Revision bump; added patch to fix insecure tmp file creation in the syslogtocern script, bug #110637.

(Portage version: 2.0.53_rc6)

2 files changed, 21 insertions, 0 deletions

diff --git a/www-servers/thttpd/files/digest-thttpd-2.25b-r3 b/www-servers/thttpd/files/digest-thttpd-2.25b-r3
new file mode 100644
index 000000000000..7b314a4df376
--- /dev/null
+++ b/www-servers/thttpd/files/digest-thttpd-2.25b-r3
@@ -0,0 +1,2 @@
+MD5 bf89557056ce34d502e20e24071616c7 php-5.0.3.tar.gz 5666998
+MD5 a0e9cd87455d3a0ea11e5ea7e947adf6 thttpd-2.25b.tar.gz 132363
diff --git a/www-servers/thttpd/files/thttpd-2.25/fix-insecure-tmp-creation-CVE-2005-3124.diff b/www-servers/thttpd/files/thttpd-2.25/fix-insecure-tmp-creation-CVE-2005-3124.diff
new file mode 100644
index 000000000000..c41ec46b9718
--- /dev/null
+++ b/www-servers/thttpd/files/thttpd-2.25/fix-insecure-tmp-creation-CVE-2005-3124.diff
@@ -0,0 +1,19 @@
+diff -ru thttpd-2.23beta1.orig/extras/syslogtocern thttpd-2.23beta1/extras/syslogtocern
+--- thttpd-2.23beta1.orig/extras/syslogtocern	1999-09-15 18:00:54.000000000 +0200
++++ thttpd-2.23beta1/extras/syslogtocern	2005-10-26 01:45:34.000000000 +0200
+@@ -31,8 +31,8 @@
+     exit 1
+ fi
+ 
+-tmp1=/tmp/stc1.$$
+-rm -f $tmp1
++tmp1=``mktemp -t stc1.XXXXXX` || { echo "$0: Cannot create temporary file" >&2; exit 1;  }
++trap " [ -f \"$tmp1\" ] && /bin/rm -f -- \"$tmp1\"" 0 1 2 3 13 15
+ 
+ # Gather up all the thttpd entries.
+ egrep ' thttpd\[' $* > $tmp1
+@@ -65,4 +65,3 @@
+   sed -e "s,\([A-Z][a-z][a-z] [0-9 ][0-9] [0-9][0-9]:[0-9][0-9]:[0-9][0-9]\) [^ ]* thttpd\[[0-9]*\]: \(.*\),[\1 ${year}] \2," > error_log
+ 
+ # Done.
+-rm -f $tmp1