Updated patch security bug #354061.

(Portage version: 2.1.9.35/cvs/Linux i686)
author: Daniel Pielmeier <billie@gentoo.org> 2011-02-12 17:43:58 +0000
committer: Daniel Pielmeier <billie@gentoo.org> 2011-02-12 17:43:58 +0000
commit: 7d41f1e35f9c521924e83bdaac7783b884d98f4c (patch)
tree: 9e3a083057ed9da887f0184802eaef3a256a76ce /app-admin
parent: alpha/ia64/s390/sh/sparc stable wrt #344827 (diff)
download: gentoo-2-7d41f1e35f9c521924e83bdaac7783b884d98f4c.tar.gz
gentoo-2-7d41f1e35f9c521924e83bdaac7783b884d98f4c.tar.bz2
gentoo-2-7d41f1e35f9c521924e83bdaac7783b884d98f4c.zip
3 files changed, 78 insertions, 26 deletions
diff --git a/app-admin/conky/ChangeLog b/app-admin/conky/ChangeLog
index a528ec7bfce4..2f766adae102 100644
--- a/app-admin/conky/ChangeLog
+++ b/app-admin/conky/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for app-admin/conky
 # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-admin/conky/ChangeLog,v 1.155 2011/02/12 16:21:03 xarthisius Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-admin/conky/ChangeLog,v 1.156 2011/02/12 17:43:58 billie Exp $
+
+*conky-1.8.1-r2 (12 Feb 2011)
+
+  12 Feb 2011; Daniel Pielmeier <billie@gentoo.org> -conky-1.8.1-r1.ebuild,
+  +conky-1.8.1-r2.ebuild, files/conky-1.8.1-secunia-SA43225.patch:
+  Updated patch security bug #354061.
 
   12 Feb 2011; Kacper Kowalik <xarthisius@gentoo.org> conky-1.8.1-r1.ebuild:
   Marked ~ppc wrt #326767
diff --git a/app-admin/conky/conky-1.8.1-r1.ebuild b/app-admin/conky/conky-1.8.1-r2.ebuild
index c83b99f8f668..ac05ea22a3d7 100644
--- a/app-admin/conky/conky-1.8.1-r1.ebuild
+++ b/app-admin/conky/conky-1.8.1-r2.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2011 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-admin/conky/conky-1.8.1-r1.ebuild,v 1.2 2011/02/12 16:21:03 xarthisius Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-admin/conky/conky-1.8.1-r2.ebuild,v 1.1 2011/02/12 17:43:58 billie Exp $
 
 EAPI=2
 
diff --git a/app-admin/conky/files/conky-1.8.1-secunia-SA43225.patch b/app-admin/conky/files/conky-1.8.1-secunia-SA43225.patch
index afa33211f872..81272bd3764a 100644
--- a/app-admin/conky/files/conky-1.8.1-secunia-SA43225.patch
+++ b/app-admin/conky/files/conky-1.8.1-secunia-SA43225.patch
@@ -1,26 +1,72 @@
-From ac4a3682aecb9d6466fea4aebb183b5f8f632905 Mon Sep 17 00:00:00 2001
-From: Nikolas Garofil <nikolas@garofil.be>
-Date: Thu, 10 Feb 2011 16:20:06 +0100
-Subject: [PATCH] Fix security bug in 's getSkillname
-
----
- src/eve.cc |    3 ++-
- 1 files changed, 2 insertions(+), 1 deletions(-)
-
-diff --git a/src/eve.cc b/src/eve.cc
-index 187a5f4..29b8c45 100644
---- a/src/eve.c
-+++ b/src/eve.c
-@@ -285,7 +285,8 @@ static char *getSkillname(const char *file, int skillid)
- 
- 	if (!file_exists(file)) {
- 		skilltree = getXmlFromAPI(NULL, NULL, NULL, EVEURL_SKILLTREE);
--		writeSkilltree(skilltree, file);
-+//2x file_exits() so that someone (malicious?) couldn't create it during during the previous call
-+		if (!file_exists(file)) writeSkilltree(skilltree, file);
- 		free(skilltree);
+--- src/eve.c	2011-02-12 13:26:34.636269667 +0100
++++ src/eve.c	2011-02-12 13:26:48.242936334 +0100
+@@ -254,19 +254,6 @@
  	}
+ }
+ 
+-static int file_exists(const char *filename)
+-{
+-	struct stat fi;
+-
+-	if ((stat(filename, &fi)) == 0) {
+-		if (fi.st_size > 0)
+-			return 1;
+-		else
+-			return 0;
+-	} else
+-		return 0;
+-}
+-
+ static void writeSkilltree(char *content, const char *filename)
+ {
+ 	FILE *fp = fopen(filename, "w");
+@@ -283,13 +270,12 @@
+ 	xmlDocPtr doc = 0;
+ 	xmlNodePtr root = 0;
+ 
+-	if (!file_exists(file)) {
+-		skilltree = getXmlFromAPI(NULL, NULL, NULL, EVEURL_SKILLTREE);
+-		writeSkilltree(skilltree, file);
+-		free(skilltree);
+-	}
++	skilltree = getXmlFromAPI(NULL, NULL, NULL, EVEURL_SKILLTREE);
++	writeSkilltree(skilltree, file);
++	free(skilltree);
+ 
+ 	doc = xmlReadFile(file, NULL, 0);
++	unlink(file);
+ 	if (!doc)
+ 		return NULL;
+ 
+@@ -340,7 +326,7 @@
+ static char *eve(char *userid, char *apikey, char *charid)
+ {
+ 	Character *chr = NULL;
+-	const char *skillfile = "/tmp/.cesf";
++	char skillfile[] = "/tmp/.cesfXXXXXX";
+ 	int i = 0;
+ 	char *output = 0;
+ 	char *timel = 0;
+@@ -348,6 +334,7 @@
+ 	char *content = 0;
+ 	time_t now = 0;
+ 	char *error = 0;
++	int tmp_fd, old_umask;
+ 
+ 
+ 	for (i = 0; i < MAXCHARS; i++) {
+@@ -400,6 +387,14 @@
+ 
+ 		output = (char *)malloc(200 * sizeof(char));
+ 		timel = formatTime(&chr->ends);
++		old_umask = umask(0066);
++		tmp_fd = mkstemp(skillfile);
++		umask(old_umask);
++		if (tmp_fd == -1) {
++			error = strdup("Cannot create temporary file");
++			return error;
++		}
++		close(tmp_fd);
+ 		skill = getSkillname(skillfile, chr->skill);
  
--- 
-1.7.0.4
-
+ 		chr->skillname = strdup(skill);
author	Daniel Pielmeier <billie@gentoo.org>	2011-02-12 17:43:58 +0000
committer	Daniel Pielmeier <billie@gentoo.org>	2011-02-12 17:43:58 +0000
commit	7d41f1e35f9c521924e83bdaac7783b884d98f4c (patch)
tree	9e3a083057ed9da887f0184802eaef3a256a76ce /app-admin
parent	alpha/ia64/s390/sh/sparc stable wrt #344827 (diff)
download	gentoo-2-7d41f1e35f9c521924e83bdaac7783b884d98f4c.tar.gz gentoo-2-7d41f1e35f9c521924e83bdaac7783b884d98f4c.tar.bz2 gentoo-2-7d41f1e35f9c521924e83bdaac7783b884d98f4c.zip