dists/10.3/unstable/main/finkinfo/sci cernlib.patch,1.8,1.9 cernlib.info,1.17,1.18

Thu, 24 Mar 2005 14:54:13 -0800 

Update of /cvsroot/fink/dists/10.3/unstable/main/finkinfo/sci
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv18925

Modified Files:
        cernlib.patch cernlib.info 
Log Message:

Security patch from Kevin B. McCarty concerning tmp file vulnerabilities.


Index: cernlib.patch
===================================================================
RCS file: /cvsroot/fink/dists/10.3/unstable/main/finkinfo/sci/cernlib.patch,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -d -r1.8 -r1.9
--- cernlib.patch       8 Sep 2004 02:43:12 -0000       1.8
+++ cernlib.patch       24 Mar 2005 22:51:39 -0000      1.9
@@ -948,7 +948,7 @@
    fi
   
 -drv="/X11" ; ver="pro" ; OUT="/tmp/GEANT$$"
-+drv="/X11" ; ver="" ; OUT="/tmp/GEANT$$"
++drv="/X11" ; ver="" ; OUT="${HOME}/GEANT$$"
  gxint=""
   
  while [ $# -gt 0 ]
@@ -1032,3 +1032,1270 @@
   
  [ $cc -ne 0 ] && exit $cc
[...1248 lines suppressed...]
+ 
++#if 0
+     strcpy(tmp,tmppath);
+     strcat(tmp,TMP_TEMPLATE);
+     mktemp(tmp);
++#endif
+ 
+     /* builtin ftp client */
++    /* Fixed to use tmpfile() rather than the insecure mktemp()
++       -- Kevin McCarty, for Debian, 24 April 2003 */
+ 
+     if (bftp.bf_bufsize > 0) {
+-      if (!(f = fopen(tmp,"w"))) {
+-        errlog(LOG_ERR,"c_stage_tape() : can't open %s",tmp);
++      if (!(f = tmpfile())) {
++        errlog(LOG_ERR,"c_stage_tape() : tmpfile() failed : %s",
++             strerror(errno));
+         return SGD_RET_FOPEN;
+       }
+       ret = ftp_clio(f,cl_dat,st_dat,volid,fseqid,lbltyp,volser);

Index: cernlib.info
===================================================================
RCS file: /cvsroot/fink/dists/10.3/unstable/main/finkinfo/sci/cernlib.info,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -d -r1.17 -r1.18
--- cernlib.info        25 Sep 2004 17:38:01 -0000      1.17
+++ cernlib.info        24 Mar 2005 22:51:40 -0000      1.18
@@ -1,6 +1,6 @@
 Package: cernlib
 Version: 2003
-Revision: 20
+Revision: 21
 GCC: 3.3
 Description: Paw and other basic executables
 Depends: x11
@@ -38,6 +38,8 @@
 Source11Rename: cernlib-%v_graflib.tar.gz
 Source12: mirror:custom:%v_source/tar/src_geant321.tar.gz
 Source12Rename: cernlib-%v_geant321.tar.gz
+Source13: mirror:custom:%v_source/tar/src_patchy.tar.gz
+Source13Rename: cernlib-%v_patchy.tar.gz
 Source-MD5: d70e68ba8b12e98a3d3e64a1740e4ca1
 Source2-MD5: c2ce47d2d3b6dc3fcda459775fbdb5d0
 Source3-MD5: 814a4cb8596029d7fb84bb9e6f951648
@@ -50,6 +52,7 @@
 Source10-MD5: 6523df2f1536b3b59b7ea0a5fc0369f9
 Source11-MD5: 5b9b23b90161c7ef9abb988bbc10734b
 Source12-MD5: e5b9acafa125f224809d935054d111ac
+Source13-MD5: 93c73419f254ae234de83b800219c703
 SourceDirectory: %v/src
 PatchScript: sed 's|@PREFIX@|%p|g' <%a/%n.patch | patch -p1
 CompileScript: <<



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Fink-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fink-commits

Reply via email to