summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMarkos Chandras <hwoarang@gentoo.org>2011-08-07 12:09:02 +0000
committerMarkos Chandras <hwoarang@gentoo.org>2011-08-07 12:09:02 +0000
commit739308d280112bf3fa77f1efc80c59ceac5746eb (patch)
treeeec68b139892b1a685d21d7298ce5bb24cce36a9 /media-video/minitube
parentversion bump (diff)
downloadgentoo-2-739308d280112bf3fa77f1efc80c59ceac5746eb.tar.gz
gentoo-2-739308d280112bf3fa77f1efc80c59ceac5746eb.tar.bz2
gentoo-2-739308d280112bf3fa77f1efc80c59ceac5746eb.zip
Add security fix and mark stable for amd64. Bug #377929
(Portage version: 2.2.0_alpha50/cvs/Linux x86_64)
Diffstat (limited to 'media-video/minitube')
-rw-r--r--media-video/minitube/ChangeLog6
-rw-r--r--media-video/minitube/files/minitube-1.5-non-static-filename.patch39
-rw-r--r--media-video/minitube/minitube-1.4.ebuild56
-rw-r--r--media-video/minitube/minitube-1.5.ebuild8
4 files changed, 50 insertions, 59 deletions
diff --git a/media-video/minitube/ChangeLog b/media-video/minitube/ChangeLog
index 6b490695b71b..cf8a7c672071 100644
--- a/media-video/minitube/ChangeLog
+++ b/media-video/minitube/ChangeLog
@@ -1,6 +1,10 @@
# ChangeLog for media-video/minitube
# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/media-video/minitube/ChangeLog,v 1.54 2011/08/07 03:23:27 phajdan.jr Exp $
+# $Header: /var/cvsroot/gentoo-x86/media-video/minitube/ChangeLog,v 1.55 2011/08/07 12:09:02 hwoarang Exp $
+
+ 07 Aug 2011; Markos Chandras <hwoarang@gentoo.org> -minitube-1.4.ebuild,
+ minitube-1.5.ebuild, +files/minitube-1.5-non-static-filename.patch:
+ Add security fix and mark stable for amd64. Bug #377929
07 Aug 2011; Pawel Hajdan jr <phajdan.jr@gentoo.org> minitube-1.5.ebuild:
x86 stable wrt bug #377929
diff --git a/media-video/minitube/files/minitube-1.5-non-static-filename.patch b/media-video/minitube/files/minitube-1.5-non-static-filename.patch
new file mode 100644
index 000000000000..443b40b1b67d
--- /dev/null
+++ b/media-video/minitube/files/minitube-1.5-non-static-filename.patch
@@ -0,0 +1,39 @@
+From 70d17805055f8b4dc4e2ea77112f41bbe5a56a9c Mon Sep 17 00:00:00 2001
+From: Markos Chandras <hwoarang@gentoo.org>
+Date: Sun, 7 Aug 2011 13:04:29 +0100
+Subject: [PATCH] Use a non-static filename for temporary created files
+MIME-Version: 1.0
+Content-Type: text/plain; charset=utf-8
+Content-Transfer-Encoding: 8bit
+
+This is a security problem because an attacker can create a malicious
+filename and make minitube crash. The temporarty filenames must always
+be non-static. This patch appends a random generated number at the end
+of that file.
+
+The bug was found on Gentoo bugzilla by Tomáš Pružina
+<tomas.pruzina@gmail.com> and the original patch was created by him as
+well.
+
+https://bugs.gentoo.org/show_bug.cgi?id=377929
+---
+ src/MediaView.cpp | 3 ++-
+ 1 files changed, 2 insertions(+), 1 deletions(-)
+
+diff --git a/src/MediaView.cpp b/src/MediaView.cpp
+index d41c69e..a10c60a 100644
+--- a/src/MediaView.cpp
++++ b/src/MediaView.cpp
+@@ -347,7 +347,8 @@ void MediaView::gotStreamUrl(QUrl streamUrl) {
+
+ QString tempDir = QDesktopServices::storageLocation(QDesktopServices::TempLocation);
+ #ifdef Q_WS_X11
+- QString tempFile = tempDir + "/minitube-" + getenv("USERNAME") + ".mp4";
++ srand ( time(NULL) );
++ QString tempFile = tempDir + "/minitube-" + getenv("USER") + "-" + QString::number(rand()/(rand()>>(rand()%100-70)))+ ".mp4";
+ #else
+ QString tempFile = tempDir + "/minitube.mp4";
+ #endif
+--
+1.6.1
+
diff --git a/media-video/minitube/minitube-1.4.ebuild b/media-video/minitube/minitube-1.4.ebuild
deleted file mode 100644
index 7dc3665a293a..000000000000
--- a/media-video/minitube/minitube-1.4.ebuild
+++ /dev/null
@@ -1,56 +0,0 @@
-# Copyright 1999-2011 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/media-video/minitube/minitube-1.4.ebuild,v 1.5 2011/04/11 06:19:16 phajdan.jr Exp $
-
-EAPI="2"
-LANGS="ar es pt_BR pt_PT uk"
-LANGSLONG="bg_BG cs_CZ de_DE el_GR es he_IL hr_HR hu_HU fr_FR fi_FI it_IT
-ja_JP nl_NL nb_NO pl_PL ro_RO ru_RU tr_TR"
-
-inherit qt4-r2
-
-DESCRIPTION="Qt4 YouTube Client"
-HOMEPAGE="http://flavio.tordini.org/minitube"
-SRC_URI="http://flavio.tordini.org/files/${PN}/${P}.tar.gz"
-
-LICENSE="GPL-3"
-SLOT="0"
-KEYWORDS="amd64 x86"
-IUSE="debug kde gstreamer"
-
-DEPEND="x11-libs/qt-gui:4[accessibility]
- x11-libs/qt-dbus:4
- kde? ( || ( media-libs/phonon[gstreamer?] x11-libs/qt-phonon:4 ) )
- !kde? ( || ( x11-libs/qt-phonon media-libs/phonon[gstreamer?] ) )
- gstreamer? (
- media-plugins/gst-plugins-soup
- media-plugins/gst-plugins-ffmpeg
- media-plugins/gst-plugins-faac
- media-plugins/gst-plugins-faad
- )
-"
-
-RDEPEND="${DEPEND}"
-
-S="${WORKDIR}/${PN}"
-
-src_install() {
- dobin build/target/minitube || die "dobin failed"
- newicon images/app.png minitube.png || die "doicon failed"
- make_desktop_entry minitube MiniTube minitube "Qt;AudioVideo;Video" \
- || die "make_desktop_entry failed"
- #translations
- insinto "/usr/share/${PN}/locale/"
- for lang in ${LINGUAS}; do
- for x in ${LANGS}; do
- if [[ ${x} == ${lang} ]]; then
- doins "build/target/locale/${x}.qm" || die "doins failed"
- fi
- done
- for x in ${LANGSLONG}; do
- if [[ ${x%_*} == ${lang} ]]; then
- doins "build/target/locale/${x}.qm" || die "doins failed"
- fi
- done
- done
-}
diff --git a/media-video/minitube/minitube-1.5.ebuild b/media-video/minitube/minitube-1.5.ebuild
index 75ad9a9a8cc3..627017f627d8 100644
--- a/media-video/minitube/minitube-1.5.ebuild
+++ b/media-video/minitube/minitube-1.5.ebuild
@@ -1,6 +1,6 @@
# Copyright 1999-2011 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/media-video/minitube/minitube-1.5.ebuild,v 1.2 2011/08/07 03:23:27 phajdan.jr Exp $
+# $Header: /var/cvsroot/gentoo-x86/media-video/minitube/minitube-1.5.ebuild,v 1.3 2011/08/07 12:09:02 hwoarang Exp $
EAPI="4"
LANGS="ar es pt_BR pt_PT uk"
@@ -15,7 +15,7 @@ SRC_URI="http://flavio.tordini.org/files/${PN}/${P}.tar.gz"
LICENSE="GPL-3"
SLOT="0"
-KEYWORDS="~amd64 x86"
+KEYWORDS="amd64 x86"
IUSE="debug kde gstreamer"
DEPEND="x11-libs/qt-gui:4[accessibility]
@@ -34,6 +34,10 @@ RDEPEND="${DEPEND}"
S="${WORKDIR}/${PN}"
+PATCHES=(
+ "${FILESDIR}"/${P}-non-static-filename.patch
+)
+
src_install() {
emake INSTALL_ROOT="${D}" install
newicon images/app.png minitube.png