fix information disclosure bug #289047

(Portage version: 2.2_rc42/cvs/Linux i686)

3 files changed, 41 insertions, 4 deletions

diff --git a/app-backup/backintime/ChangeLog b/app-backup/backintime/ChangeLog
index ecc914538e1d..f9db49a6655b 100644
--- a/app-backup/backintime/ChangeLog
+++ b/app-backup/backintime/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for app-backup/backintime
 # Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-backup/backintime/ChangeLog,v 1.1 2009/10/14 13:28:10 bangert Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-backup/backintime/ChangeLog,v 1.2 2009/10/14 18:20:30 bangert Exp $
+
+*backintime-0.9.26-r1 (14 Oct 2009)
+
+  14 Oct 2009; Thilo Bangert <bangert@gentoo.org> -backintime-0.9.26.ebuild,
+  +backintime-0.9.26-r1.ebuild,
+  +files/backintime-0.9.26-information-disclosure.diff:
+  fix information disclosure bug #289047
 
 *backintime-0.9.26 (14 Oct 2009)
 
diff --git a/app-backup/backintime/backintime-0.9.26.ebuild b/app-backup/backintime/backintime-0.9.26-r1.ebuild
index 8889c844a063..9da1d135c412 100644
--- a/app-backup/backintime/backintime-0.9.26.ebuild
+++ b/app-backup/backintime/backintime-0.9.26-r1.ebuild
@@ -1,11 +1,12 @@
 # Copyright 1999-2009 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-backup/backintime/backintime-0.9.26.ebuild,v 1.1 2009/10/14 13:28:10 bangert Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-backup/backintime/backintime-0.9.26-r1.ebuild,v 1.1 2009/10/14 18:20:30 bangert Exp $
 
 EAPI="2"
 
-DESCRIPTION="A simple backup system inspired by TimeVault and FlyBack, with a
-GUI for GNOME and KDE4"
+inherit eutils
+
+DESCRIPTION="A simple backup system inspired by TimeVault and FlyBack, with a GUI for GNOME and KDE4"
 HOMEPAGE="http://backintime.le-web.org/"
 SRC_URI="http://backintime.le-web.org/download/backintime/${P}_src.tar.gz"
 
@@ -28,6 +29,10 @@ DEPEND="dev-lang/python
 
 RDEPEND="${DEPEND}"
 
+src_prepare() {
+	epatch "${FILESDIR}"/backintime-0.9.26-information-disclosure.diff
+}
+
 src_configure() {
 	cd "${S}"/common
 	econf
diff --git a/app-backup/backintime/files/backintime-0.9.26-information-disclosure.diff b/app-backup/backintime/files/backintime-0.9.26-information-disclosure.diff
new file mode 100644
index 000000000000..2e79d94cb0ab
--- /dev/null
+++ b/app-backup/backintime/files/backintime-0.9.26-information-disclosure.diff
@@ -0,0 +1,25 @@
+Patch for bug 289047, taken from Fedora's backintime-0.9.26-3.fc10.src.rpm.
+
+diff -Naur backintime-0.9.26.orig/common/snapshots.py backintime-0.9.26/common/snapshots.py
+--- backintime-0.9.26.orig/common/snapshots.py	2009-05-18 10:24:21.000000000 +0200
++++ backintime-0.9.26/common/snapshots.py	2009-09-02 21:17:30.000000000 +0200
+@@ -314,7 +314,7 @@
+ 			return
+ 
+ 		path = self.get_snapshot_path( snapshot_id )
+-		cmd = "chmod -R a+rwx \"%s\"" %  path
++		cmd = "find \"%s\" -type d -exec chmod u+wx {} \\;" % path
+ 		self._execute( cmd )
+ 		cmd = "rm -rfv \"%s\"" % path
+ 		self._execute( cmd )
+@@ -574,8 +574,8 @@
+ 		new_snapshot_path = self.get_snapshot_path( new_snapshot_id )
+ 
+ 		if os.path.exists( new_snapshot_path ):
+-			#self._execute( "find \"%s\" -type d -exec chmod +w {} \;" % new_snapshot_path )
+-			self._execute( "chmod -R a+rwx \"%s\"" %  new_snapshot_path )
++			self._execute( "find \"%s\" -type d -exec chmod u+wx {} \\;" % new_snapshot_path )
++			#self._execute( "chmod -R a+rwx \"%s\"" %  new_snapshot_path )
+ 			self._execute( "rm -rf \"%s\"" % new_snapshot_path )
+ 		
+ 			if os.path.exists( new_snapshot_path ):