dists/10.3/unstable/main/finkinfo/sci cernlib2002.info,1.4,1.5 cernlib2002.patch,1.3,1.4

Thu, 24 Mar 2005 15:29:51 -0800 

Update of /cvsroot/fink/dists/10.3/unstable/main/finkinfo/sci
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv6189

Modified Files:
        cernlib2002.info cernlib2002.patch 
Log Message:
Security patch from Kevin B. McCarty concerning tmp file vulnerabilities.

Index: cernlib2002.patch
===================================================================
RCS file: 
/cvsroot/fink/dists/10.3/unstable/main/finkinfo/sci/cernlib2002.patch,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -d -r1.3 -r1.4
--- cernlib2002.patch   8 Sep 2004 02:43:12 -0000       1.3
+++ cernlib2002.patch   24 Mar 2005 23:28:45 -0000      1.4
@@ -908,7 +908,7 @@
    fi
   
 -drv="/X11" ; ver="pro" ; OUT="/tmp/GEANT$$"
-+drv="/X11" ; ver="" ; OUT="/tmp/GEANT$$"
++drv="/X11" ; ver="" ; OUT="${HOME}/GEANT$$"
  gxint=""
   
  while [ $# -gt 0 ]
@@ -1039,3 +1039,1253 @@
 +
 +       return !i;
[...1231 lines suppressed...]
+ 
++#if 0
+     strcpy(tmp,tmppath);
+     strcat(tmp,TMP_TEMPLATE);
+     mktemp(tmp);
++#endif
+ 
+     /* builtin ftp client */
++    /* Fixed to use tmpfile() rather than the insecure mktemp()
++       -- Kevin McCarty, for Debian, 24 April 2003 */
+ 
+     if (bftp.bf_bufsize > 0) {
+-      if (!(f = fopen(tmp,"w"))) {
+-        errlog(LOG_ERR,"c_stage_tape() : can't open %s",tmp);
++      if (!(f = tmpfile())) {
++        errlog(LOG_ERR,"c_stage_tape() : tmpfile() failed : %s",
++             strerror(errno));
+         return SGD_RET_FOPEN;
+       }
+       ret = ftp_clio(f,cl_dat,st_dat,volid,fseqid,lbltyp,volser);

Index: cernlib2002.info
===================================================================
RCS file: /cvsroot/fink/dists/10.3/unstable/main/finkinfo/sci/cernlib2002.info,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -d -r1.4 -r1.5
--- cernlib2002.info    25 Sep 2004 17:38:01 -0000      1.4
+++ cernlib2002.info    24 Mar 2005 23:28:45 -0000      1.5
@@ -1,6 +1,6 @@
 Package: cernlib2002
 Version: 2002
-Revision: 4
+Revision: 5
 GCC: 3.3
 Description: Paw and other basic executables
 Depends: x11
@@ -27,6 +27,7 @@
 Source10: mirror:custom:%v_source/tar/src_mathlib.tar.gz
 Source11: mirror:custom:%v_source/tar/src_graflib.tar.gz
 Source12: mirror:custom:%v_source/tar/src_geant321.tar.gz
+Source13: mirror:custom:%v_source/tar/src_patchy.tar.gz
 SourceRename: cernlib-%v_Imakefile.tar.gz
 Source2Rename: cernlib-%v_config.tar.gz
 Source3Rename: cernlib-%v_include.tar.gz
@@ -39,6 +40,7 @@
 Source10Rename: cernlib-%v_mathlib.tar.gz
 Source11Rename: cernlib-%v_graflib.tar.gz
 Source12Rename: cernlib-%v_geant321.tar.gz
+Source13Rename: cernlib-%v_patchy.tar.gz
 Source-MD5: 086556e4310073261a2393863d81a684
 Source2-MD5: 7ac4211c3ac97740c3fc24de20fdd37a
 Source3-MD5: 2af7abe09c5674293b51a7b6620ad111
@@ -51,6 +53,7 @@
 Source10-MD5: 75671fb9fbe2ac501196a1cd6d484b63
 Source11-MD5: a4a6bb638248986ca97b08f39b251eca
 Source12-MD5: 685870b95aa2b6c6130eff2cff6bd1e4
+Source13-MD5: 91046f73c8823309f7847f20fa84dae2
 SourceDirectory: %v/src
 PatchScript: sed 's|@PREFIX@|%p|g' <%a/%n.patch | patch -p1
 CompileScript: <<



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Fink-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fink-commits

Reply via email to