Updated patch security bug #354061.

Package-Manager: portage-2.1.9.35/cvs/Linux i686
author: Daniel Pielmeier <billie@gentoo.org> 2011-02-12 17:43:58 +0000
committer: Daniel Pielmeier <billie@gentoo.org> 2011-02-12 17:43:58 +0000
commit: 4d07962cbd2dbe7a8de9dc7e39589633785d816f (patch)
tree: e8808fb6b09ebe0803f722c911ba5d26fd0d0786 /app-admin
parent: alpha/ia64/sparc stable wrt #213318 (diff)
download: historical-4d07962cbd2dbe7a8de9dc7e39589633785d816f.tar.gz
historical-4d07962cbd2dbe7a8de9dc7e39589633785d816f.tar.bz2
historical-4d07962cbd2dbe7a8de9dc7e39589633785d816f.zip
5 files changed, 84 insertions, 40 deletions
diff --git a/app-admin/checkrestart/Manifest b/app-admin/checkrestart/Manifest
index fc6b3633878b..6c70bdd70558 100644
--- a/app-admin/checkrestart/Manifest
+++ b/app-admin/checkrestart/Manifest
@@ -1,14 +1,6 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
-
+AUX checkrestart-0.47-list-comprehension-fix.patch 366 RMD160 5087c95476626fdbb304afb282761bc04d156d46 SHA1 4f92fb01a64a0221a163c152c339c3da84d3755f SHA256 f2fc4a25c5da68010c09092b9120bc3a18cdda4950fa043707aa54bc5671aedb
 DIST checkrestart-0.47-sep.tar.bz2 5888 RMD160 11e07e9dfc3e38a9f983f1daaefdb477136a1a7b SHA1 64f8e95515e420e2810cc6019542a5fe698bac03 SHA256 e80c89b8e2b082c4e2050a45dbdd375c6ef68dd91bdb000ae701359d0d04558e
+EBUILD checkrestart-0.47-r1.ebuild 680 RMD160 17aa0e80d80af8c211b14485c4d02bd23ae2de1d SHA1 a5e01f081c6e38c4b9893ff667ecd8d9c7f71e48 SHA256 fd8700c9f457b2af43b0dddd0cbf96cf925b1263d1a754162ae12ae353e7c462
 EBUILD checkrestart-0.47.ebuild 579 RMD160 ab19c4d5e2b0f743e02095ffde6152b404e7e305 SHA1 209adca90e1b0a70f989fa637efaa5d80c3b1f69 SHA256 8cabf4d8fbd802e8af3c0034f2dcd92092eac2f1a21d287a396bbe72f388a937
-MISC ChangeLog 462 RMD160 02ba45598c980933b605ccddcea62d01fbfb1da2 SHA1 36ea9ab0f10c08ebe8ee5e7c1aefda005f1beef2 SHA256 24f340e451bb5acb07b9eb92c8956c20f78dc71c31c776ee343e5eb8386fbf0c
+MISC ChangeLog 714 RMD160 c177f54958f1504c291a22b1a1ed654d1e88c89b SHA1 6c5c01f202d6dbe200d4bb677465999da30ae74b SHA256 4ae4db78b372dd3dd16b4a1581f2f0f926d987b56723d14877481eaf64aae06d
 MISC metadata.xml 247 RMD160 ce510949efadc662a8bdf3f163ab8da65425031b SHA1 9e77d3a27a86999fbe9fd9c8098a6f487512cd89 SHA256 219ac51d48f3a246086b75c336a1be44caafec3dd2c86ba61a44caa6374778df
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.11 (GNU/Linux)
-
-iEYEARECAAYFAksXpJAACgkQkKaRLQcq0GJDoQCgmwGBibq0uh5EHWXZdCJF5iOH
-LqUAoK1GSExOqVb0Cm0G6H+7cb6KLDwb
-=JDOh
------END PGP SIGNATURE-----
diff --git a/app-admin/conky/ChangeLog b/app-admin/conky/ChangeLog
index a528ec7bfce4..2f766adae102 100644
--- a/app-admin/conky/ChangeLog
+++ b/app-admin/conky/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for app-admin/conky
 # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-admin/conky/ChangeLog,v 1.155 2011/02/12 16:21:03 xarthisius Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-admin/conky/ChangeLog,v 1.156 2011/02/12 17:43:58 billie Exp $
+
+*conky-1.8.1-r2 (12 Feb 2011)
+
+  12 Feb 2011; Daniel Pielmeier <billie@gentoo.org> -conky-1.8.1-r1.ebuild,
+  +conky-1.8.1-r2.ebuild, files/conky-1.8.1-secunia-SA43225.patch:
+  Updated patch security bug #354061.
 
   12 Feb 2011; Kacper Kowalik <xarthisius@gentoo.org> conky-1.8.1-r1.ebuild:
   Marked ~ppc wrt #326767
diff --git a/app-admin/conky/Manifest b/app-admin/conky/Manifest
index 7ad7c2657e51..651aad9bddde 100644
--- a/app-admin/conky/Manifest
+++ b/app-admin/conky/Manifest
@@ -2,12 +2,12 @@ AUX conky-1.8.0-audacious-2.3.patch 595 RMD160 5ce471fc07a8f8dfe85e0b74f5ffc18a7
 AUX conky-1.8.0-ncurses.patch 4359 RMD160 deb00ff8338881bf97a8ed26aeb6cdb3d53c0a07 SHA1 13dd57185c5ab8118cf2ca9c7e86222b9dc4e166 SHA256 9ac58ffcebe10447ac0255a5e7c569d1f22ddb3f6b1a1b8b0854e55d781c6f59
 AUX conky-1.8.1-acpitemp.patch 2415 RMD160 dcef233f8ba2ca192bfac3b16f0c671e1381fffe SHA1 d5000bfdddb134c4cd61e90e8bcc3bce5866c33c SHA256 57815044cd972139171b76e75267792821c783e03537eb6cf7ba8105c46cdf8d
 AUX conky-1.8.1-nvidia-x.patch 883 RMD160 f6e85e117ba5b895ba23db0d6e4160a0c0141c21 SHA1 1e3dc3f2a8e44d62e25ab2ab22726e0e91ecf666 SHA256 290ffdf4094167715bf11b86ee2cf73574a3af32ffb50fa09517d89c56bc0853
-AUX conky-1.8.1-secunia-SA43225.patch 790 RMD160 5859da1a78bf3c06cb83c07f7aeb51b85f8fc162 SHA1 b9d539b8e4170235c399de0a55136075323ccc58 SHA256 e88cc164b0d6972bbdbd1973f3327b1e4efab748ca7d4f32cf3a81fb716272c0
+AUX conky-1.8.1-secunia-SA43225.patch 1620 RMD160 3206a288819bc33048d9eee2444308b04b25fc1b SHA1 7c88144711911a6b38465311c7cf8cf6b0e6d45f SHA256 61c2d204796f51d0d51cd62e9a37a9f4f318e8fe8f955278ef86b64d5b2ff99f
 AUX conky-1.8.1-xmms2.patch 1190 RMD160 6ec093e08f55c198b5b2321acc7f3d1d7f74e267 SHA1 0e05fe363521145bde14eca99d3aebc28e258833 SHA256 1b64047f04239dbf24b3171fcd8d5c950e9f8aa6af5e94cd4836cd14c70e2bdc
 DIST conky-1.8.0.tar.bz2 610545 RMD160 5ea6accf73e1d41ebe8390722a53ae50e0c23df8 SHA1 eef214c2917ea5666d24f03128b12d00fa313b58 SHA256 badb3824a9655eee90281939df8bdb3ca95cf8bab03269b3b3775bfea2ed0a51
 DIST conky-1.8.1.tar.bz2 612481 RMD160 f3203131e2d8f3756eb29f5c5a9034b9c269fdc6 SHA1 9581419b1a53a8a7e37b0291cd4e55ab166d221a SHA256 f85a278f2869596b1fd68b6d26d58c93af8dcc39d5186bbcfd587d4c545e5e43
 EBUILD conky-1.8.0-r1.ebuild 3967 RMD160 2a7a6f187bf0c20b2d0f83796f3578ffea90714f SHA1 b4f01faaeb3b3046ed950997788b49c4fa51c5b0 SHA256 4bf134d29f37079b3b44c132856546c3ad74ae79f9d161b2a890253f9a8cc9e8
-EBUILD conky-1.8.1-r1.ebuild 3994 RMD160 3d38c6c3f7aa631764ac0a9e778de4f01a428705 SHA1 99e4ada06067c161c87afc439faf9c9ca97ece48 SHA256 cedcf85fe7a59c4d94b0e2d5dfc6df6cb89e3569334bdc9c6874d990f688c0cc
+EBUILD conky-1.8.1-r2.ebuild 3990 RMD160 e00ba0238f441ea9abe4877041ac830beec89f0e SHA1 8cb3767926cfa5b4dbab2245d73bd7ef38af0610 SHA256 9d9634f7ff46919bf36568e2436c9abc3f3c141ddb2d703cc96b98f904461f6f
 EBUILD conky-1.8.1.ebuild 3905 RMD160 f889427c9fc44f24e24583afb0121e9beee3c3a5 SHA1 8904b6068ab786a3756bac63ae55766c34b0d8d5 SHA256 c5798acb092e90c995c53d8d022efa3b3ecc4ff380971f0e00ab5277cc12e65b
-MISC ChangeLog 23762 RMD160 95d608f8d214f190b6f2d22f2a7df246c743ea0c SHA1 c8f1c8c4ab17f87c0080700af16b61bba52308c1 SHA256 0f6a1eabfc524313794bb0452fce6601cfbabfb48713601a2c52185e5856c1e3
+MISC ChangeLog 23971 RMD160 8c475ae28206f03e7ad57353c5dca400e7b061bc SHA1 db8661466cb9b9a87609332a2ac52d5871b6f516 SHA256 d7cee88fe5f697f297c45a9440aeef40b5338149c9f37696e4f47fd1db9d327a
 MISC metadata.xml 2154 RMD160 911d61ea1b3a10bf4c49fafba1b82b067ee0eee3 SHA1 dac481d15b6279f6d573cb8c76aa38267a9186d7 SHA256 a2ab7e0c213f854ed36387d6ca1702a77a77842d9d96d3b97351d48e0472d9f9
diff --git a/app-admin/conky/conky-1.8.1-r1.ebuild b/app-admin/conky/conky-1.8.1-r2.ebuild
index c83b99f8f668..ac05ea22a3d7 100644
--- a/app-admin/conky/conky-1.8.1-r1.ebuild
+++ b/app-admin/conky/conky-1.8.1-r2.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2011 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-admin/conky/conky-1.8.1-r1.ebuild,v 1.2 2011/02/12 16:21:03 xarthisius Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-admin/conky/conky-1.8.1-r2.ebuild,v 1.1 2011/02/12 17:43:58 billie Exp $
 
 EAPI=2
 
diff --git a/app-admin/conky/files/conky-1.8.1-secunia-SA43225.patch b/app-admin/conky/files/conky-1.8.1-secunia-SA43225.patch
index afa33211f872..81272bd3764a 100644
--- a/app-admin/conky/files/conky-1.8.1-secunia-SA43225.patch
+++ b/app-admin/conky/files/conky-1.8.1-secunia-SA43225.patch
@@ -1,26 +1,72 @@
-From ac4a3682aecb9d6466fea4aebb183b5f8f632905 Mon Sep 17 00:00:00 2001
-From: Nikolas Garofil <nikolas@garofil.be>
-Date: Thu, 10 Feb 2011 16:20:06 +0100
-Subject: [PATCH] Fix security bug in 's getSkillname
-
----
- src/eve.cc |    3 ++-
- 1 files changed, 2 insertions(+), 1 deletions(-)
-
-diff --git a/src/eve.cc b/src/eve.cc
-index 187a5f4..29b8c45 100644
---- a/src/eve.c
-+++ b/src/eve.c
-@@ -285,7 +285,8 @@ static char *getSkillname(const char *file, int skillid)
- 
- 	if (!file_exists(file)) {
- 		skilltree = getXmlFromAPI(NULL, NULL, NULL, EVEURL_SKILLTREE);
--		writeSkilltree(skilltree, file);
-+//2x file_exits() so that someone (malicious?) couldn't create it during during the previous call
-+		if (!file_exists(file)) writeSkilltree(skilltree, file);
- 		free(skilltree);
+--- src/eve.c	2011-02-12 13:26:34.636269667 +0100
++++ src/eve.c	2011-02-12 13:26:48.242936334 +0100
+@@ -254,19 +254,6 @@
  	}
+ }
+ 
+-static int file_exists(const char *filename)
+-{
+-	struct stat fi;
+-
+-	if ((stat(filename, &fi)) == 0) {
+-		if (fi.st_size > 0)
+-			return 1;
+-		else
+-			return 0;
+-	} else
+-		return 0;
+-}
+-
+ static void writeSkilltree(char *content, const char *filename)
+ {
+ 	FILE *fp = fopen(filename, "w");
+@@ -283,13 +270,12 @@
+ 	xmlDocPtr doc = 0;
+ 	xmlNodePtr root = 0;
+ 
+-	if (!file_exists(file)) {
+-		skilltree = getXmlFromAPI(NULL, NULL, NULL, EVEURL_SKILLTREE);
+-		writeSkilltree(skilltree, file);
+-		free(skilltree);
+-	}
++	skilltree = getXmlFromAPI(NULL, NULL, NULL, EVEURL_SKILLTREE);
++	writeSkilltree(skilltree, file);
++	free(skilltree);
+ 
+ 	doc = xmlReadFile(file, NULL, 0);
++	unlink(file);
+ 	if (!doc)
+ 		return NULL;
+ 
+@@ -340,7 +326,7 @@
+ static char *eve(char *userid, char *apikey, char *charid)
+ {
+ 	Character *chr = NULL;
+-	const char *skillfile = "/tmp/.cesf";
++	char skillfile[] = "/tmp/.cesfXXXXXX";
+ 	int i = 0;
+ 	char *output = 0;
+ 	char *timel = 0;
+@@ -348,6 +334,7 @@
+ 	char *content = 0;
+ 	time_t now = 0;
+ 	char *error = 0;
++	int tmp_fd, old_umask;
+ 
+ 
+ 	for (i = 0; i < MAXCHARS; i++) {
+@@ -400,6 +387,14 @@
+ 
+ 		output = (char *)malloc(200 * sizeof(char));
+ 		timel = formatTime(&chr->ends);
++		old_umask = umask(0066);
++		tmp_fd = mkstemp(skillfile);
++		umask(old_umask);
++		if (tmp_fd == -1) {
++			error = strdup("Cannot create temporary file");
++			return error;
++		}
++		close(tmp_fd);
+ 		skill = getSkillname(skillfile, chr->skill);
  
--- 
-1.7.0.4
-
+ 		chr->skillname = strdup(skill);
author	Daniel Pielmeier <billie@gentoo.org>	2011-02-12 17:43:58 +0000
committer	Daniel Pielmeier <billie@gentoo.org>	2011-02-12 17:43:58 +0000
commit	4d07962cbd2dbe7a8de9dc7e39589633785d816f (patch)
tree	e8808fb6b09ebe0803f722c911ba5d26fd0d0786 /app-admin
parent	alpha/ia64/sparc stable wrt #213318 (diff)
download	historical-4d07962cbd2dbe7a8de9dc7e39589633785d816f.tar.gz historical-4d07962cbd2dbe7a8de9dc7e39589633785d816f.tar.bz2 historical-4d07962cbd2dbe7a8de9dc7e39589633785d816f.zip