diff options
author | Jeroen Roovers <jer@gentoo.org> | 2012-02-20 12:07:48 +0000 |
---|---|---|
committer | Jeroen Roovers <jer@gentoo.org> | 2012-02-20 12:07:48 +0000 |
commit | a14a24da3b1f925869dbcb8482a1d6896dd36190 (patch) | |
tree | dec1788cc579ae936d8f32b1c70f398aa8a07e6d | |
parent | old (diff) | |
download | gentoo-2-a14a24da3b1f925869dbcb8482a1d6896dd36190.tar.gz gentoo-2-a14a24da3b1f925869dbcb8482a1d6896dd36190.tar.bz2 gentoo-2-a14a24da3b1f925869dbcb8482a1d6896dd36190.zip |
Fix insecure file permissions (bug #404983).
(Portage version: 2.2.0_alpha87/cvs/Linux x86_64)
-rw-r--r-- | www-client/surf/ChangeLog | 10 | ||||
-rw-r--r-- | www-client/surf/files/CVE-2012-0842.patch | 19 | ||||
-rw-r--r-- | www-client/surf/surf-0.4.1-r1.ebuild (renamed from www-client/surf/surf-0.4.1.ebuild) | 14 |
3 files changed, 33 insertions, 10 deletions
diff --git a/www-client/surf/ChangeLog b/www-client/surf/ChangeLog index 4a8a944641fa..997e64599614 100644 --- a/www-client/surf/ChangeLog +++ b/www-client/surf/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for www-client/surf -# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/www-client/surf/ChangeLog,v 1.14 2011/08/09 18:51:08 jer Exp $ +# Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/www-client/surf/ChangeLog,v 1.15 2012/02/20 12:07:48 jer Exp $ + +*surf-0.4.1-r1 (20 Feb 2012) + + 20 Feb 2012; Jeroen Roovers <jer@gentoo.org> -surf-0.4.1.ebuild, + +surf-0.4.1-r1.ebuild, +files/CVE-2012-0842.patch: + Fix insecure file permissions (bug #404983). 09 Aug 2011; Jeroen Roovers <jer@gentoo.org> surf-0.4.1.ebuild: Add more/better dependencies. diff --git a/www-client/surf/files/CVE-2012-0842.patch b/www-client/surf/files/CVE-2012-0842.patch new file mode 100644 index 000000000000..79701cb423d8 --- /dev/null +++ b/www-client/surf/files/CVE-2012-0842.patch @@ -0,0 +1,19 @@ +Description: Fix for world readable cookie jar vulnerability + This is the patch provided by upstream to fix the world readable + cookie jar vulnerability filed as http://bugs.debian.org/659296. + Thanks to Peter Hartman from the upstream for quick patch. +Author: Peter Hartman <peterjohnhartman@gmail.com> +Last-Update: 2012-02-10 +Bug-Debian: http://bugs.debian.org/659296 +Forwarded: http://lists.suckless.org/dev/1202/10972.html +--- a/surf.c Wed Feb 01 15:23:39 2012 +0100 ++++ b/surf.c Fri Feb 10 11:46:18 2012 -0500 +@@ -127,7 +127,7 @@ + apath = g_strconcat(g_get_home_dir(), "/", path, NULL); + if((p = strrchr(apath, '/'))) { + *p = '\0'; +- g_mkdir_with_parents(apath, 0755); ++ g_mkdir_with_parents(apath, 0700); + *p = '/'; + } + /* creating file (gives error when apath ends with "/") */ diff --git a/www-client/surf/surf-0.4.1.ebuild b/www-client/surf/surf-0.4.1-r1.ebuild index fc37c4505f92..ff36b2e207ba 100644 --- a/www-client/surf/surf-0.4.1.ebuild +++ b/www-client/surf/surf-0.4.1-r1.ebuild @@ -1,8 +1,8 @@ -# Copyright 1999-2011 Gentoo Foundation +# Copyright 1999-2012 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/www-client/surf/surf-0.4.1.ebuild,v 1.7 2011/08/09 18:51:08 jer Exp $ +# $Header: /var/cvsroot/gentoo-x86/www-client/surf/surf-0.4.1-r1.ebuild,v 1.1 2012/02/20 12:07:48 jer Exp $ -EAPI="2" +EAPI=4 inherit eutils savedconfig toolchain-funcs @@ -39,6 +39,7 @@ pkg_setup() { } src_prepare() { + epatch "${FILESDIR}"/CVE-2012-0842.patch sed -i \ -e 's|{|(|g;s|}|)|g' \ -e 's|\t@|\t|g;s|echo|@&|g' \ @@ -48,13 +49,10 @@ src_prepare() { -e 's|^CFLAGS.*|CFLAGS += -std=c99 -pedantic -Wall $(INCS) $(CPPFLAGS)|g' \ config.mk Makefile || die "sed failed" restore_config config.h -} - -src_compile() { - emake CC=$(tc-getCC) || die "emake compile failed" + tc-export CC } src_install() { - emake DESTDIR="${D}" PREFIX="/usr" install || die "emake install failed" + emake DESTDIR="${D}" PREFIX="/usr" install save_config config.h } |