From 533bc2f4a7870d2ddb19f5f8a14a02100e6372c2 Mon Sep 17 00:00:00 2001 From: Mike Frysinger Date: Thu, 29 Sep 2005 00:27:11 +0000 Subject: Fix by Tavis Ormandy for insecure tempfile usage #104565. (Portage version: 2.0.52-r1 http://www.bash.org/?136501 ) --- app-admin/gtkdiskfree/ChangeLog | 10 +++- .../gtkdiskfree/files/digest-gtkdiskfree-1.9.3-r1 | 1 + .../files/gtkdiskfree-1.9.3-tempfile.patch | 58 ++++++++++++++++++++++ app-admin/gtkdiskfree/gtkdiskfree-1.9.3-r1.ebuild | 35 +++++++++++++ 4 files changed, 102 insertions(+), 2 deletions(-) create mode 100644 app-admin/gtkdiskfree/files/digest-gtkdiskfree-1.9.3-r1 create mode 100644 app-admin/gtkdiskfree/files/gtkdiskfree-1.9.3-tempfile.patch create mode 100644 app-admin/gtkdiskfree/gtkdiskfree-1.9.3-r1.ebuild (limited to 'app-admin') diff --git a/app-admin/gtkdiskfree/ChangeLog b/app-admin/gtkdiskfree/ChangeLog index f8ff6e730c3f..2f1bd6d3f8e7 100644 --- a/app-admin/gtkdiskfree/ChangeLog +++ b/app-admin/gtkdiskfree/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for app-admin/gtkdiskfree -# Copyright 2002-2005 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-admin/gtkdiskfree/ChangeLog,v 1.16 2005/05/08 14:37:03 herbs Exp $ +# Copyright 1999-2005 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/app-admin/gtkdiskfree/ChangeLog,v 1.17 2005/09/29 00:27:11 vapier Exp $ + +*gtkdiskfree-1.9.3-r1 (29 Sep 2005) + + 29 Sep 2005; Mike Frysinger + +files/gtkdiskfree-1.9.3-tempfile.patch, +gtkdiskfree-1.9.3-r1.ebuild: + Fix by Tavis Ormandy for insecure tempfile usage #104565. 08 May 2005; Herbie Hopkins gtkdiskfree-1.9.3.ebuild: Stable on amd64. diff --git a/app-admin/gtkdiskfree/files/digest-gtkdiskfree-1.9.3-r1 b/app-admin/gtkdiskfree/files/digest-gtkdiskfree-1.9.3-r1 new file mode 100644 index 000000000000..64f070a4addc --- /dev/null +++ b/app-admin/gtkdiskfree/files/digest-gtkdiskfree-1.9.3-r1 @@ -0,0 +1 @@ +MD5 66dea9f2cb3bf83e6b45702900a97a03 gtkdiskfree-1.9.3.tar.gz 255448 diff --git a/app-admin/gtkdiskfree/files/gtkdiskfree-1.9.3-tempfile.patch b/app-admin/gtkdiskfree/files/gtkdiskfree-1.9.3-tempfile.patch new file mode 100644 index 000000000000..abfc494f0c13 --- /dev/null +++ b/app-admin/gtkdiskfree/files/gtkdiskfree-1.9.3-tempfile.patch @@ -0,0 +1,58 @@ +Fix insecure tempfile usage + +Patch by Tavis Ormandy + +http://bugs.gentoo.org/104565 + +--- gtkdiskfree-1.9.3/src/mount.c ++++ gtkdiskfree-1.9.3/src/mount.c +@@ -31,41 +31,21 @@ + void + open_cmd_tube (const gchar *cmd, const gchar *mount_point) + { +- gint status; +- gchar error[MAXLINE], *line; +- FILE *sh, *tmp; ++ gchar error[MAXLINE], *line, *status; ++ FILE *sh; + + setbuf(stdout, error); +- line = g_strconcat(cmd, " ", mount_point, " &> ", TUBE_NAME, NULL); ++ line = g_strconcat(cmd, " ", mount_point, " 2>&1", NULL); + sh = popen(line, "r"); + g_free(line); + +- status = pclose(sh); +- +- if (status == 0) { +- remove(TUBE_NAME); +- gui_list_main_update(GTK_TREE_VIEW(list_treeview)); +- +- return; +- } else { +- if ((tmp = fopen(TUBE_NAME, "r")) == NULL) { +- gui_list_main_update(GTK_TREE_VIEW(list_treeview)); +- +- return; +- } +- if (fgets(error, MAXLINE-1, tmp) == NULL) { +- fclose(tmp); +- remove(TUBE_NAME); +- gui_list_main_update(GTK_TREE_VIEW(list_treeview)); +- +- return; +- } +- fclose(tmp); +- remove(TUBE_NAME); ++ status = fgets(error, MAXLINE-1, sh); ++ ++ if (status && (pclose(sh) != 0)) + error_window(error); +- } ++ + gui_list_main_update(GTK_TREE_VIEW(list_treeview)); +- ++ + return; + } + diff --git a/app-admin/gtkdiskfree/gtkdiskfree-1.9.3-r1.ebuild b/app-admin/gtkdiskfree/gtkdiskfree-1.9.3-r1.ebuild new file mode 100644 index 000000000000..a4d4f59110cd --- /dev/null +++ b/app-admin/gtkdiskfree/gtkdiskfree-1.9.3-r1.ebuild @@ -0,0 +1,35 @@ +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/app-admin/gtkdiskfree/gtkdiskfree-1.9.3-r1.ebuild,v 1.1 2005/09/29 00:27:11 vapier Exp $ + +inherit eutils + +DESCRIPTION="Graphical tool to show free disk space" +HOMEPAGE="http://gtkdiskfree.tuxfamily.org/" +SRC_URI="http://gtkdiskfree.tuxfamily.org/src_tgz/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~ppc ~ppc64 ~x86" +IUSE="nls" + +DEPEND=">=x11-libs/gtk+-2 + >=dev-libs/glib-2 + nls? ( sys-devel/gettext )" + +src_unpack() { + unpack ${A} + cd "${S}" + epatch "${FILESDIR}"/${P}-tempfile.patch #104565 + epatch "${FILESDIR}"/${PV}-makefile-DESTDIR.patch +} + +src_compile() { + econf $(use_enable nls) || die + emake || die "emake failed" +} + +src_install() { + make install DESTDIR="${D}" || die + dodoc AUTHORS ChangeLog NEWS README THANKS TODO +} -- cgit v1.2.3-65-gdbad