summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--app-admin/conky/ChangeLog8
-rw-r--r--app-admin/conky/conky-1.8.1-r2.ebuild (renamed from app-admin/conky/conky-1.8.1-r1.ebuild)2
-rw-r--r--app-admin/conky/files/conky-1.8.1-secunia-SA43225.patch94
3 files changed, 78 insertions, 26 deletions
diff --git a/app-admin/conky/ChangeLog b/app-admin/conky/ChangeLog
index a528ec7bfce4..2f766adae102 100644
--- a/app-admin/conky/ChangeLog
+++ b/app-admin/conky/ChangeLog
@@ -1,6 +1,12 @@
# ChangeLog for app-admin/conky
# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-admin/conky/ChangeLog,v 1.155 2011/02/12 16:21:03 xarthisius Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-admin/conky/ChangeLog,v 1.156 2011/02/12 17:43:58 billie Exp $
+
+*conky-1.8.1-r2 (12 Feb 2011)
+
+ 12 Feb 2011; Daniel Pielmeier <billie@gentoo.org> -conky-1.8.1-r1.ebuild,
+ +conky-1.8.1-r2.ebuild, files/conky-1.8.1-secunia-SA43225.patch:
+ Updated patch security bug #354061.
12 Feb 2011; Kacper Kowalik <xarthisius@gentoo.org> conky-1.8.1-r1.ebuild:
Marked ~ppc wrt #326767
diff --git a/app-admin/conky/conky-1.8.1-r1.ebuild b/app-admin/conky/conky-1.8.1-r2.ebuild
index c83b99f8f668..ac05ea22a3d7 100644
--- a/app-admin/conky/conky-1.8.1-r1.ebuild
+++ b/app-admin/conky/conky-1.8.1-r2.ebuild
@@ -1,6 +1,6 @@
# Copyright 1999-2011 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-admin/conky/conky-1.8.1-r1.ebuild,v 1.2 2011/02/12 16:21:03 xarthisius Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-admin/conky/conky-1.8.1-r2.ebuild,v 1.1 2011/02/12 17:43:58 billie Exp $
EAPI=2
diff --git a/app-admin/conky/files/conky-1.8.1-secunia-SA43225.patch b/app-admin/conky/files/conky-1.8.1-secunia-SA43225.patch
index afa33211f872..81272bd3764a 100644
--- a/app-admin/conky/files/conky-1.8.1-secunia-SA43225.patch
+++ b/app-admin/conky/files/conky-1.8.1-secunia-SA43225.patch
@@ -1,26 +1,72 @@
-From ac4a3682aecb9d6466fea4aebb183b5f8f632905 Mon Sep 17 00:00:00 2001
-From: Nikolas Garofil <nikolas@garofil.be>
-Date: Thu, 10 Feb 2011 16:20:06 +0100
-Subject: [PATCH] Fix security bug in 's getSkillname
-
----
- src/eve.cc | 3 ++-
- 1 files changed, 2 insertions(+), 1 deletions(-)
-
-diff --git a/src/eve.cc b/src/eve.cc
-index 187a5f4..29b8c45 100644
---- a/src/eve.c
-+++ b/src/eve.c
-@@ -285,7 +285,8 @@ static char *getSkillname(const char *file, int skillid)
-
- if (!file_exists(file)) {
- skilltree = getXmlFromAPI(NULL, NULL, NULL, EVEURL_SKILLTREE);
-- writeSkilltree(skilltree, file);
-+//2x file_exits() so that someone (malicious?) couldn't create it during during the previous call
-+ if (!file_exists(file)) writeSkilltree(skilltree, file);
- free(skilltree);
+--- src/eve.c 2011-02-12 13:26:34.636269667 +0100
++++ src/eve.c 2011-02-12 13:26:48.242936334 +0100
+@@ -254,19 +254,6 @@
}
+ }
+
+-static int file_exists(const char *filename)
+-{
+- struct stat fi;
+-
+- if ((stat(filename, &fi)) == 0) {
+- if (fi.st_size > 0)
+- return 1;
+- else
+- return 0;
+- } else
+- return 0;
+-}
+-
+ static void writeSkilltree(char *content, const char *filename)
+ {
+ FILE *fp = fopen(filename, "w");
+@@ -283,13 +270,12 @@
+ xmlDocPtr doc = 0;
+ xmlNodePtr root = 0;
+
+- if (!file_exists(file)) {
+- skilltree = getXmlFromAPI(NULL, NULL, NULL, EVEURL_SKILLTREE);
+- writeSkilltree(skilltree, file);
+- free(skilltree);
+- }
++ skilltree = getXmlFromAPI(NULL, NULL, NULL, EVEURL_SKILLTREE);
++ writeSkilltree(skilltree, file);
++ free(skilltree);
+
+ doc = xmlReadFile(file, NULL, 0);
++ unlink(file);
+ if (!doc)
+ return NULL;
+
+@@ -340,7 +326,7 @@
+ static char *eve(char *userid, char *apikey, char *charid)
+ {
+ Character *chr = NULL;
+- const char *skillfile = "/tmp/.cesf";
++ char skillfile[] = "/tmp/.cesfXXXXXX";
+ int i = 0;
+ char *output = 0;
+ char *timel = 0;
+@@ -348,6 +334,7 @@
+ char *content = 0;
+ time_t now = 0;
+ char *error = 0;
++ int tmp_fd, old_umask;
+
+
+ for (i = 0; i < MAXCHARS; i++) {
+@@ -400,6 +387,14 @@
+
+ output = (char *)malloc(200 * sizeof(char));
+ timel = formatTime(&chr->ends);
++ old_umask = umask(0066);
++ tmp_fd = mkstemp(skillfile);
++ umask(old_umask);
++ if (tmp_fd == -1) {
++ error = strdup("Cannot create temporary file");
++ return error;
++ }
++ close(tmp_fd);
+ skill = getSkillname(skillfile, chr->skill);
---
-1.7.0.4
-
+ chr->skillname = strdup(skill);