diff options
| -rw-r--r-- | comms/mgetty+sendfax/Makefile | 2 | ||||
| -rw-r--r-- | comms/mgetty+sendfax/files/patch-CVE-2008-4936 | 52 |
2 files changed, 53 insertions, 1 deletions
diff --git a/comms/mgetty+sendfax/Makefile b/comms/mgetty+sendfax/Makefile index 7bc0a231b99a..9a2ec97e6169 100644 --- a/comms/mgetty+sendfax/Makefile +++ b/comms/mgetty+sendfax/Makefile @@ -7,7 +7,7 @@ PORTNAME= mgetty PORTVERSION= 1.1.35 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= comms MASTER_SITES= ftp://mgetty.greenie.net/pub/mgetty/source/1.1/ DISTNAME= ${PORTNAME}${PORTVERSION}-Feb22 diff --git a/comms/mgetty+sendfax/files/patch-CVE-2008-4936 b/comms/mgetty+sendfax/files/patch-CVE-2008-4936 new file mode 100644 index 000000000000..b3ce58f7a054 --- /dev/null +++ b/comms/mgetty+sendfax/files/patch-CVE-2008-4936 @@ -0,0 +1,52 @@ +--- fax/faxspool.in.orig 2008-12-06 22:30:36.000000000 +0300 ++++ fax/faxspool.in 2008-12-06 22:48:40.000000000 +0300 +@@ -653,12 +653,12 @@ + # + # mkdir a directory in $TMP (or /tmp), convert input to G3 in there + # +-spooldir=${TMP:-/tmp}/$new_seq.$$.`date +%S` ++spooldir=`mktemp -d "${TMP:-/tmp}"/"$new_seq.$$".XXXXXXXX` + +-if ( umask 077 ; mkdir $spooldir ) ; then ++if [ $? -eq 0 ]; then + $echo "spooling to $spooldir (->$new_seq)..." + else +- $echo "ERROR: can't create work dir '$spooldir', giving up" >&2 ; exit 6 ++ $echo "ERROR: can't create work dir inside '${TMP:-/tmp}', giving up" >&2 ; exit 6 + fi + + # +@@ -675,9 +675,12 @@ + if [ x$file = x- ] + then + $echo "spooling $file (stdin)..." +- trap "rm /tmp/faxsp.$$" 0 +- cat - >/tmp/faxsp.$$ +- file=/tmp/faxsp.$$ ++ file=`mktemp "$spooldir/faxsp.XXXXXXXX"` ++ if [ -z "$file" ]; then ++ $echo "ERROR: can't create work file, giving up" >&2; exit 6 ++ fi ++ trap "rm -f $file" 0 ++ cat - >"$file" + else + $echo "spooling $file..." + fi +@@ -924,7 +927,7 @@ + then + $echo "\nnothing to do (no cover page, no data)." >&2 + cd $FAX_SPOOL_OUT +- rmdir $spooldir ++ rm -rf $spooldir + exit 52 + fi + +@@ -965,7 +968,7 @@ + # clean up + rm $job.q + cd .. +-rmdir $spooldir ++rm -rf $spooldir + + if [ -z "`find $LAST_RUN -ctime -1 -print 2>/dev/null`" ] + then |