diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2011-10-17 19:33:14 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2011-10-17 19:33:14 +0000 |
commit | 88e633357b740fd805059e7902277ef67ec39ebc (patch) | |
tree | 85c1c86c935048d69af79c9f8a20194a2370dfa2 | |
parent | 0197c4c3d23966bc4b7c2f7a2e9a351c8b0b2e72 (diff) | |
download | alpine_aports-88e633357b740fd805059e7902277ef67ec39ebc.tar.bz2 alpine_aports-88e633357b740fd805059e7902277ef67ec39ebc.tar.xz alpine_aports-88e633357b740fd805059e7902277ef67ec39ebc.zip |
main/conky: security fix CVE-2011-3616
ref #767
-rw-r--r-- | main/conky/APKBUILD | 26 | ||||
-rw-r--r-- | main/conky/conky-1.8.1-curl-headers.patch | 24 | ||||
-rw-r--r-- | main/conky/conky-1.8.1-secunia-SA43225.patch | 72 |
3 files changed, 116 insertions, 6 deletions
diff --git a/main/conky/APKBUILD b/main/conky/APKBUILD index 0ff7ecf0d3..a392ae680d 100644 --- a/main/conky/APKBUILD +++ b/main/conky/APKBUILD | |||
@@ -1,7 +1,7 @@ | |||
1 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> | 1 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> |
2 | pkgname=conky | 2 | pkgname=conky |
3 | pkgver=1.8.1 | 3 | pkgver=1.8.1 |
4 | pkgrel=1 | 4 | pkgrel=2 |
5 | pkgdesc="An advanced, highly configurable system monitor for X based on torsmo" | 5 | pkgdesc="An advanced, highly configurable system monitor for X based on torsmo" |
6 | url="http://conky.sourceforge.net/" | 6 | url="http://conky.sourceforge.net/" |
7 | arch="all" | 7 | arch="all" |
@@ -12,12 +12,23 @@ makedepends="pkgconfig alsa-lib-dev libxml2-dev curl-dev wireless-tools-dev | |||
12 | cairo-dev tolua++ ncurses-dev | 12 | cairo-dev tolua++ ncurses-dev |
13 | " | 13 | " |
14 | subpackages="$pkgname-doc $pkgname-dev" | 14 | subpackages="$pkgname-doc $pkgname-dev" |
15 | source="http://downloads.sourceforge.net/project/conky/conky/$pkgver/conky-$pkgver.tar.bz2" | 15 | source="http://downloads.sourceforge.net/project/conky/conky/$pkgver/conky-$pkgver.tar.bz2 |
16 | conky-1.8.1-curl-headers.patch | ||
17 | conky-1.8.1-secunia-SA43225.patch" | ||
16 | 18 | ||
17 | _builddir="$srcdir"/$pkgname-$pkgver | 19 | _builddir="$srcdir"/$pkgname-$pkgver |
18 | build () | 20 | prepare() { |
19 | { | 21 | cd "$_builddir" |
20 | cd "$srcdir/$pkgname-$pkgver" | 22 | local i |
23 | for i in $source; do | ||
24 | case $i in | ||
25 | *.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;; | ||
26 | esac | ||
27 | done | ||
28 | } | ||
29 | |||
30 | build() { | ||
31 | cd "$_builddir" | ||
21 | ./configure --prefix=/usr \ | 32 | ./configure --prefix=/usr \ |
22 | --sysconfdir=/etc \ | 33 | --sysconfdir=/etc \ |
23 | --enable-wlan \ | 34 | --enable-wlan \ |
@@ -35,6 +46,9 @@ package() { | |||
35 | cd "$_builddir" | 46 | cd "$_builddir" |
36 | make DESTDIR="$pkgdir" install || return 1 | 47 | make DESTDIR="$pkgdir" install || return 1 |
37 | install -D -m644 COPYING $pkgdir/usr/share/licenses/$pkgname/LICENSE | 48 | install -D -m644 COPYING $pkgdir/usr/share/licenses/$pkgname/LICENSE |
49 | rm "$pkgdir"/usr/lib/conky/*.la | ||
38 | } | 50 | } |
39 | 51 | ||
40 | md5sums="366dc6a5c2ebebfbe6f53da25061b5d6 conky-1.8.1.tar.bz2" | 52 | md5sums="366dc6a5c2ebebfbe6f53da25061b5d6 conky-1.8.1.tar.bz2 |
53 | 94e415b1189be5fb6d6ff5117c8df06e conky-1.8.1-curl-headers.patch | ||
54 | e00e00b1e4dd77536f8caed7a2b851c1 conky-1.8.1-secunia-SA43225.patch" | ||
diff --git a/main/conky/conky-1.8.1-curl-headers.patch b/main/conky/conky-1.8.1-curl-headers.patch new file mode 100644 index 0000000000..5de2de14e6 --- /dev/null +++ b/main/conky/conky-1.8.1-curl-headers.patch | |||
@@ -0,0 +1,24 @@ | |||
1 | diff --git a/src/ccurl_thread.c b/src/ccurl_thread.c | ||
2 | index 10e73a6..9bea299 100644 | ||
3 | --- a/src/ccurl_thread.c | ||
4 | +++ b/src/ccurl_thread.c | ||
5 | @@ -33,7 +33,6 @@ | ||
6 | #endif /* DEBUG */ | ||
7 | |||
8 | #include <curl/curl.h> | ||
9 | -#include <curl/types.h> | ||
10 | #include <curl/easy.h> | ||
11 | |||
12 | /* | ||
13 | diff --git a/src/eve.c b/src/eve.c | ||
14 | index dc07264..f62a5f6 100644 | ||
15 | --- a/src/eve.c | ||
16 | +++ b/src/eve.c | ||
17 | @@ -37,7 +37,6 @@ | ||
18 | #include <libxml/xmlwriter.h> | ||
19 | |||
20 | #include <curl/curl.h> | ||
21 | -#include <curl/types.h> | ||
22 | #include <curl/easy.h> | ||
23 | |||
24 | #include <time.h> | ||
diff --git a/main/conky/conky-1.8.1-secunia-SA43225.patch b/main/conky/conky-1.8.1-secunia-SA43225.patch new file mode 100644 index 0000000000..cac4b2c08b --- /dev/null +++ b/main/conky/conky-1.8.1-secunia-SA43225.patch | |||
@@ -0,0 +1,72 @@ | |||
1 | --- ./src/eve.c 2011-02-12 13:26:34.636269667 +0100 | ||
2 | +++ ./src/eve.c 2011-02-12 13:26:48.242936334 +0100 | ||
3 | @@ -254,19 +254,6 @@ | ||
4 | } | ||
5 | } | ||
6 | |||
7 | -static int file_exists(const char *filename) | ||
8 | -{ | ||
9 | - struct stat fi; | ||
10 | - | ||
11 | - if ((stat(filename, &fi)) == 0) { | ||
12 | - if (fi.st_size > 0) | ||
13 | - return 1; | ||
14 | - else | ||
15 | - return 0; | ||
16 | - } else | ||
17 | - return 0; | ||
18 | -} | ||
19 | - | ||
20 | static void writeSkilltree(char *content, const char *filename) | ||
21 | { | ||
22 | FILE *fp = fopen(filename, "w"); | ||
23 | @@ -283,13 +270,12 @@ | ||
24 | xmlDocPtr doc = 0; | ||
25 | xmlNodePtr root = 0; | ||
26 | |||
27 | - if (!file_exists(file)) { | ||
28 | - skilltree = getXmlFromAPI(NULL, NULL, NULL, EVEURL_SKILLTREE); | ||
29 | - writeSkilltree(skilltree, file); | ||
30 | - free(skilltree); | ||
31 | - } | ||
32 | + skilltree = getXmlFromAPI(NULL, NULL, NULL, EVEURL_SKILLTREE); | ||
33 | + writeSkilltree(skilltree, file); | ||
34 | + free(skilltree); | ||
35 | |||
36 | doc = xmlReadFile(file, NULL, 0); | ||
37 | + unlink(file); | ||
38 | if (!doc) | ||
39 | return NULL; | ||
40 | |||
41 | @@ -340,7 +326,7 @@ | ||
42 | static char *eve(char *userid, char *apikey, char *charid) | ||
43 | { | ||
44 | Character *chr = NULL; | ||
45 | - const char *skillfile = "/tmp/.cesf"; | ||
46 | + char skillfile[] = "/tmp/.cesfXXXXXX"; | ||
47 | int i = 0; | ||
48 | char *output = 0; | ||
49 | char *timel = 0; | ||
50 | @@ -348,6 +334,7 @@ | ||
51 | char *content = 0; | ||
52 | time_t now = 0; | ||
53 | char *error = 0; | ||
54 | + int tmp_fd, old_umask; | ||
55 | |||
56 | |||
57 | for (i = 0; i < MAXCHARS; i++) { | ||
58 | @@ -400,6 +387,14 @@ | ||
59 | |||
60 | output = (char *)malloc(200 * sizeof(char)); | ||
61 | timel = formatTime(&chr->ends); | ||
62 | + old_umask = umask(0066); | ||
63 | + tmp_fd = mkstemp(skillfile); | ||
64 | + umask(old_umask); | ||
65 | + if (tmp_fd == -1) { | ||
66 | + error = strdup("Cannot create temporary file"); | ||
67 | + return error; | ||
68 | + } | ||
69 | + close(tmp_fd); | ||
70 | skill = getSkillname(skillfile, chr->skill); | ||
71 | |||
72 | chr->skillname = strdup(skill); | ||