diff options
| author |   Michael Palimaka <kensington@gentoo.org> | 2013-04-08 15:12:38 +0000 |
|---|---|---|
| committer | Michael Palimaka <kensington@gentoo.org> | 2013-04-08 15:12:38 +0000 |
| commit | 1aeeac205fbdf7b315f0a206727b2c0a09a11048 (patch) | |
| tree | cb15cbb24dc86db5b5dc1050c2470c76d80f9aa8 /net-news | |
| parent | Improve description. (diff) | |
| download | gentoo-2-1aeeac205fbdf7b315f0a206727b2c0a09a11048.tar.gz gentoo-2-1aeeac205fbdf7b315f0a206727b2c0a09a11048.tar.bz2 gentoo-2-1aeeac205fbdf7b315f0a206727b2c0a09a11048.zip | |
Improve patch for CVE 2007-5837 wrt bug #378413.
(Portage version: 2.1.11.60/cvs/Linux x86_64, signed Manifest commit with key 675D0D2C)
Diffstat (limited to 'net-news')
| -rw-r--r-- | net-news/yarssr/ChangeLog | 11 | ||||
| -rw-r--r-- | net-news/yarssr/files/yarssr-0.2.2-cve-2007-5837.patch | 23 | ||||
| -rw-r--r-- | net-news/yarssr/yarssr-0.2.2-r2.ebuild | 30 |
3 files changed, 61 insertions, 3 deletions
diff --git a/net-news/yarssr/ChangeLog b/net-news/yarssr/ChangeLog index 7fd1a297f8f8..695764681004 100644 --- a/net-news/yarssr/ChangeLog +++ b/net-news/yarssr/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for net-news/yarssr -# Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-news/yarssr/ChangeLog,v 1.6 2008/10/27 05:27:48 tove Exp $ +# Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/net-news/yarssr/ChangeLog,v 1.7 2013/04/08 15:12:38 kensington Exp $ + +*yarssr-0.2.2-r2 (08 Apr 2013) + + 08 Apr 2013; Michael Palimaka <kensington@gentoo.org> + +files/yarssr-0.2.2-cve-2007-5837.patch, +yarssr-0.2.2-r2.ebuild: + Improve patch for CVE 2007-5837 wrt bug #378413. *yarssr-0.2.2-r1 (04 Nov 2007) @@ -24,4 +30,3 @@ 25 Oct 2006; Steve Dibb <beandog@gentoo.org> +files/yarssr-0.2.2-makefile.patch, +metadata.xml, +yarssr-0.2.2.ebuild: Initial import, see bug 74644 - diff --git a/net-news/yarssr/files/yarssr-0.2.2-cve-2007-5837.patch b/net-news/yarssr/files/yarssr-0.2.2-cve-2007-5837.patch new file mode 100644 index 000000000000..a73289d98d66 --- /dev/null +++ b/net-news/yarssr/files/yarssr-0.2.2-cve-2007-5837.patch @@ -0,0 +1,23 @@ +Improved patch to fix CVE 2007-5837 - remote code injection. +See Gentoo bug #197660 and #378413. + +--- yarssr-0.2.2/lib/Yarssr/GUI.pm ++++ yarssr-0.2.2/lib/Yarssr/GUI.pm +@@ -163,8 +163,15 @@ + } + else { + my $b = Yarssr::Config->get_browser; +- $b .= " \"$url\"" unless $b =~ s/\%s/"$url"/; +- exec($b) or warn "unable to launch browser\n"; ++ my @b = split(' ', Yarssr::Config->get_browser); ++ if (grep(/\%s/, @b)) ++ { ++ map {grep(s/\%s/$url/, $_) => $_} @b; ++ } ++ else { ++ push(@b, $url); ++ } ++ exec(@b) or warn "unable to launch browser\n"; + exit; + } + } diff --git a/net-news/yarssr/yarssr-0.2.2-r2.ebuild b/net-news/yarssr/yarssr-0.2.2-r2.ebuild new file mode 100644 index 000000000000..5349c6c266f9 --- /dev/null +++ b/net-news/yarssr/yarssr-0.2.2-r2.ebuild @@ -0,0 +1,30 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-news/yarssr/yarssr-0.2.2-r2.ebuild,v 1.1 2013/04/08 15:12:38 kensington Exp $ + +EAPI=5 + +inherit eutils + +DESCRIPTION="Yet Another RSS Reader - A KDE/Gnome system tray rss aggregator" +HOMEPAGE="http://yarssr.sourceforge.net/" +SRC_URI="mirror://sourceforge/${PN}/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~ppc ~x86" +IUSE="" + +RDEPEND="dev-perl/Locale-gettext + dev-perl/XML-RSS + dev-perl/gtk2-trayicon + dev-perl/gtk2-gladexml + dev-perl/gnome2-vfs-perl + >=dev-perl/gnome2-perl-0.94" + +DOCS=( ChangeLog TODO README ) + +src_prepare() { + epatch "${FILESDIR}"/${P}-makefile.patch + epatch "${FILESDIR}"/${P}-cve-2007-5837.patch +} |