summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRobert Buchholz <rbu@gentoo.org>2009-11-25 13:43:10 +0000
committerRobert Buchholz <rbu@gentoo.org>2009-11-25 13:43:10 +0000
commitfee3330fdb9fe7d0463dc967cb71bb777c8dc996 (patch)
tree93886fc7123d897d9f5fecae7a553350c00bd1ff /sys-apps/dstat
parentRemove 2 masked old vers. (diff)
downloadhistorical-fee3330fdb9fe7d0463dc967cb71bb777c8dc996.tar.gz
historical-fee3330fdb9fe7d0463dc967cb71bb777c8dc996.tar.bz2
historical-fee3330fdb9fe7d0463dc967cb71bb777c8dc996.zip
Fix Untrusted Search Path Vulnerability (CVE-2009-3894), bug 293497.
Package-Manager: portage-2.1.7.1/cvs/Linux x86_64 RepoMan-Options: --force
Diffstat (limited to 'sys-apps/dstat')
-rw-r--r--sys-apps/dstat/ChangeLog8
-rw-r--r--sys-apps/dstat/Manifest4
-rw-r--r--sys-apps/dstat/dstat-0.6.9-r1.ebuild39
-rw-r--r--sys-apps/dstat/files/dstat-0.6.9-CVE-2009-3894.patch15
4 files changed, 64 insertions, 2 deletions
diff --git a/sys-apps/dstat/ChangeLog b/sys-apps/dstat/ChangeLog
index d4407467c978..0f41ecb22785 100644
--- a/sys-apps/dstat/ChangeLog
+++ b/sys-apps/dstat/ChangeLog
@@ -1,6 +1,12 @@
# ChangeLog for sys-apps/dstat
# Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-apps/dstat/ChangeLog,v 1.31 2009/06/28 14:06:58 klausman Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/dstat/ChangeLog,v 1.32 2009/11/25 13:43:09 rbu Exp $
+
+*dstat-0.6.9-r1 (25 Nov 2009)
+
+ 25 Nov 2009; Robert Buchholz <rbu@gentoo.org> +dstat-0.6.9-r1.ebuild,
+ +files/dstat-0.6.9-CVE-2009-3894.patch:
+ Fix Untrusted Search Path Vulnerability (CVE-2009-3894), bug 293497.
28 Jun 2009; Tobias Klausmann <klausman@gentoo.org> dstat-0.6.9.ebuild:
Keyworded on alpha, bug #274851
diff --git a/sys-apps/dstat/Manifest b/sys-apps/dstat/Manifest
index 2f1712359c24..c88f42130f17 100644
--- a/sys-apps/dstat/Manifest
+++ b/sys-apps/dstat/Manifest
@@ -1,8 +1,10 @@
+AUX dstat-0.6.9-CVE-2009-3894.patch 721 RMD160 54b21dc985dde85554c04404ce1e693fa26777c0 SHA1 534cbc712b24fe5d5aeaaae17ab6291dae425693 SHA256 74f067376ed3276ebdeb71439b1f5b805e0a7ae6e6149779b63e7234d4ff9f26
DIST dstat-0.6.6.tar.bz2 52016 RMD160 eef89e5c9da3222b64bfe237680cd3c1b4c5818c SHA1 ead3427b49ba6256edc723903e49d0f152daebc5 SHA256 c2dac78231799571302456d24a7964f3636c2ddff962aa19a102d84bdc28b110
DIST dstat-0.6.7.tar.bz2 71057 RMD160 ae7a6ca6a2fb7378b4ade6584082459765558084 SHA1 4abb07558d3280dcd83594fe689e1a2c018e7777 SHA256 7e0a2fe4645c49dec64deb5af5cb9ab9abf8523629bd4331e9a663239b0b0035
DIST dstat-0.6.9.tar.bz2 74060 RMD160 e90757d3273127acead60b9ec2ff1448d87845a7 SHA1 296a46edcee28525c4f6e3dcd615aa268bfeec5d SHA256 edb2c17d081ee2b0b4fc2c57c2ed6dc36628853abd76c838026e99b3d1ea897c
EBUILD dstat-0.6.6.ebuild 1031 RMD160 c47f369c4c5a78355ef1f7f3f261bbda3e52f477 SHA1 730f6cd3d72764722e94a4e40dcb7df9a41926b9 SHA256 1f8275079787be801670293973d815a1c7c9aa50afd93a0815d02b7692c2cf38
EBUILD dstat-0.6.7.ebuild 1051 RMD160 b253de9d4dcccc74d48a1790eb4317b8e51b46c6 SHA1 dcf8d9afc7dbe04793bdda4f9ea033f65152dee6 SHA256 38fa5aef9892a9354d0133c7c221da91d070ad9cd35f1e710e2b1ab76cddccc5
+EBUILD dstat-0.6.9-r1.ebuild 982 RMD160 686736921f7912625aed9883a8733018138018d0 SHA1 7b5bc81c00178c3c0820b61cb5cb1aab33673562 SHA256 ba9260515f2b99d8803a608990b50e2a6ee54b6673d2a790f990ddad75255cd5
EBUILD dstat-0.6.9.ebuild 899 RMD160 24892bfa07a45279747319804aa94ed8932df5f4 SHA1 26c6307fa934697c12b7138d56a8c03cfb203035 SHA256 54aedacc2da4cca62e33f351ecb670db9201da430f57bbb35197dfd952f9023f
-MISC ChangeLog 3987 RMD160 0caa93d013380a821b6f04f24cdaec2b1c9c6519 SHA1 b1fd502d57d2629b1f7ff91f9320b6ac058378fb SHA256 d743715b9bd4017a2d9c9940db09c8f77a398c05842993731d9af376a67492b6
+MISC ChangeLog 4199 RMD160 ca53e769436bafc621a1b247c189dab46873b0b6 SHA1 ab4f7afe57db1521cc16668aa5d71e46621366e9 SHA256 f6e7bc20f5f8899493b04e4df879c138cb5a813f1ed323ce418decdf211475cd
MISC metadata.xml 876 RMD160 31be4950d058c997eb8ff3bab460977e7384f54e SHA1 f1facdf454405eaf40e52b719ec63204a3e54bb0 SHA256 dcd7d24d198345862d5ff870ffa7dde3daf8b8d1d06f9c5350f9c6aad81e383f
diff --git a/sys-apps/dstat/dstat-0.6.9-r1.ebuild b/sys-apps/dstat/dstat-0.6.9-r1.ebuild
new file mode 100644
index 000000000000..ceb97e2be1a4
--- /dev/null
+++ b/sys-apps/dstat/dstat-0.6.9-r1.ebuild
@@ -0,0 +1,39 @@
+# Copyright 1999-2009 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/dstat/dstat-0.6.9-r1.ebuild,v 1.1 2009/11/25 13:43:09 rbu Exp $
+
+EAPI=2
+inherit python eutils
+
+DESCRIPTION="Dstat is a versatile replacement for vmstat, iostat and ifstat"
+HOMEPAGE="http://dag.wieers.com/home-made/dstat/"
+SRC_URI="http://dag.wieers.com/home-made/${PN}/${P}.tar.bz2"
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha amd64 hppa ~ia64 ~mips ~ppc ~ppc64 sparc x86"
+IUSE=""
+
+RDEPEND="virtual/python"
+DEPEND=""
+
+src_prepare() {
+ epatch "${FILESDIR}"/${P}-CVE-2009-3894.patch # 293497
+}
+
+src_install() {
+ make install DESTDIR="${D}" || die "make install failed"
+
+ dodoc \
+ AUTHORS ChangeLog README TODO \
+ examples/{mstat,read}.py docs/*.txt \
+ || die "dodoc failed"
+ dohtml docs/*.html || die "dohtml failed"
+}
+
+pkg_postinst() {
+ python_mod_optimize /usr/share/dstat
+}
+
+pkg_postrm() {
+ python_mod_cleanup /usr/share/dstat
+}
diff --git a/sys-apps/dstat/files/dstat-0.6.9-CVE-2009-3894.patch b/sys-apps/dstat/files/dstat-0.6.9-CVE-2009-3894.patch
new file mode 100644
index 000000000000..042552b9a3bd
--- /dev/null
+++ b/sys-apps/dstat/files/dstat-0.6.9-CVE-2009-3894.patch
@@ -0,0 +1,15 @@
+https://bugs.gentoo.org/show_bug.cgi?id=293497
+
+Index: dstat-0.6.9/dstat
+===================================================================
+--- dstat-0.6.9.orig/dstat
++++ dstat-0.6.9/dstat
+@@ -28,8 +28,6 @@ try:
+ inspath('/usr/local/share/dstat/')
+ inspath('/usr/share/dstat/')
+ inspath(os.path.abspath(os.path.dirname(sys.argv[0])) + '/plugins/') # binary path + /plugins/
+- inspath(os.getcwd() + '/plugins/') # current path + /plugins/
+- inspath(os.getcwd()) # current path
+ inspath(os.path.expanduser('~/.dstat/')) # home + /.dstat/
+ except KeyboardInterrupt, e:
+ pass