:23:12 heinz Exp $
+$NetBSD: distinfo,v 1.9 2008/07/13 20:35:46 tonnerre Exp $
 
 SHA1 (wml-2.0.9.tar.gz) = ce95ad9c55fd52e2028099d391858d88cffd5d9f
 RMD160 (wml-2.0.9.tar.gz) = bf14a4c09bdd850c5bad5f48f712717a13b13412
@@ -12,3 +12,6 @@
 SHA1 (patch-ag) = 642371cb755e993118f5cc6a16abeaa62ec8d163
 SHA1 (patch-ah) = 8195a53d0a514b9ed1bd8e9460c8c3e77a1d0d8d
 SHA1 (patch-ai) = c376fe6308bd9defb66719a53a0e0da3953e2016
+SHA1 (patch-aj) = 1675e8778a01c66f8a91306532216fd859eb0ca3
+SHA1 (patch-ak) = 43419f8799888262c2365f9014fa4ed9dd89d030
+SHA1 (patch-al) = 0360574b0ec6df025efc14cd9d99bd5ab43a9537
diff -r 801ef542f5f5 -r 668dec78bbf0 www/wml/patches/patch-aj
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/www/wml/patches/patch-aj  Sun Jul 13 20:35:46 2008 +0000
@@ -0,0 +1,20 @@
+$NetBSD: patch-aj,v 1.1 2008/07/13 20:35:46 tonnerre Exp $
+
+--- work/wml-2.0.9/wml_contrib/wmg.cgi.orig    1999-05-20 13:39:28.000000000 +0200
++++ work/wml-2.0.9/wml_contrib/wmg.cgi
+@@ -367,14 +367,7 @@ if ($level >= 1) {
+         ($w, $h, $t) = Image::Size::imgsize(\$contents);
+         if ($w*$h == 1) {
+             #   read image into GD
+-            $tmpfile = "/tmp/pe.tmp.$$";
+-            unlink($tmpfile);
+-            open(TMP, ">$tmpfile");
+-            print TMP $contents;
+-            close(TMP);
+-            open(TMP, "<$tmpfile");
+-            $tmpimg = newFromGif GD::Image(TMP);
+-            close(TMP);
++            $tmpimg = newFromGifData GD::Image($contents);
+             unlink($tmpfile);
+             if ($tmpimg->transparent != -1) {
+                 my $im = new GD::Image($w, $h);
diff -r 801ef542f5f5 -r 668dec78bbf0 www/wml/patches/patch-ak
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/www/wml/patches/patch-ak  Sun Jul 13 20:35:46 2008 +0000
@@ -0,0 +1,13 @@
+$NetBSD: patch-ak,v 1.1 2008/07/13 20:35:46 tonnerre Exp $
+
+--- work/wml-2.0.9/wml_backend/p1_ipp/ipp.src.orig     2002-04-20 23:26:19.000000000 +0200
++++ work/wml-2.0.9/wml_backend/p1_ipp/ipp.src
+@@ -565,6 +565,8 @@ foreach $str (@opt_D) {
+ #   process the pre-loaded include files
+ #
+ $tmpdir = $ENV{'TMPDIR'} || '/tmp';
++my $tmpldir = ($ENV{'TMPDIR'} || '/tmp') . '/ipp.XXXXXX';
++$tmpdir = mkdtemp($tmpldir) or die "Unable to create temporary directory: $!\n";
+ $tmpfile = $tmpdir . "/ipp.$$.tmp";
+ unlink($tmpfile);
+ $tmp = new IO::File;
diff -r 801ef542f5f5 -r 668dec78bbf0 www/wml/patches/patch-al
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/www/wml/patches/patch-al  Sun Jul 13 20:35:46 2008 +0000
@@ -0,0 +1,26 @@
+$NetBSD: patch-al,v 1.1 2008/07/13 20:35:46 tonnerre Exp $
+
+--- work/wml-2.0.9/wml_backend/p3_eperl/eperl_sys.c.orig       2002-08-08 23:56:26.000000000 +0200
++++ work/wml-2.0.9/wml_backend/p3_eperl/eperl_sys.c
+@@ -211,13 +211,20 @@ char *mytmpfile(char *id)
+ {
+     char ca[1024];
+     char *cp, *tmpdir;
++    char tmpfile[]="eperl_sourceXXXXXX";
+     int i;
++    int fd=-1;
+ 
+     tmpdir = getenv ("TMPDIR");
+     if (tmpdir == (char *) NULL)
+         tmpdir="/tmp";
+ 
+-    snprintf(ca, sizeof(ca), "%s/%s.%d.tmp%d", tmpdir, id, (int)getpid(), mytmpfilecnt++);
++    snprintf(ca, sizeof(ca), "%s/%s", tmpdir, tmpfile);
++    if((fd = mkstemp(tmpfile)) == -1){
++        perror("can not create tmpfile");
++        return NULL;
++    }
++    close(fd);
+     ca[sizeof(ca)-1] = NUL;
+     cp = strdup(ca);
+     for (i = 0; mytmpfiles[i] != NULL; i++)