[CVS] OpenPKG: OPENPKG_2_3_SOLID: openpkg-src/texinfo/ texinfo.patch t...

Thu, 20 Oct 2005 23:32:50 -0700 

  OpenPKG CVS Repository
  http://cvs.openpkg.org/
  ____________________________________________________________________________

  Server: cvs.openpkg.org                  Name:   Ralf S. Engelschall
  Root:   /v/openpkg/cvs                   Email:  [EMAIL PROTECTED]
  Module: openpkg-src                      Date:   21-Oct-2005 08:32:50
  Branch: OPENPKG_2_3_SOLID                Handle: 2005102107324900

  Added files:              (Branch: OPENPKG_2_3_SOLID)
    openpkg-src/texinfo     texinfo.patch
  Modified files:           (Branch: OPENPKG_2_3_SOLID)
    openpkg-src/texinfo     texinfo.spec

  Log:
    apply Security Bugfix (CVE-2005-3011)

  Summary:
    Revision    Changes     Path
    1.1.6.1     +33 -0      openpkg-src/texinfo/texinfo.patch
    1.40.2.2    +3  -1      openpkg-src/texinfo/texinfo.spec
  ____________________________________________________________________________

  patch -p0 <<'@@ .'
  Index: openpkg-src/texinfo/texinfo.patch
  ============================================================================
  $ cvs diff -u -r0 -r1.1.6.1 texinfo.patch
  --- /dev/null 2005-10-21 08:32:48 +0200
  +++ texinfo.patch     2005-10-21 08:32:50 +0200
  @@ -0,0 +1,33 @@
  +Security Bugfix (CVE-2005-3011)
  +
  +Index: util/texindex.c
  +--- util/texindex.c.orig     2004-04-11 19:56:47 +0200
  ++++ util/texindex.c  2005-10-21 08:18:13 +0200
  +@@ -390,11 +390,12 @@
  + maketempname (int count)
  + {
  +   static char *tempbase = NULL;
  ++  char *tempname;
  +   char tempsuffix[10];
  ++  int fd;
  + 
  +   if (!tempbase)
  +     {
  +-      int fd;
  +       tempbase = concat (tempdir, "txidxXXXXXX");
  + 
  +       fd = mkstemp (tempbase);
  +@@ -403,7 +404,12 @@
  +     }
  + 
  +   sprintf (tempsuffix, ".%d", count);
  +-  return concat (tempbase, tempsuffix);
  ++  tempname = concat (tempbase, tempsuffix);
  ++  fd = open (tempname, O_CREAT|O_EXCL|O_WRONLY, 0600);
  ++  if (fd == -1)
  ++    pfatal_with_name (tempname);
  ++  close (fd);
  ++  return tempname;
  + }
  + 
  + 
  @@ .
  patch -p0 <<'@@ .'
  Index: openpkg-src/texinfo/texinfo.spec
  ============================================================================
  $ cvs diff -u -r1.40.2.1 -r1.40.2.2 texinfo.spec
  --- openpkg-src/texinfo/texinfo.spec  21 Feb 2005 17:08:45 -0000      1.40.2.1
  +++ openpkg-src/texinfo/texinfo.spec  21 Oct 2005 06:32:49 -0000      1.40.2.2
  @@ -34,10 +34,11 @@
   Group:        Text
   License:      GPL
   Version:      4.8
  -Release:      2.3.0
  +Release:      2.3.1
   
   #   list of sources
   Source0:      ftp://ftp.gnu.org/pub/gnu/texinfo/texinfo-%{version}.tar.gz
  +Patch0:       texinfo.patch
   
   #   build information
   Prefix:       %{l_prefix}
  @@ -64,6 +65,7 @@
   
   %prep
       %setup -q
  +    %patch -p0
       chmod u+x install-sh
   
   %build
  @@ .
______________________________________________________________________
The OpenPKG Project                                    www.openpkg.org
CVS Repository Commit List                     [email protected]

Reply via email to