main/conky: security fix CVE-2011-3616

ref #767
author: Natanael Copa <ncopa@alpinelinux.org> 2011-10-17 19:33:14 +0000
committer: Natanael Copa <ncopa@alpinelinux.org> 2011-10-17 19:33:14 +0000
commit: 88e633357b740fd805059e7902277ef67ec39ebc (patch)
tree: 85c1c86c935048d69af79c9f8a20194a2370dfa2
parent: 0197c4c3d23966bc4b7c2f7a2e9a351c8b0b2e72 (diff)
download: alpine_aports-88e633357b740fd805059e7902277ef67ec39ebc.tar.bz2
alpine_aports-88e633357b740fd805059e7902277ef67ec39ebc.tar.xz
alpine_aports-88e633357b740fd805059e7902277ef67ec39ebc.zip
3 files changed, 116 insertions, 6 deletions
diff --git a/main/conky/APKBUILD b/main/conky/APKBUILD
index 0ff7ecf0d3..a392ae680d 100644
--- a/main/conky/APKBUILD
+++ b/main/conky/APKBUILD
@@ -1,7 +1,7 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=conky
 pkgver=1.8.1
-pkgrel=1
+pkgrel=2
 pkgdesc="An advanced, highly configurable system monitor for X based on torsmo"
 url="http://conky.sourceforge.net/"
 arch="all"
@@ -12,12 +12,23 @@ makedepends="pkgconfig alsa-lib-dev libxml2-dev curl-dev wireless-tools-dev
        cairo-dev tolua++ ncurses-dev
        "
 subpackages="$pkgname-doc $pkgname-dev"
-source="http://downloads.sourceforge.net/project/conky/conky/$pkgver/conky-$pkgver.tar.bz2"
+source="http://downloads.sourceforge.net/project/conky/conky/$pkgver/conky-$pkgver.tar.bz2
+        conky-1.8.1-curl-headers.patch
+        conky-1.8.1-secunia-SA43225.patch"
 _builddir="$srcdir"/$pkgname-$pkgver
-build () 
+prepare() {
-{ 
+        cd "$_builddir"
-        cd "$srcdir/$pkgname-$pkgver"
+        local i
+        for i in $source; do
+                case $i in
+                *.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
+                esac
+        done
+}
+build() {
+        cd "$_builddir"
        ./configure --prefix=/usr \
                --sysconfdir=/etc \
                --enable-wlan \
@@ -35,6 +46,9 @@ package() {
        cd "$_builddir"
        make DESTDIR="$pkgdir" install || return 1
        install -D -m644 COPYING $pkgdir/usr/share/licenses/$pkgname/LICENSE
+        rm "$pkgdir"/usr/lib/conky/*.la
 }
-md5sums="366dc6a5c2ebebfbe6f53da25061b5d6  conky-1.8.1.tar.bz2"
+md5sums="366dc6a5c2ebebfbe6f53da25061b5d6  conky-1.8.1.tar.bz2
+94e415b1189be5fb6d6ff5117c8df06e  conky-1.8.1-curl-headers.patch
+e00e00b1e4dd77536f8caed7a2b851c1  conky-1.8.1-secunia-SA43225.patch"
diff --git a/main/conky/conky-1.8.1-curl-headers.patch b/main/conky/conky-1.8.1-curl-headers.patch
new file mode 100644
index 0000000000..5de2de14e6
--- /dev/null
+++ b/main/conky/conky-1.8.1-curl-headers.patch
@@ -0,0 +1,24 @@
+diff --git a/src/ccurl_thread.c b/src/ccurl_thread.c
+index 10e73a6..9bea299 100644
+--- a/src/ccurl_thread.c
+++ b/src/ccurl_thread.c
+@@ -33,7 +33,6 @@
+ #endif /* DEBUG */
+ 
+ #include <curl/curl.h>
+-#include <curl/types.h>
+ #include <curl/easy.h>
+ 
+ /*
+diff --git a/src/eve.c b/src/eve.c
+index dc07264..f62a5f6 100644
+--- a/src/eve.c
+++ b/src/eve.c
+@@ -37,7 +37,6 @@
+ #include <libxml/xmlwriter.h>
+ 
+ #include <curl/curl.h>
+-#include <curl/types.h>
+ #include <curl/easy.h>
+ 
+ #include <time.h>
diff --git a/main/conky/conky-1.8.1-secunia-SA43225.patch b/main/conky/conky-1.8.1-secunia-SA43225.patch
new file mode 100644
index 0000000000..cac4b2c08b
--- /dev/null
+++ b/main/conky/conky-1.8.1-secunia-SA43225.patch
@@ -0,0 +1,72 @@
+--- ./src/eve.c 2011-02-12 13:26:34.636269667 +0100
+++ ./src/eve.c 2011-02-12 13:26:48.242936334 +0100
+@@ -254,19 +254,6 @@
+        }
+ }
+ 
+-static int file_exists(const char *filename)
+-{
+-       struct stat fi;
+-
+-       if ((stat(filename, &fi)) == 0) {
+-               if (fi.st_size > 0)
+-                       return 1;
+-               else
+-                       return 0;
+-       } else
+-               return 0;
+-}
+-
+ static void writeSkilltree(char *content, const char *filename)
+ {
+        FILE *fp = fopen(filename, "w");
+@@ -283,13 +270,12 @@
+        xmlDocPtr doc = 0;
+        xmlNodePtr root = 0;
+ 
+-       if (!file_exists(file)) {
+-               skilltree = getXmlFromAPI(NULL, NULL, NULL, EVEURL_SKILLTREE);
+-               writeSkilltree(skilltree, file);
+-               free(skilltree);
+-       }
+       skilltree = getXmlFromAPI(NULL, NULL, NULL, EVEURL_SKILLTREE);
+       writeSkilltree(skilltree, file);
+       free(skilltree);
+ 
+        doc = xmlReadFile(file, NULL, 0);
+       unlink(file);
+        if (!doc)
+                return NULL;
+ 
+@@ -340,7 +326,7 @@
+ static char *eve(char *userid, char *apikey, char *charid)
+ {
+        Character *chr = NULL;
+-       const char *skillfile = "/tmp/.cesf";
+       char skillfile[] = "/tmp/.cesfXXXXXX";
+        int i = 0;
+        char *output = 0;
+        char *timel = 0;
+@@ -348,6 +334,7 @@
+        char *content = 0;
+        time_t now = 0;
+        char *error = 0;
+       int tmp_fd, old_umask;
+ 
+ 
+        for (i = 0; i < MAXCHARS; i++) {
+@@ -400,6 +387,14 @@
+ 
+                output = (char *)malloc(200 * sizeof(char));
+                timel = formatTime(&chr->ends);
+               old_umask = umask(0066);
+               tmp_fd = mkstemp(skillfile);
+               umask(old_umask);
+               if (tmp_fd == -1) {
+                       error = strdup("Cannot create temporary file");
+                       return error;
+               }
+               close(tmp_fd);
+                skill = getSkillname(skillfile, chr->skill);
+ 
+                chr->skillname = strdup(skill);
author	Natanael Copa <ncopa@alpinelinux.org>	2011-10-17 19:33:14 +0000
committer	Natanael Copa <ncopa@alpinelinux.org>	2011-10-17 19:33:14 +0000
commit	88e633357b740fd805059e7902277ef67ec39ebc (patch)
tree	85c1c86c935048d69af79c9f8a20194a2370dfa2
parent	0197c4c3d23966bc4b7c2f7a2e9a351c8b0b2e72 (diff)
download	alpine_aports-88e633357b740fd805059e7902277ef67ec39ebc.tar.bz2 alpine_aports-88e633357b740fd805059e7902277ef67ec39ebc.tar.xz alpine_aports-88e633357b740fd805059e7902277ef67ec39ebc.zip

diff --git a/main/conky/APKBUILD b/main/conky/APKBUILD index 0ff7ecf0d3..a392ae680d 100644 --- a/main/conky/APKBUILD +++ b/main/conky/APKBUILD
@@ -1,7 +1,7 @@
1	# Maintainer: Natanael Copa <ncopa@alpinelinux.org>	1	# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
2	pkgname=conky	2	pkgname=conky
3	pkgver=1.8.1	3	pkgver=1.8.1
4	pkgrel=1	4	pkgrel=2
5	pkgdesc="An advanced, highly configurable system monitor for X based on torsmo"	5	pkgdesc="An advanced, highly configurable system monitor for X based on torsmo"
6	url="http://conky.sourceforge.net/"	6	url="http://conky.sourceforge.net/"
7	arch="all"	7	arch="all"
@@ -12,12 +12,23 @@ makedepends="pkgconfig alsa-lib-dev libxml2-dev curl-dev wireless-tools-dev
12	cairo-dev tolua++ ncurses-dev	12	cairo-dev tolua++ ncurses-dev
13	"	13	"
14	subpackages="$pkgname-doc $pkgname-dev"	14	subpackages="$pkgname-doc $pkgname-dev"
15	source="http://downloads.sourceforge.net/project/conky/conky/$pkgver/conky-$pkgver.tar.bz2"	15	source="http://downloads.sourceforge.net/project/conky/conky/$pkgver/conky-$pkgver.tar.bz2
		16	conky-1.8.1-curl-headers.patch
		17	conky-1.8.1-secunia-SA43225.patch"
16		18
17	_builddir="$srcdir"/$pkgname-$pkgver	19	_builddir="$srcdir"/$pkgname-$pkgver
18	build ()	20	prepare() {
19	{	21	cd "$_builddir"
20	cd "$srcdir/$pkgname-$pkgver"	22	local i
		23	for i in $source; do
		24	case $i in
		25	*.patch) msg $i; patch -p1 -i "$srcdir"/$i \|\| return 1;;
		26	esac
		27	done
		28	}
		29
		30	build() {
		31	cd "$_builddir"
21	./configure --prefix=/usr \	32	./configure --prefix=/usr \
22	--sysconfdir=/etc \	33	--sysconfdir=/etc \
23	--enable-wlan \	34	--enable-wlan \
@@ -35,6 +46,9 @@ package() {
35	cd "$_builddir"	46	cd "$_builddir"
36	make DESTDIR="$pkgdir" install \|\| return 1	47	make DESTDIR="$pkgdir" install \|\| return 1
37	install -D -m644 COPYING $pkgdir/usr/share/licenses/$pkgname/LICENSE	48	install -D -m644 COPYING $pkgdir/usr/share/licenses/$pkgname/LICENSE
		49	rm "$pkgdir"/usr/lib/conky/*.la
38	}	50	}
39		51
40	md5sums="366dc6a5c2ebebfbe6f53da25061b5d6 conky-1.8.1.tar.bz2"	52	md5sums="366dc6a5c2ebebfbe6f53da25061b5d6 conky-1.8.1.tar.bz2
		53	94e415b1189be5fb6d6ff5117c8df06e conky-1.8.1-curl-headers.patch
		54	e00e00b1e4dd77536f8caed7a2b851c1 conky-1.8.1-secunia-SA43225.patch"


diff --git a/main/conky/conky-1.8.1-curl-headers.patch b/main/conky/conky-1.8.1-curl-headers.patch new file mode 100644 index 0000000000..5de2de14e6 --- /dev/null +++ b/main/conky/conky-1.8.1-curl-headers.patch
@@ -0,0 +1,24 @@
		1	diff --git a/src/ccurl_thread.c b/src/ccurl_thread.c
		2	index 10e73a6..9bea299 100644
		3	--- a/src/ccurl_thread.c
		4	+++ b/src/ccurl_thread.c
		5	@@ -33,7 +33,6 @@
		6	#endif /* DEBUG */
		7
		8	#include <curl/curl.h>
		9	-#include <curl/types.h>
		10	#include <curl/easy.h>
		11
		12	/*
		13	diff --git a/src/eve.c b/src/eve.c
		14	index dc07264..f62a5f6 100644
		15	--- a/src/eve.c
		16	+++ b/src/eve.c
		17	@@ -37,7 +37,6 @@
		18	#include <libxml/xmlwriter.h>
		19
		20	#include <curl/curl.h>
		21	-#include <curl/types.h>
		22	#include <curl/easy.h>
		23
		24	#include <time.h>


diff --git a/main/conky/conky-1.8.1-secunia-SA43225.patch b/main/conky/conky-1.8.1-secunia-SA43225.patch new file mode 100644 index 0000000000..cac4b2c08b --- /dev/null +++ b/main/conky/conky-1.8.1-secunia-SA43225.patch
@@ -0,0 +1,72 @@
		1	--- ./src/eve.c 2011-02-12 13:26:34.636269667 +0100
		2	+++ ./src/eve.c 2011-02-12 13:26:48.242936334 +0100
		3	@@ -254,19 +254,6 @@
		4	}
		5	}
		6
		7	-static int file_exists(const char *filename)
		8	-{
		9	- struct stat fi;
		10	-
		11	- if ((stat(filename, &fi)) == 0) {
		12	- if (fi.st_size > 0)
		13	- return 1;
		14	- else
		15	- return 0;
		16	- } else
		17	- return 0;
		18	-}
		19	-
		20	static void writeSkilltree(char content, const char filename)
		21	{
		22	FILE *fp = fopen(filename, "w");
		23	@@ -283,13 +270,12 @@
		24	xmlDocPtr doc = 0;
		25	xmlNodePtr root = 0;
		26
		27	- if (!file_exists(file)) {
		28	- skilltree = getXmlFromAPI(NULL, NULL, NULL, EVEURL_SKILLTREE);
		29	- writeSkilltree(skilltree, file);
		30	- free(skilltree);
		31	- }
		32	+ skilltree = getXmlFromAPI(NULL, NULL, NULL, EVEURL_SKILLTREE);
		33	+ writeSkilltree(skilltree, file);
		34	+ free(skilltree);
		35
		36	doc = xmlReadFile(file, NULL, 0);
		37	+ unlink(file);
		38	if (!doc)
		39	return NULL;
		40
		41	@@ -340,7 +326,7 @@
		42	static char eve(char userid, char apikey, char charid)
		43	{
		44	Character *chr = NULL;
		45	- const char *skillfile = "/tmp/.cesf";
		46	+ char skillfile[] = "/tmp/.cesfXXXXXX";
		47	int i = 0;
		48	char *output = 0;
		49	char *timel = 0;
		50	@@ -348,6 +334,7 @@
		51	char *content = 0;
		52	time_t now = 0;
		53	char *error = 0;
		54	+ int tmp_fd, old_umask;
		55
		56
		57	for (i = 0; i < MAXCHARS; i++) {
		58	@@ -400,6 +387,14 @@
		59
		60	output = (char )malloc(200 sizeof(char));
		61	timel = formatTime(&chr->ends);
		62	+ old_umask = umask(0066);
		63	+ tmp_fd = mkstemp(skillfile);
		64	+ umask(old_umask);
		65	+ if (tmp_fd == -1) {
		66	+ error = strdup("Cannot create temporary file");
		67	+ return error;
		68	+ }
		69	+ close(tmp_fd);
		70	skill = getSkillname(skillfile, chr->skill);
		71
		72	chr->skillname = strdup(skill);