diff options
| author |   Robert Buchholz <rbu@gentoo.org> | 2008-09-13 19:08:38 +0000 |
|---|---|---|
| committer | Robert Buchholz <rbu@gentoo.org> | 2008-09-13 19:08:38 +0000 |
| commit | dca73d50217fee684b51dd3e365fdf3f899f7567 (patch) | |
| tree | 474ef499b8857b17e0b63f08579a894e78c0d612 /media-gfx/aview | |
| parent | Removed app-arch/sharutils from DEPEND as madwifi-ng builds fine without it, ... (diff) | |
| download | historical-dca73d50217fee684b51dd3e365fdf3f899f7567.tar.gz historical-dca73d50217fee684b51dd3e365fdf3f899f7567.tar.bz2 historical-dca73d50217fee684b51dd3e365fdf3f899f7567.zip | |
Fix insecure temporary file creation in asciiview (bug #235808)
Package-Manager: portage-2.2_rc8/cvs/Linux 2.6.27-rc6 x86_64
Diffstat (limited to 'media-gfx/aview')
| -rw-r--r-- | media-gfx/aview/ChangeLog | 12 | ||||
| -rw-r--r-- | media-gfx/aview/Manifest | 5 | ||||
| -rw-r--r-- | media-gfx/aview/aview-1.3.0_rc1-r1.ebuild | 37 | ||||
| -rw-r--r-- | media-gfx/aview/files/aview-1.3.0_rc1-includes.patch | 11 | ||||
| -rw-r--r-- | media-gfx/aview/files/aview-1.3.0_rc1-tmp_creation.patch | 46 |
5 files changed, 108 insertions, 3 deletions
diff --git a/media-gfx/aview/ChangeLog b/media-gfx/aview/ChangeLog index e8c747a2bd3c..161c8d010274 100644 --- a/media-gfx/aview/ChangeLog +++ b/media-gfx/aview/ChangeLog @@ -1,6 +1,14 @@ # ChangeLog for media-gfx/aview -# Copyright 2002-2007 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/media-gfx/aview/ChangeLog,v 1.10 2007/05/15 09:55:15 bangert Exp $ +# Copyright 2002-2008 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/media-gfx/aview/ChangeLog,v 1.11 2008/09/13 19:08:38 rbu Exp $ + +*aview-1.3.0_rc1-r1 (13 Sep 2008) + + 13 Sep 2008; Robert Buchholz <rbu@gentoo.org> + +files/aview-1.3.0_rc1-includes.patch, + +files/aview-1.3.0_rc1-tmp_creation.patch, +aview-1.3.0_rc1-r1.ebuild: + Non-maintainer bump: + Fix insecure temporary file creation in asciiview (bug #235808) 15 May 2007; Thilo Bangert <bangert@gentoo.org> metadata.xml: add <herd>no-herd</herd> diff --git a/media-gfx/aview/Manifest b/media-gfx/aview/Manifest index ca3a2d25595a..cfdcb722ec49 100644 --- a/media-gfx/aview/Manifest +++ b/media-gfx/aview/Manifest @@ -1,5 +1,8 @@ AUX aview-1.3.0_rc1-filename-spaces.patch 1393 RMD160 c1fbf423a2964b2f0b2fabd7c5d5e1ea07e56db0 SHA1 6e2da98efcd5d095ae99df672a58c01e1fcc1dd0 SHA256 f2db2767fdb8340c2284cc56f00dfabdc084aae5cc36048a8859f28bf42491a8 +AUX aview-1.3.0_rc1-includes.patch 281 RMD160 bdd0efc495af15a4d593dc75957fef50a93a98e0 SHA1 18eb5be7315a3234934d4c99d73e608dfed665e4 SHA256 f4f9def04b601ce2e987f3295187c2d4e139408e14424a19fce78d75c919cc5c +AUX aview-1.3.0_rc1-tmp_creation.patch 1142 RMD160 72661135c184fd117771a0dfdfbf16783ef4d3f6 SHA1 4b61e8dc10fdbea060ae9e602120d8719c08ec57 SHA256 3d7c40f5ba8369243953206c9e2718277ec5acd091b2898a9fdf45f091e8eb15 DIST aview-1.3.0rc1.tar.gz 54317 RMD160 f57808dfb9efc36af3b4107bfd48ae875d709cd0 SHA1 d757ff9f62e6ce4d926c03ae4f4096d9fcf353fc SHA256 42d61c4194e8b9b69a881fdde698c83cb27d7eda59e08b300e73aaa34474ec99 +EBUILD aview-1.3.0_rc1-r1.ebuild 802 RMD160 609cef1384747939c19e858853d7f8a8541ffafc SHA1 a30d367054cca5f707be388b566fb6d88537b925 SHA256 7eb52892093547e387bc1506ea819042bb5072d87a3c7b4cd7e0bbe34a081461 EBUILD aview-1.3.0_rc1.ebuild 730 RMD160 69d8a7d419441854e3896d1bcf4a3be32f734eb1 SHA1 316495c9ffc55973f55bdc4163684603f58c9818 SHA256 69a5b1fb660a70b0235f42504f1b868a388d621aa91ed5729e1551308e6f85e5 -MISC ChangeLog 1653 RMD160 67cec0080ea8c669b201d4bda9ab4cbc006fe16a SHA1 ba0d8859f31079978cdaa1f7da722c6308ab3af0 SHA256 8bfbf01b5c1aa1aeadd0599f06b965dcab72880c95755802ded3b0eec10bc8c2 +MISC ChangeLog 1936 RMD160 9ea16d4d7e01a4167fbae39f5abc10a29384e017 SHA1 cc35b50bf30797849a65eb7dd5c3d3cb927c6755 SHA256 ed97c8268b2bc4208f24a62e612b4dfc8467de1ab63fae0c5acc489728ff5731 MISC metadata.xml 231 RMD160 c13056229989c3d4f448a7c7abcff3f4ee7ce13c SHA1 2d63dfb700b223f8f37c078692a81b2237896bce SHA256 4595c2615fd7c9095517949b1a920d4457f92801eb9d46307b18aafe58ec2a8a diff --git a/media-gfx/aview/aview-1.3.0_rc1-r1.ebuild b/media-gfx/aview/aview-1.3.0_rc1-r1.ebuild new file mode 100644 index 000000000000..ce920e3a352a --- /dev/null +++ b/media-gfx/aview/aview-1.3.0_rc1-r1.ebuild @@ -0,0 +1,37 @@ +# Copyright 1999-2008 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/media-gfx/aview/aview-1.3.0_rc1-r1.ebuild,v 1.1 2008/09/13 19:08:38 rbu Exp $ + +inherit base + +MY_P=${P/_/} +S=${WORKDIR}/${MY_P/rc*/} +DESCRIPTION="An ASCII Image Viewer" +SRC_URI="mirror://sourceforge/aa-project/${MY_P}.tar.gz" +HOMEPAGE="http://aa-project.sourceforge.net/aview/" + +SLOT="0" +LICENSE="GPL-2" +KEYWORDS="~amd64 ~ppc ~x86" +IUSE="" + +DEPEND=">=media-libs/aalib-1.4_rc4" + +PATCHES=( + "${FILESDIR}"/${P}-filename-spaces.patch + "${FILESDIR}"/${P}-tmp_creation.patch + "${FILESDIR}"/${P}-includes.patch +) + +src_compile() { + econf || die + make aview || die +} + +src_install() { + into /usr + dobin aview asciiview + + doman *.1 + dodoc ANNOUNCE ChangeLog README TODO +} diff --git a/media-gfx/aview/files/aview-1.3.0_rc1-includes.patch b/media-gfx/aview/files/aview-1.3.0_rc1-includes.patch new file mode 100644 index 000000000000..3e5006b4c549 --- /dev/null +++ b/media-gfx/aview/files/aview-1.3.0_rc1-includes.patch @@ -0,0 +1,11 @@ +Index: aview-1.3.0/main.c +=================================================================== +--- aview-1.3.0.orig/main.c ++++ aview-1.3.0/main.c +@@ -1,4 +1,6 @@ + #include <aalib.h> ++#include <string.h> ++#include <stdlib.h> + #include "image.h" + #include "ui.h" + #include "config.h" diff --git a/media-gfx/aview/files/aview-1.3.0_rc1-tmp_creation.patch b/media-gfx/aview/files/aview-1.3.0_rc1-tmp_creation.patch new file mode 100644 index 000000000000..f792e8bfebbb --- /dev/null +++ b/media-gfx/aview/files/aview-1.3.0_rc1-tmp_creation.patch @@ -0,0 +1,46 @@ +Fix insecure temporary file creation, see: +https://bugs.gentoo.org/show_bug.cgi?id=235808 + +Index: aview-1.3.0/asciiview +=================================================================== +--- aview-1.3.0.orig/asciiview ++++ aview-1.3.0/asciiview +@@ -3,11 +3,11 @@ + clear() + { + kill $! 2>/dev/null +- rm -f /tmp/aview$$.pgm 2>/dev/null ++ rm -rf $tmpdir 2>/dev/null + } + myconvert() + { +- if anytopnm "$1" >/tmp/aview$$.pgm 2>/dev/null ; then ++ if anytopnm "$1" >"$2" 2>/dev/null ; then + exit + elif convert -colorspace gray "$1" pgm:- 2>/dev/null ; then + exit +@@ -56,8 +56,9 @@ while [ "$1" != "" ]; do + esac + done + trap clear 0 +-mkfifo /tmp/aview$$.pgm +-outfile=/tmp/aview$$.pgm ++tmpdir=`mktemp -t -d` ++outfile=$tmpdir/aview.pgm ++mkfifo $outfile + IFS=$(echo -e "\000") + echo $filenames | while read name; do + if test -r "$name" ; then +@@ -67,10 +68,10 @@ case "$name" in + aaflip $options "$name" + ;; + *) +- myconvert "$name" >/tmp/aview$$.pgm & ++ myconvert "$name" "$outfile" >"$outfile" & + pid=$! + PATH="$PATH:." +- aview $options /tmp/aview$$.pgm ++ aview $options $outfile + kill $pid 2>/dev/null + esac + else |