diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2017-05-22 12:40:58 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2017-05-22 12:40:58 +0000 |
commit | a28f3503a4b1c9910c9dd1a9984053ba50570029 (patch) | |
tree | 8412e32ef4e24b6015c9521659c4569d99b631ac | |
parent | 4a8fa9161a7ecbdd21466efbc067d5397398125a (diff) | |
download | alpine_aports-a28f3503a4b1c9910c9dd1a9984053ba50570029.tar.bz2 alpine_aports-a28f3503a4b1c9910c9dd1a9984053ba50570029.tar.xz alpine_aports-a28f3503a4b1c9910c9dd1a9984053ba50570029.zip |
community/pcmanfm: fix CVE-2017-8934
-rw-r--r-- | community/pcmanfm/APKBUILD | 16 | ||||
-rw-r--r-- | community/pcmanfm/CVE-2017-8934.patch | 56 |
2 files changed, 66 insertions, 6 deletions
diff --git a/community/pcmanfm/APKBUILD b/community/pcmanfm/APKBUILD index f506c52a5c..462808dc64 100644 --- a/community/pcmanfm/APKBUILD +++ b/community/pcmanfm/APKBUILD | |||
@@ -1,16 +1,21 @@ | |||
1 | # Contributor: Bartłomiej Piotrowski <bpiotrowski@alpinelinux.org> | 1 | # Contributor: Bartłomiej Piotrowski <bpiotrowski@alpinelinux.org> |
2 | # Maintainer: | 2 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> |
3 | 3 | ||
4 | pkgname=pcmanfm | 4 | pkgname=pcmanfm |
5 | pkgver=1.2.5 | 5 | pkgver=1.2.5 |
6 | pkgrel=0 | 6 | pkgrel=1 |
7 | pkgdesc='Extremely fast and lightweight file manager' | 7 | pkgdesc='Extremely fast and lightweight file manager' |
8 | arch='all' | 8 | arch='all' |
9 | url='http://pcmanfm.sourceforge.net/' | 9 | url='http://pcmanfm.sourceforge.net/' |
10 | license='GPL' | 10 | license='GPL' |
11 | makedepends='gtk+2.0-dev libfm-dev intltool' | 11 | makedepends='gtk+2.0-dev libfm-dev intltool' |
12 | subpackages="$pkgname-doc $pkgname-lang" | 12 | subpackages="$pkgname-doc $pkgname-lang" |
13 | source="http://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.xz" | 13 | source="http://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.xz |
14 | CVE-2017-8934.patch" | ||
15 | |||
16 | # secfixes: | ||
17 | # 1.2.5-r1: | ||
18 | # - CVE-2017-8934 | ||
14 | 19 | ||
15 | build() { | 20 | build() { |
16 | cd "$srcdir/$pkgname-$pkgver" | 21 | cd "$srcdir/$pkgname-$pkgver" |
@@ -27,6 +32,5 @@ package() { | |||
27 | "$pkgdir"/usr/share/applications/pcmanfm.desktop || return 1 | 32 | "$pkgdir"/usr/share/applications/pcmanfm.desktop || return 1 |
28 | } | 33 | } |
29 | 34 | ||
30 | md5sums="b4d1f8ce08d87e4f27805a246fc51ac2 pcmanfm-1.2.5.tar.xz" | 35 | sha512sums="ce53315483f58361c5a7797bdca355dbbedc2cf3907d319c7c65be844ea74ed297497dc3183c903e06b8294f6301d19347f6b9871e34bf773c04ff4fb8ab32f3 pcmanfm-1.2.5.tar.xz |
31 | sha256sums="0c86cac028b705ff314c7464d814c2cf7ff604c17491c20aa204b1ef1a80ad67 pcmanfm-1.2.5.tar.xz" | 36 | 31c669e61832c1144dac7ef619b8dcdef7ee43f3f40e874695bef6aecc81d53caabb66913ea96ed5c2f5d79ac9bb5379ef317d9428bef837013c18d24da7536e CVE-2017-8934.patch" |
32 | sha512sums="ce53315483f58361c5a7797bdca355dbbedc2cf3907d319c7c65be844ea74ed297497dc3183c903e06b8294f6301d19347f6b9871e34bf773c04ff4fb8ab32f3 pcmanfm-1.2.5.tar.xz" | ||
diff --git a/community/pcmanfm/CVE-2017-8934.patch b/community/pcmanfm/CVE-2017-8934.patch new file mode 100644 index 0000000000..489d22c83b --- /dev/null +++ b/community/pcmanfm/CVE-2017-8934.patch | |||
@@ -0,0 +1,56 @@ | |||
1 | From bc8c3d871e9ecc67c47ff002b68cf049793faf08 Mon Sep 17 00:00:00 2001 | ||
2 | From: Andriy Grytsenko <andrej@rep.kiev.ua> | ||
3 | Date: Sun, 14 May 2017 21:35:40 +0300 | ||
4 | Subject: [PATCH] Fix potential access violation, use runtime user dir instead | ||
5 | of tmp dir. | ||
6 | |||
7 | --- | ||
8 | NEWS | 4 ++++ | ||
9 | src/single-inst.c | 7 ++++++- | ||
10 | 2 files changed, 10 insertions(+), 1 deletion(-) | ||
11 | |||
12 | diff --git a/NEWS b/NEWS | ||
13 | index 8c2049a..876f7f3 100644 | ||
14 | --- a/NEWS | ||
15 | +++ b/NEWS | ||
16 | @@ -1,3 +1,7 @@ | ||
17 | +* Fixed potential access violation, use runtime user dir instead of tmp dir | ||
18 | + for single instance socket. | ||
19 | + | ||
20 | + | ||
21 | Changes on 1.2.5 since 1.2.4: | ||
22 | |||
23 | * Removed options to Cut, Remove and Rename from context menu on mounted | ||
24 | diff --git a/src/single-inst.c b/src/single-inst.c | ||
25 | index 62c37b3..aaf84ab 100644 | ||
26 | --- a/src/single-inst.c | ||
27 | +++ b/src/single-inst.c | ||
28 | @@ -2,7 +2,7 @@ | ||
29 | * single-inst.c: simple IPC mechanism for single instance app | ||
30 | * | ||
31 | * Copyright 2010 Hong Jen Yee (PCMan) <pcman.tw@gmail.com> | ||
32 | - * Copyright 2012 Andriy Grytsenko (LStranger) <andrej@rep.kiev.ua> | ||
33 | + * Copyright 2012-2017 Andriy Grytsenko (LStranger) <andrej@rep.kiev.ua> | ||
34 | * | ||
35 | * This program is free software; you can redistribute it and/or modify | ||
36 | * it under the terms of the GNU General Public License as published by | ||
37 | @@ -404,11 +404,16 @@ static void get_socket_name(SingleInstData* data, char* buf, int len) | ||
38 | } | ||
39 | else | ||
40 | dpynum = 0; | ||
41 | +#if GLIB_CHECK_VERSION(2, 28, 0) | ||
42 | + g_snprintf(buf, len, "%s/%s-socket-%s-%d", g_get_user_runtime_dir(), | ||
43 | + data->prog_name, host ? host : "", dpynum); | ||
44 | +#else | ||
45 | g_snprintf(buf, len, "%s/.%s-socket-%s-%d-%s", | ||
46 | g_get_tmp_dir(), | ||
47 | data->prog_name, | ||
48 | host ? host : "", | ||
49 | dpynum, | ||
50 | g_get_user_name()); | ||
51 | +#endif | ||
52 | } | ||
53 | |||
54 | -- | ||
55 | 2.1.4 | ||
56 | |||