aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMaxim Konovalov <maxim@FreeBSD.org>2005-09-10 16:23:58 +0000
committerMaxim Konovalov <maxim@FreeBSD.org>2005-09-10 16:23:58 +0000
commitfb208ca830a7e3d28edcba38368d20c39ec65ecb (patch)
tree0a09e1745f28e4bc4478a3080e16b91533f2589d
parentdfa7b73d12f67de55c2ac092c1cbc063484b6d38 (diff)
downloadsrc-fb208ca830a7e3d28edcba38368d20c39ec65ecb.tar.gz
src-fb208ca830a7e3d28edcba38368d20c39ec65ecb.zip
Merge SA-05:20.cvsbug.
Approved by: so (cperciva)
Notes
Notes: svn path=/releng/4.9/; revision=149944
-rw-r--r--UPDATING3
-rwxr-xr-xcontrib/cvs/src/cvsbug.in8
-rw-r--r--gnu/usr.bin/send-pr/send-pr.sh2
-rw-r--r--sys/conf/newvers.sh2
4 files changed, 8 insertions, 7 deletions
diff --git a/UPDATING b/UPDATING
index 32e0951222b1..f14ac1d16922 100644
--- a/UPDATING
+++ b/UPDATING
@@ -17,6 +17,9 @@ minimal number of processes, if possible, for that patch. For those
updates that don't have an advisory, or to be safe, you can do a full
build and install as described in the COMMON ITEMS section.
+20050910: p20 FreeBSD-SA-05:20.cvsbug
+ Correct insecure temporary file usage.
+
20050702: p19 FreeBSD-SA-05:14.bzip2, FreeBSD-SA-05:15.tcp
Correct bzip2 denial of service and permission race vulnerabilities.
diff --git a/contrib/cvs/src/cvsbug.in b/contrib/cvs/src/cvsbug.in
index db46f6e485cc..acb0e9a122f5 100755
--- a/contrib/cvs/src/cvsbug.in
+++ b/contrib/cvs/src/cvsbug.in
@@ -85,9 +85,9 @@ fi
[ -z "$TMPDIR" ] && TMPDIR=/tmp
-TEMP=$TMPDIR/p$$
-BAD=$TMPDIR/pbad$$
-REF=$TMPDIR/pf$$
+TEMP="`/usr/bin/mktemp $TMPDIR/p.XXXXXX`"
+BAD="`/usr/bin/mktemp $TMPDIR/pbad.XXXXXX`"
+REF="`/usr/bin/mktemp $TMPDIR/pf.XXXXXX`"
if [ -z "$LOGNAME" -a -n "$USER" ]; then
LOGNAME=$USER
@@ -108,14 +108,12 @@ elif [ -f /bin/domainname ]; then
/usr/bin/ypcat passwd 2>/dev/null | cat - /etc/passwd | grep "^$LOGNAME:" |
cut -f5 -d':' | sed -e 's/,.*//' > $TEMP
ORIGINATOR="`cat $TEMP`"
- rm -f $TEMP
fi
fi
if [ "$ORIGINATOR" = "" ]; then
grep "^$LOGNAME:" /etc/passwd | cut -f5 -d':' | sed -e 's/,.*//' > $TEMP
ORIGINATOR="`cat $TEMP`"
- rm -f $TEMP
fi
if [ -n "$ORGANIZATION" ]; then
diff --git a/gnu/usr.bin/send-pr/send-pr.sh b/gnu/usr.bin/send-pr/send-pr.sh
index e3c149d862ae..e5eb650fa60d 100644
--- a/gnu/usr.bin/send-pr/send-pr.sh
+++ b/gnu/usr.bin/send-pr/send-pr.sh
@@ -262,7 +262,7 @@ TEMP=`mktemp -t pf` || exit 1
# Catch some signals. ($xs kludge needed by Sun /bin/sh)
xs=0
trap 'rm -f $REF $TEMP; exit $xs' 0
-trap 'echo "$COMMAND: Aborting ..."; rm -f $REF $TEMP; xs=1; exit' 1 2 3 13 15
+trap 'SAV=`mktemp -t pr`;echo "$COMMAND: Aborting ... saving unfinished PR into $SAV"; rm -f $REF ; mv $TEMP $SAV; xs=1; exit' 1 2 3 13 15
# If they told us to use a specific file, then do so.
if [ -n "$IN_FILE" ]; then
diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh
index edfecfca1623..5cd7c9f44909 100644
--- a/sys/conf/newvers.sh
+++ b/sys/conf/newvers.sh
@@ -36,7 +36,7 @@
TYPE="FreeBSD"
REVISION="4.9"
-BRANCH="RELEASE-p19"
+BRANCH="RELEASE-p20"
RELEASE="${REVISION}-${BRANCH}"
VERSION="${TYPE} ${RELEASE}"