Fix by Tavis Ormandy for insecure tempfile usage #104565.

Package-Manager: portage-2.0.52-r1 http://www.bash.org/?136501

5 files changed, 112 insertions, 9 deletions

diff --git a/app-admin/gtkdiskfree/ChangeLog b/app-admin/gtkdiskfree/ChangeLog
index f8ff6e730c3f..2f1bd6d3f8e7 100644
--- a/app-admin/gtkdiskfree/ChangeLog
+++ b/app-admin/gtkdiskfree/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for app-admin/gtkdiskfree
-# Copyright 2002-2005 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-admin/gtkdiskfree/ChangeLog,v 1.16 2005/05/08 14:37:03 herbs Exp $
+# Copyright 1999-2005 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/app-admin/gtkdiskfree/ChangeLog,v 1.17 2005/09/29 00:27:11 vapier Exp $
+
+*gtkdiskfree-1.9.3-r1 (29 Sep 2005)
+
+  29 Sep 2005; Mike Frysinger <vapier@gentoo.org>
+  +files/gtkdiskfree-1.9.3-tempfile.patch, +gtkdiskfree-1.9.3-r1.ebuild:
+  Fix by Tavis Ormandy for insecure tempfile usage #104565.
 
   08 May 2005; Herbie Hopkins <herbs@gentoo.org> gtkdiskfree-1.9.3.ebuild:
   Stable on amd64.
diff --git a/app-admin/gtkdiskfree/Manifest b/app-admin/gtkdiskfree/Manifest
index 0003689c9085..5ff66a3b3e5d 100644
--- a/app-admin/gtkdiskfree/Manifest
+++ b/app-admin/gtkdiskfree/Manifest
@@ -1,15 +1,18 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA1
 
-MD5 3cb7eeb4d966504d615bbcdc6bfac039 gtkdiskfree-1.9.3.ebuild 822
-MD5 b4ee3f5c507dfa80bbf42b2437e63df3 ChangeLog 1988
+MD5 477ba75aede7ab966c091e3e2a5232b0 gtkdiskfree-1.9.3-r1.ebuild 883
 MD5 b8bee659055ca63ac17aab8ba40bc1f8 metadata.xml 340
-MD5 fa185ac6a7e624389b664674be9ca275 files/1.9.3-makefile-DESTDIR.patch 663
+MD5 3cb7eeb4d966504d615bbcdc6bfac039 gtkdiskfree-1.9.3.ebuild 822
+MD5 fc3f02336981b3a94c86b7cbb0122d0b ChangeLog 2210
 MD5 46985ea76022b80753931414d58952cc files/digest-gtkdiskfree-1.9.3 69
+MD5 46985ea76022b80753931414d58952cc files/digest-gtkdiskfree-1.9.3-r1 69
+MD5 fa185ac6a7e624389b664674be9ca275 files/1.9.3-makefile-DESTDIR.patch 663
+MD5 b6f0db5ac582bea1dd90cb83809e89ce files/gtkdiskfree-1.9.3-tempfile.patch 1220
 -----BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.1 (GNU/Linux)
+Version: GnuPG v1.4.2 (GNU/Linux)
 
-iD8DBQFCfiRC2G5bA0cA/ScRAgR7AJ9o9jflytkV3k2I822Ndo6IQGEevACeOV40
-1pcak1+HmhdwKXWOlLLO8eE=
-=KHJc
+iD8DBQFDOzUfgIKl8Uu19MoRAoevAJ90bSJ7KbWFaJ0cKFHstALS+KWNLwCfU1LP
+LxyOOsdJdzs1n7KzsAHLbDg=
+=fPl/
 -----END PGP SIGNATURE-----
diff --git a/app-admin/gtkdiskfree/files/digest-gtkdiskfree-1.9.3-r1 b/app-admin/gtkdiskfree/files/digest-gtkdiskfree-1.9.3-r1
new file mode 100644
index 000000000000..64f070a4addc
--- /dev/null
+++ b/app-admin/gtkdiskfree/files/digest-gtkdiskfree-1.9.3-r1
@@ -0,0 +1 @@
+MD5 66dea9f2cb3bf83e6b45702900a97a03 gtkdiskfree-1.9.3.tar.gz 255448
diff --git a/app-admin/gtkdiskfree/files/gtkdiskfree-1.9.3-tempfile.patch b/app-admin/gtkdiskfree/files/gtkdiskfree-1.9.3-tempfile.patch
new file mode 100644
index 000000000000..abfc494f0c13
--- /dev/null
+++ b/app-admin/gtkdiskfree/files/gtkdiskfree-1.9.3-tempfile.patch
@@ -0,0 +1,58 @@
+Fix insecure tempfile usage
+
+Patch by Tavis Ormandy
+
+http://bugs.gentoo.org/104565
+
+--- gtkdiskfree-1.9.3/src/mount.c
++++ gtkdiskfree-1.9.3/src/mount.c
+@@ -31,41 +31,21 @@
+ void
+ open_cmd_tube (const gchar *cmd, const gchar *mount_point)
+ {
+-	gint status;
+-	gchar error[MAXLINE], *line;
+-	FILE *sh, *tmp;
++	gchar error[MAXLINE], *line, *status;
++	FILE *sh;
+ 	
+ 	setbuf(stdout, error);
+-	line = g_strconcat(cmd, " ", mount_point, " &> ", TUBE_NAME, NULL);
++	line = g_strconcat(cmd, " ", mount_point, " 2>&1", NULL);
+ 	sh = popen(line, "r");
+ 	g_free(line);
+ 	
+-	status = pclose(sh);
+-	
+-	if (status == 0) {
+-		remove(TUBE_NAME);
+-		gui_list_main_update(GTK_TREE_VIEW(list_treeview));
+-		
+-		return;
+-	} else {
+-		if ((tmp = fopen(TUBE_NAME, "r")) == NULL) {
+-			gui_list_main_update(GTK_TREE_VIEW(list_treeview)); 
+-			
+-			return;
+-		}
+-		if (fgets(error, MAXLINE-1, tmp) == NULL) {
+-			fclose(tmp);
+-			remove(TUBE_NAME);
+-			gui_list_main_update(GTK_TREE_VIEW(list_treeview));
+-			
+-			return;
+-		}
+-		fclose(tmp);
+-		remove(TUBE_NAME);
++	status = fgets(error, MAXLINE-1, sh);
++
++	if (status && (pclose(sh) != 0))
+ 		error_window(error);
+-	}
++
+ 	gui_list_main_update(GTK_TREE_VIEW(list_treeview));
+-	
++
+ 	return;
+ }
+ 
diff --git a/app-admin/gtkdiskfree/gtkdiskfree-1.9.3-r1.ebuild b/app-admin/gtkdiskfree/gtkdiskfree-1.9.3-r1.ebuild
new file mode 100644
index 000000000000..a4d4f59110cd
--- /dev/null
+++ b/app-admin/gtkdiskfree/gtkdiskfree-1.9.3-r1.ebuild
@@ -0,0 +1,35 @@
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-admin/gtkdiskfree/gtkdiskfree-1.9.3-r1.ebuild,v 1.1 2005/09/29 00:27:11 vapier Exp $
+
+inherit eutils
+
+DESCRIPTION="Graphical tool to show free disk space"
+HOMEPAGE="http://gtkdiskfree.tuxfamily.org/"
+SRC_URI="http://gtkdiskfree.tuxfamily.org/src_tgz/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~ppc ~ppc64 ~x86"
+IUSE="nls"
+
+DEPEND=">=x11-libs/gtk+-2
+	>=dev-libs/glib-2
+	nls? ( sys-devel/gettext )"
+
+src_unpack() {
+	unpack ${A}
+	cd "${S}"
+	epatch "${FILESDIR}"/${P}-tempfile.patch #104565
+	epatch "${FILESDIR}"/${PV}-makefile-DESTDIR.patch
+}
+
+src_compile() {
+	econf $(use_enable nls) || die
+	emake || die "emake failed"
+}
+
+src_install() {
+	make install DESTDIR="${D}" || die
+	dodoc AUTHORS ChangeLog NEWS README THANKS TODO
+}