summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Gryniewicz <dang@gentoo.org>2009-02-24 17:25:43 +0000
committerDaniel Gryniewicz <dang@gentoo.org>2009-02-24 17:25:43 +0000
commita2039241b51453dd457005f2048004850d09c5f9 (patch)
tree6d89ad734694b7983d84581811d2940040319ddc /media-gfx/eog
parentRemove bashism in init.d file (diff)
downloadgentoo-2-a2039241b51453dd457005f2048004850d09c5f9.tar.gz
gentoo-2-a2039241b51453dd457005f2048004850d09c5f9.tar.bz2
gentoo-2-a2039241b51453dd457005f2048004850d09c5f9.zip
Sanitize python paths. Bug #257002
(Portage version: 2.1.6.7/cvs/Linux x86_64)
Diffstat (limited to 'media-gfx/eog')
-rw-r--r--media-gfx/eog/ChangeLog11
-rw-r--r--media-gfx/eog/eog-2.22.3-r3.ebuild (renamed from media-gfx/eog/eog-2.22.3-r2.ebuild)7
-rw-r--r--media-gfx/eog/files/eog-2.22.3-CVE-2008-5987.patch12
3 files changed, 27 insertions, 3 deletions
diff --git a/media-gfx/eog/ChangeLog b/media-gfx/eog/ChangeLog
index 3f17e223bb6c..c53583de7092 100644
--- a/media-gfx/eog/ChangeLog
+++ b/media-gfx/eog/ChangeLog
@@ -1,6 +1,15 @@
# ChangeLog for media-gfx/eog
# Copyright 2002-2009 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/media-gfx/eog/ChangeLog,v 1.226 2009/02/23 19:58:36 josejx Exp $
+# $Header: /var/cvsroot/gentoo-x86/media-gfx/eog/ChangeLog,v 1.227 2009/02/24 17:25:43 dang Exp $
+
+*eog-2.22.3-r3 (24 Feb 2009)
+
+ 24 Feb 2009; Daniel Gryniewicz <dang@gentoo.org>
+ +files/eog-2.22.3-CVE-2008-5987.patch, -eog-2.22.3-r2.ebuild,
+ +eog-2.22.3-r3.ebuild:
+ Bump to eog-2.22.3-r3
+
+ - Sanitize python paths. Bug #257002
23 Feb 2009; Joseph Jezak <josejx@gentoo.org> eog-2.24.3.1.ebuild:
Marked ~ppc/~ppc64 for bug #242812.
diff --git a/media-gfx/eog/eog-2.22.3-r2.ebuild b/media-gfx/eog/eog-2.22.3-r3.ebuild
index 057e564c0b36..679b26a96272 100644
--- a/media-gfx/eog/eog-2.22.3-r2.ebuild
+++ b/media-gfx/eog/eog-2.22.3-r3.ebuild
@@ -1,6 +1,6 @@
-# Copyright 1999-2008 Gentoo Foundation
+# Copyright 1999-2009 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/media-gfx/eog/eog-2.22.3-r2.ebuild,v 1.1 2008/10/11 23:35:20 eva Exp $
+# $Header: /var/cvsroot/gentoo-x86/media-gfx/eog/eog-2.22.3-r3.ebuild,v 1.1 2009/02/24 17:25:43 dang Exp $
inherit eutils gnome2
@@ -59,6 +59,9 @@ src_unpack() {
# Don't fail on unrecognized chunks, bug #237835
epatch "${FILESDIR}/${P}-unrecognized-chunks.patch"
+
+ # Sanitize python paths. bug #257002
+ epatch "${FILESDIR}"/${P}-CVE-2008-5987.patch
}
pkg_postinst() {
diff --git a/media-gfx/eog/files/eog-2.22.3-CVE-2008-5987.patch b/media-gfx/eog/files/eog-2.22.3-CVE-2008-5987.patch
new file mode 100644
index 000000000000..8de379384b36
--- /dev/null
+++ b/media-gfx/eog/files/eog-2.22.3-CVE-2008-5987.patch
@@ -0,0 +1,12 @@
+--- a/src/eog-python-module.c
++++ b/src/eog-python-module.c
+@@ -388,6 +388,9 @@
+
+ PySys_SetArgv (1, argv);
+
++ /* Sanitize sys.path */
++ PyRun_SimpleString("import sys; sys.path = filter(None, sys.path)");
++
+ if (!check_pygtk2 ()) {
+ /* Warning message already printed in check_pygtk2 */
+ goto python_init_error;