diff options
| author |   Robert Buchholz <rbu@gentoo.org> | 2008-09-13 19:08:38 +0000 |
|---|---|---|
| committer | Robert Buchholz <rbu@gentoo.org> | 2008-09-13 19:08:38 +0000 |
| commit | 970afa945289b5f59a7cfd574afb939a3120b853 (patch) | |
| tree | 71bebe0543e69a37a23160210c0e2f5e270761ae /media-gfx/aview | |
| parent | Removed app-arch/sharutils from DEPEND as madwifi-ng builds fine without it, ... (diff) | |
| download | gentoo-2-970afa945289b5f59a7cfd574afb939a3120b853.tar.gz gentoo-2-970afa945289b5f59a7cfd574afb939a3120b853.tar.bz2 gentoo-2-970afa945289b5f59a7cfd574afb939a3120b853.zip | |
Fix insecure temporary file creation in asciiview (bug #235808)
(Portage version: 2.2_rc8/cvs/Linux 2.6.27-rc6 x86_64)
Diffstat (limited to 'media-gfx/aview')
| -rw-r--r-- | media-gfx/aview/ChangeLog | 12 | ||||
| -rw-r--r-- | media-gfx/aview/aview-1.3.0_rc1-r1.ebuild | 37 | ||||
| -rw-r--r-- | media-gfx/aview/files/aview-1.3.0_rc1-includes.patch | 11 | ||||
| -rw-r--r-- | media-gfx/aview/files/aview-1.3.0_rc1-tmp_creation.patch | 46 |
4 files changed, 104 insertions, 2 deletions
diff --git a/media-gfx/aview/ChangeLog b/media-gfx/aview/ChangeLog index e8c747a2bd3c..161c8d010274 100644 --- a/media-gfx/aview/ChangeLog +++ b/media-gfx/aview/ChangeLog @@ -1,6 +1,14 @@ # ChangeLog for media-gfx/aview -# Copyright 2002-2007 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/media-gfx/aview/ChangeLog,v 1.10 2007/05/15 09:55:15 bangert Exp $ +# Copyright 2002-2008 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/media-gfx/aview/ChangeLog,v 1.11 2008/09/13 19:08:38 rbu Exp $ + +*aview-1.3.0_rc1-r1 (13 Sep 2008) + + 13 Sep 2008; Robert Buchholz <rbu@gentoo.org> + +files/aview-1.3.0_rc1-includes.patch, + +files/aview-1.3.0_rc1-tmp_creation.patch, +aview-1.3.0_rc1-r1.ebuild: + Non-maintainer bump: + Fix insecure temporary file creation in asciiview (bug #235808) 15 May 2007; Thilo Bangert <bangert@gentoo.org> metadata.xml: add <herd>no-herd</herd> diff --git a/media-gfx/aview/aview-1.3.0_rc1-r1.ebuild b/media-gfx/aview/aview-1.3.0_rc1-r1.ebuild new file mode 100644 index 000000000000..ce920e3a352a --- /dev/null +++ b/media-gfx/aview/aview-1.3.0_rc1-r1.ebuild @@ -0,0 +1,37 @@ +# Copyright 1999-2008 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/media-gfx/aview/aview-1.3.0_rc1-r1.ebuild,v 1.1 2008/09/13 19:08:38 rbu Exp $ + +inherit base + +MY_P=${P/_/} +S=${WORKDIR}/${MY_P/rc*/} +DESCRIPTION="An ASCII Image Viewer" +SRC_URI="mirror://sourceforge/aa-project/${MY_P}.tar.gz" +HOMEPAGE="http://aa-project.sourceforge.net/aview/" + +SLOT="0" +LICENSE="GPL-2" +KEYWORDS="~amd64 ~ppc ~x86" +IUSE="" + +DEPEND=">=media-libs/aalib-1.4_rc4" + +PATCHES=( + "${FILESDIR}"/${P}-filename-spaces.patch + "${FILESDIR}"/${P}-tmp_creation.patch + "${FILESDIR}"/${P}-includes.patch +) + +src_compile() { + econf || die + make aview || die +} + +src_install() { + into /usr + dobin aview asciiview + + doman *.1 + dodoc ANNOUNCE ChangeLog README TODO +} diff --git a/media-gfx/aview/files/aview-1.3.0_rc1-includes.patch b/media-gfx/aview/files/aview-1.3.0_rc1-includes.patch new file mode 100644 index 000000000000..3e5006b4c549 --- /dev/null +++ b/media-gfx/aview/files/aview-1.3.0_rc1-includes.patch @@ -0,0 +1,11 @@ +Index: aview-1.3.0/main.c +=================================================================== +--- aview-1.3.0.orig/main.c ++++ aview-1.3.0/main.c +@@ -1,4 +1,6 @@ + #include <aalib.h> ++#include <string.h> ++#include <stdlib.h> + #include "image.h" + #include "ui.h" + #include "config.h" diff --git a/media-gfx/aview/files/aview-1.3.0_rc1-tmp_creation.patch b/media-gfx/aview/files/aview-1.3.0_rc1-tmp_creation.patch new file mode 100644 index 000000000000..f792e8bfebbb --- /dev/null +++ b/media-gfx/aview/files/aview-1.3.0_rc1-tmp_creation.patch @@ -0,0 +1,46 @@ +Fix insecure temporary file creation, see: +https://bugs.gentoo.org/show_bug.cgi?id=235808 + +Index: aview-1.3.0/asciiview +=================================================================== +--- aview-1.3.0.orig/asciiview ++++ aview-1.3.0/asciiview +@@ -3,11 +3,11 @@ + clear() + { + kill $! 2>/dev/null +- rm -f /tmp/aview$$.pgm 2>/dev/null ++ rm -rf $tmpdir 2>/dev/null + } + myconvert() + { +- if anytopnm "$1" >/tmp/aview$$.pgm 2>/dev/null ; then ++ if anytopnm "$1" >"$2" 2>/dev/null ; then + exit + elif convert -colorspace gray "$1" pgm:- 2>/dev/null ; then + exit +@@ -56,8 +56,9 @@ while [ "$1" != "" ]; do + esac + done + trap clear 0 +-mkfifo /tmp/aview$$.pgm +-outfile=/tmp/aview$$.pgm ++tmpdir=`mktemp -t -d` ++outfile=$tmpdir/aview.pgm ++mkfifo $outfile + IFS=$(echo -e "\000") + echo $filenames | while read name; do + if test -r "$name" ; then +@@ -67,10 +68,10 @@ case "$name" in + aaflip $options "$name" + ;; + *) +- myconvert "$name" >/tmp/aview$$.pgm & ++ myconvert "$name" "$outfile" >"$outfile" & + pid=$! + PATH="$PATH:." +- aview $options /tmp/aview$$.pgm ++ aview $options $outfile + kill $pid 2>/dev/null + esac + else |