From edwinm@joshua.mons.net  Wed Jul 12 00:19:51 2000
Return-Path: <edwinm@joshua.mons.net>
Received: from joshua.mons.net (c187121244.telekabel.chello.nl [212.187.121.244])
	by hub.freebsd.org (Postfix) with ESMTP id D2CB837BBEC
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 12 Jul 2000 00:19:40 -0700 (PDT)
	(envelope-from edwinm@joshua.mons.net)
Received: (from edwinm@localhost)
	by tricia.mons.net (8.9.3/8.9.3) id JAA04216;
	Wed, 12 Jul 2000 09:18:05 +0200 (CEST)
	(envelope-from edwinm)
Message-Id: <200007120718.JAA04216@tricia.mons.net>
Date: Wed, 12 Jul 2000 09:18:05 +0200 (CEST)
From: e@ik.nu
Sender: edwinm@joshua.mons.net
Reply-To: e@ik.nu
To: FreeBSD-gnats-submit@freebsd.org
Subject: change port games/xtrojka
X-Send-Pr-Version: 3.2

>Number:         19864
>Category:       ports
>Synopsis:       Fixes exploit in Makefile of xtrojka
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Wed Jul 12 00:20:04 PDT 2000
>Closed-Date:    Thu Jul 13 13:35:57 PDT 2000
>Last-Modified:  Thu Jul 13 13:36:17 PDT 2000
>Originator:     Edwin Mons
>Release:        FreeBSD 4.0-STABLE i386
>Organization:
>Environment:

	

>Description:

	Fixes the exploit listed in PR ports/19862

>How-To-Repeat:

	

>Fix:

--- xtrojka.bak/patches/patch-aa	Mon May 29 05:49:00 2000
+++ xtrojka/patches/patch-aa	Wed Jul 12 08:51:57 2000
@@ -1,5 +1,5 @@
---- Makefile	Sat Oct 21 17:38:22 1995
-+++ Makefile.new	Mon May 29 01:35:31 2000
+--- Makefile.orig	Sat Oct 21 22:38:22 1995
++++ Makefile	Wed Jul 12 08:50:34 2000
 @@ -8,7 +8,7 @@
  
  #	your favorite C-compiler
@@ -58,7 +58,7 @@
  #
  #
  #	main
-@@ -101,11 +105,15 @@
+@@ -101,11 +105,17 @@
  #
  #
  install:
@@ -67,8 +67,9 @@
 -	cp xtrojka.6 $(MANDIR); chmod go+r xtrojka.6; \
 -	cp xtrojka $(TARGET_DIR);chmod go+rx xtrojka; \
 -	touch $(HSFILE); chmod go+rwx $(HSFILE);
-+	echo $(HSFILE)|sed -e 's/\//\\\//g'>/tmp/hsn
-+	sed -e "s/__SCOREDIR__/`cat /tmp/hsn`/g" manpage > xtrojka.6
++	@rm -f hsn
++	echo $(HSFILE)|sed -e 's/\//\\\//g'>hsn
++	sed -e "s/__SCOREDIR__/`cat hsn`/g" manpage > xtrojka.6
 +	gzip -c xtrojka.6 >$(MANDIR)/xtrojka.6.gz
 +	cp xtrojka $(TARGET_DIR)
 +	chmod 2755 $(TARGET_DIR)/xtrojka
@@ -76,6 +77,7 @@
 +	touch $(HSFILE)
 +	chmod 664 $(HSFILE)
 +	chgrp games $(HSFILE)
++	@rm -f hsn
  	
  clean:
  	rm -rf *.o core xtrojka xtrojka.6 

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: jim 
State-Changed-When: Thu Jul 13 13:35:57 PDT 2000 
State-Changed-Why:  
Committed, thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=19864 
>Unformatted:
