summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMike Frysinger <vapier@gentoo.org>2005-09-29 00:27:11 +0000
committerMike Frysinger <vapier@gentoo.org>2005-09-29 00:27:11 +0000
commit533bc2f4a7870d2ddb19f5f8a14a02100e6372c2 (patch)
tree3997dda207e62b8a70972c33594df2ebf8347031 /app-admin/gtkdiskfree
parentMake sure we control X11/GL/rle dependencies via USE #107497. (diff)
downloadgentoo-2-533bc2f4a7870d2ddb19f5f8a14a02100e6372c2.tar.gz
gentoo-2-533bc2f4a7870d2ddb19f5f8a14a02100e6372c2.tar.bz2
gentoo-2-533bc2f4a7870d2ddb19f5f8a14a02100e6372c2.zip
Fix by Tavis Ormandy for insecure tempfile usage #104565.
(Portage version: 2.0.52-r1 http://www.bash.org/?136501 )
Diffstat (limited to 'app-admin/gtkdiskfree')
-rw-r--r--app-admin/gtkdiskfree/ChangeLog10
-rw-r--r--app-admin/gtkdiskfree/files/digest-gtkdiskfree-1.9.3-r11
-rw-r--r--app-admin/gtkdiskfree/files/gtkdiskfree-1.9.3-tempfile.patch58
-rw-r--r--app-admin/gtkdiskfree/gtkdiskfree-1.9.3-r1.ebuild35
4 files changed, 102 insertions, 2 deletions
diff --git a/app-admin/gtkdiskfree/ChangeLog b/app-admin/gtkdiskfree/ChangeLog
index f8ff6e730c3f..2f1bd6d3f8e7 100644
--- a/app-admin/gtkdiskfree/ChangeLog
+++ b/app-admin/gtkdiskfree/ChangeLog
@@ -1,6 +1,12 @@
# ChangeLog for app-admin/gtkdiskfree
-# Copyright 2002-2005 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-admin/gtkdiskfree/ChangeLog,v 1.16 2005/05/08 14:37:03 herbs Exp $
+# Copyright 1999-2005 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/app-admin/gtkdiskfree/ChangeLog,v 1.17 2005/09/29 00:27:11 vapier Exp $
+
+*gtkdiskfree-1.9.3-r1 (29 Sep 2005)
+
+ 29 Sep 2005; Mike Frysinger <vapier@gentoo.org>
+ +files/gtkdiskfree-1.9.3-tempfile.patch, +gtkdiskfree-1.9.3-r1.ebuild:
+ Fix by Tavis Ormandy for insecure tempfile usage #104565.
08 May 2005; Herbie Hopkins <herbs@gentoo.org> gtkdiskfree-1.9.3.ebuild:
Stable on amd64.
diff --git a/app-admin/gtkdiskfree/files/digest-gtkdiskfree-1.9.3-r1 b/app-admin/gtkdiskfree/files/digest-gtkdiskfree-1.9.3-r1
new file mode 100644
index 000000000000..64f070a4addc
--- /dev/null
+++ b/app-admin/gtkdiskfree/files/digest-gtkdiskfree-1.9.3-r1
@@ -0,0 +1 @@
+MD5 66dea9f2cb3bf83e6b45702900a97a03 gtkdiskfree-1.9.3.tar.gz 255448
diff --git a/app-admin/gtkdiskfree/files/gtkdiskfree-1.9.3-tempfile.patch b/app-admin/gtkdiskfree/files/gtkdiskfree-1.9.3-tempfile.patch
new file mode 100644
index 000000000000..abfc494f0c13
--- /dev/null
+++ b/app-admin/gtkdiskfree/files/gtkdiskfree-1.9.3-tempfile.patch
@@ -0,0 +1,58 @@
+Fix insecure tempfile usage
+
+Patch by Tavis Ormandy
+
+http://bugs.gentoo.org/104565
+
+--- gtkdiskfree-1.9.3/src/mount.c
++++ gtkdiskfree-1.9.3/src/mount.c
+@@ -31,41 +31,21 @@
+ void
+ open_cmd_tube (const gchar *cmd, const gchar *mount_point)
+ {
+- gint status;
+- gchar error[MAXLINE], *line;
+- FILE *sh, *tmp;
++ gchar error[MAXLINE], *line, *status;
++ FILE *sh;
+
+ setbuf(stdout, error);
+- line = g_strconcat(cmd, " ", mount_point, " &> ", TUBE_NAME, NULL);
++ line = g_strconcat(cmd, " ", mount_point, " 2>&1", NULL);
+ sh = popen(line, "r");
+ g_free(line);
+
+- status = pclose(sh);
+-
+- if (status == 0) {
+- remove(TUBE_NAME);
+- gui_list_main_update(GTK_TREE_VIEW(list_treeview));
+-
+- return;
+- } else {
+- if ((tmp = fopen(TUBE_NAME, "r")) == NULL) {
+- gui_list_main_update(GTK_TREE_VIEW(list_treeview));
+-
+- return;
+- }
+- if (fgets(error, MAXLINE-1, tmp) == NULL) {
+- fclose(tmp);
+- remove(TUBE_NAME);
+- gui_list_main_update(GTK_TREE_VIEW(list_treeview));
+-
+- return;
+- }
+- fclose(tmp);
+- remove(TUBE_NAME);
++ status = fgets(error, MAXLINE-1, sh);
++
++ if (status && (pclose(sh) != 0))
+ error_window(error);
+- }
++
+ gui_list_main_update(GTK_TREE_VIEW(list_treeview));
+-
++
+ return;
+ }
+
diff --git a/app-admin/gtkdiskfree/gtkdiskfree-1.9.3-r1.ebuild b/app-admin/gtkdiskfree/gtkdiskfree-1.9.3-r1.ebuild
new file mode 100644
index 000000000000..a4d4f59110cd
--- /dev/null
+++ b/app-admin/gtkdiskfree/gtkdiskfree-1.9.3-r1.ebuild
@@ -0,0 +1,35 @@
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-admin/gtkdiskfree/gtkdiskfree-1.9.3-r1.ebuild,v 1.1 2005/09/29 00:27:11 vapier Exp $
+
+inherit eutils
+
+DESCRIPTION="Graphical tool to show free disk space"
+HOMEPAGE="http://gtkdiskfree.tuxfamily.org/"
+SRC_URI="http://gtkdiskfree.tuxfamily.org/src_tgz/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~ppc ~ppc64 ~x86"
+IUSE="nls"
+
+DEPEND=">=x11-libs/gtk+-2
+ >=dev-libs/glib-2
+ nls? ( sys-devel/gettext )"
+
+src_unpack() {
+ unpack ${A}
+ cd "${S}"
+ epatch "${FILESDIR}"/${P}-tempfile.patch #104565
+ epatch "${FILESDIR}"/${PV}-makefile-DESTDIR.patch
+}
+
+src_compile() {
+ econf $(use_enable nls) || die
+ emake || die "emake failed"
+}
+
+src_install() {
+ make install DESTDIR="${D}" || die
+ dodoc AUTHORS ChangeLog NEWS README THANKS TODO
+}