Added a patch to fix plain 0.2.2's code injection vulnerability. cf. bug 197660. Removed the vulnerable version.

Package-Manager: portage-2.1.3.16
author: Wulf Krueger <philantrop@gentoo.org> 2007-11-04 20:58:58 +0000
committer: Wulf Krueger <philantrop@gentoo.org> 2007-11-04 20:58:58 +0000
commit: 3f5f4cd7ecfbb019ff267e2e86a8de8b67a50df2 (patch)
tree: 96847107ba79b2c4de898203bcedff7220919721 /net-news
parent: old (diff)
download: historical-3f5f4cd7ecfbb019ff267e2e86a8de8b67a50df2.tar.gz
historical-3f5f4cd7ecfbb019ff267e2e86a8de8b67a50df2.tar.bz2
historical-3f5f4cd7ecfbb019ff267e2e86a8de8b67a50df2.zip
6 files changed, 54 insertions, 39 deletions
diff --git a/net-news/yarssr/ChangeLog b/net-news/yarssr/ChangeLog
index f66e92955fcd..7e4328353e3e 100644
--- a/net-news/yarssr/ChangeLog
+++ b/net-news/yarssr/ChangeLog
@@ -1,6 +1,14 @@
 # ChangeLog for net-news/yarssr
 # Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-news/yarssr/ChangeLog,v 1.3 2007/07/02 15:07:03 peper Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-news/yarssr/ChangeLog,v 1.4 2007/11/04 20:58:58 philantrop Exp $
+
+*yarssr-0.2.2-r1 (04 Nov 2007)
+
+  04 Nov 2007; Wulf C. Krueger <philantrop@gentoo.org> metadata.xml,
+  +files/yarssr-0.2.2-code_injection_197660.patch, -yarssr-0.2.2.ebuild,
+  +yarssr-0.2.2-r1.ebuild:
+  Added a patch to fix plain 0.2.2's code injection vulnerability. cf. bug
+  197660.
 
   02 Jul 2007; Piotr Jaroszyński <peper@gentoo.org> yarssr-0.2.2.ebuild:
   (QA) RESTRICT clean up.
diff --git a/net-news/yarssr/Manifest b/net-news/yarssr/Manifest
index 2f06add50c95..e01be3e554b9 100644
--- a/net-news/yarssr/Manifest
+++ b/net-news/yarssr/Manifest
@@ -1,30 +1,24 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
-
+AUX yarssr-0.2.2-code_injection_197660.patch 471 RMD160 5a84f492e2d1a01f5d97e8ca0573e0b2cdd4c361 SHA1 32d59da43b66457cd976c92715ed6678be092dc5 SHA256 ed7419712ae127190f02710b9b92532f08dd08cda4579d1ca858e0bbf45682d4
+MD5 9bd55d1707f262d5d2cd9e415208c36d files/yarssr-0.2.2-code_injection_197660.patch 471
+RMD160 5a84f492e2d1a01f5d97e8ca0573e0b2cdd4c361 files/yarssr-0.2.2-code_injection_197660.patch 471
+SHA256 ed7419712ae127190f02710b9b92532f08dd08cda4579d1ca858e0bbf45682d4 files/yarssr-0.2.2-code_injection_197660.patch 471
 AUX yarssr-0.2.2-makefile.patch 567 RMD160 bd6d2678113d9ed4cf4e5dc34b867045f80c2fb6 SHA1 878be6d059f70afd042dedb4a43938265cb02202 SHA256 30990b03d4e0559c37cbb489aeb0224f84777ffa531ea354a9e939671ec7b820
 MD5 cc9198ab27338d51a89ed9e121eebad2 files/yarssr-0.2.2-makefile.patch 567
 RMD160 bd6d2678113d9ed4cf4e5dc34b867045f80c2fb6 files/yarssr-0.2.2-makefile.patch 567
 SHA256 30990b03d4e0559c37cbb489aeb0224f84777ffa531ea354a9e939671ec7b820 files/yarssr-0.2.2-makefile.patch 567
 DIST yarssr-0.2.2.tar.bz2 19567 RMD160 41d5d7f46f39d8f523e1494a1e4ca95cb7f0fb39 SHA1 7d3855172ca979168acc03388ac578530e85cb63 SHA256 8f9a015a0e97f913edb93b5b9f89c34cac5783fc3cdbec32f9bb7cbda63c8a58
-EBUILD yarssr-0.2.2.ebuild 833 RMD160 ed13c5be374f48d5f136fa0b17ed0dd4ce489100 SHA1 6a58696b7c601260a18295493fcc8d187b7e2fff SHA256 946606143bd66b85788ab4015af14829ac13740c5b026f2f7b1c4f4605899167
-MD5 8b5b7183771ca2f32e37841ae9c5bec4 yarssr-0.2.2.ebuild 833
-RMD160 ed13c5be374f48d5f136fa0b17ed0dd4ce489100 yarssr-0.2.2.ebuild 833
-SHA256 946606143bd66b85788ab4015af14829ac13740c5b026f2f7b1c4f4605899167 yarssr-0.2.2.ebuild 833
-MISC ChangeLog 579 RMD160 a0cf410ecb6f907961e729f94f3d6deb381e341b SHA1 fa717deae4357e89930d141f15d8a11314b0b5d6 SHA256 a4944815ce64b589e5c01f7e104f1b37eda330effadd7dda618649f8ded580a4
-MD5 6d2f4918cd0a1bb2007dd14583adab20 ChangeLog 579
-RMD160 a0cf410ecb6f907961e729f94f3d6deb381e341b ChangeLog 579
-SHA256 a4944815ce64b589e5c01f7e104f1b37eda330effadd7dda618649f8ded580a4 ChangeLog 579
-MISC metadata.xml 231 RMD160 c13056229989c3d4f448a7c7abcff3f4ee7ce13c SHA1 2d63dfb700b223f8f37c078692a81b2237896bce SHA256 4595c2615fd7c9095517949b1a920d4457f92801eb9d46307b18aafe58ec2a8a
-MD5 ed8349e980407e49b724e04ee5a9a2ed metadata.xml 231
-RMD160 c13056229989c3d4f448a7c7abcff3f4ee7ce13c metadata.xml 231
-SHA256 4595c2615fd7c9095517949b1a920d4457f92801eb9d46307b18aafe58ec2a8a metadata.xml 231
-MD5 88a18f77be966b8cbd0417dabacfa709 files/digest-yarssr-0.2.2 238
-RMD160 d7cb7ec277cdec3e782f54e87a345cb223829855 files/digest-yarssr-0.2.2 238
-SHA256 aa028ab6ee6fe6ca8e025d2c7cb1184159783c03df47e555065607ae90e1ec80 files/digest-yarssr-0.2.2 238
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.4 (GNU/Linux)
-
-iD8DBQFGiRScppoStNGKGywRAvMWAJ9L4Ub0c4v1nSIVvLY4tnbG7XdkzwCgr6IR
-cHRUAJCY4q5Q0AqvrsourWk=
-=mdmh
------END PGP SIGNATURE-----
+EBUILD yarssr-0.2.2-r1.ebuild 987 RMD160 80fa11f8a341ae904837cdab3203e3c19926cac5 SHA1 9d03243daaaf6f3ea583053feea24713829f7a6b SHA256 56e9cdce1d07e18b5b0a420bcec75530b8d99a1702776c968a9d6b3a85baf982
+MD5 ff5b426de321e122aac508474b5d465b yarssr-0.2.2-r1.ebuild 987
+RMD160 80fa11f8a341ae904837cdab3203e3c19926cac5 yarssr-0.2.2-r1.ebuild 987
+SHA256 56e9cdce1d07e18b5b0a420bcec75530b8d99a1702776c968a9d6b3a85baf982 yarssr-0.2.2-r1.ebuild 987
+MISC ChangeLog 871 RMD160 3cb6bd17ed443aeec142e35e4fd9079db40560e1 SHA1 845fdb72f76d3352729c31edd156be3d9e9615a6 SHA256 337ed8b1e65b85abbe70c4ee3bf01983ad1e266ff94776cde8d6d40da906ed3f
+MD5 e03cac6becc28b116c3dc531ebf2e7b7 ChangeLog 871
+RMD160 3cb6bd17ed443aeec142e35e4fd9079db40560e1 ChangeLog 871
+SHA256 337ed8b1e65b85abbe70c4ee3bf01983ad1e266ff94776cde8d6d40da906ed3f ChangeLog 871
+MISC metadata.xml 161 RMD160 f1947f39ceb22269275e1b59023c4eadcdbc1a15 SHA1 5d3eb0725c80eb73d935d7dfbd653a7c1a2103e7 SHA256 8031b551b7913d7c088a55811814db35dad801454d369d05ff365d33cd722153
+MD5 d4764f5c17f5e0b416f7ddf271c77d71 metadata.xml 161
+RMD160 f1947f39ceb22269275e1b59023c4eadcdbc1a15 metadata.xml 161
+SHA256 8031b551b7913d7c088a55811814db35dad801454d369d05ff365d33cd722153 metadata.xml 161
+MD5 88a18f77be966b8cbd0417dabacfa709 files/digest-yarssr-0.2.2-r1 238
+RMD160 d7cb7ec277cdec3e782f54e87a345cb223829855 files/digest-yarssr-0.2.2-r1 238
+SHA256 aa028ab6ee6fe6ca8e025d2c7cb1184159783c03df47e555065607ae90e1ec80 files/digest-yarssr-0.2.2-r1 238
diff --git a/net-news/yarssr/files/digest-yarssr-0.2.2 b/net-news/yarssr/files/digest-yarssr-0.2.2-r1
index 79d0ed3babeb..79d0ed3babeb 100644
--- a/net-news/yarssr/files/digest-yarssr-0.2.2
+++ b/net-news/yarssr/files/digest-yarssr-0.2.2-r1
diff --git a/net-news/yarssr/files/yarssr-0.2.2-code_injection_197660.patch b/net-news/yarssr/files/yarssr-0.2.2-code_injection_197660.patch
new file mode 100644
index 000000000000..4f5b11130f6f
--- /dev/null
+++ b/net-news/yarssr/files/yarssr-0.2.2-code_injection_197660.patch
@@ -0,0 +1,12 @@
+diff -urNad yarssr-0.2.2~/lib/Yarssr/GUI.pm yarssr-0.2.2/lib/Yarssr/GUI.pm
+--- yarssr-0.2.2~/lib/Yarssr/GUI.pm	2007-10-31 12:40:08.000000000 +0100
++++ yarssr-0.2.2/lib/Yarssr/GUI.pm	2007-10-31 12:42:17.958217449 +0100
+@@ -164,7 +164,7 @@
+ 		else {
+ 			my $b = Yarssr::Config->get_browser;
+ 			$b .= " \"$url\"" unless $b =~ s/\%s/"$url"/;
+-			exec($b) or warn "unable to launch browser\n";
++			exec(split(' ',$b)) or warn "unable to launch browser\n";
+ 			exit;
+ 		}
+ 	}
diff --git a/net-news/yarssr/metadata.xml b/net-news/yarssr/metadata.xml
index 54494c4bb860..4d0ebe73a55f 100644
--- a/net-news/yarssr/metadata.xml
+++ b/net-news/yarssr/metadata.xml
@@ -1,8 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
 <pkgmetadata>
-<herd>no-herd</herd>
-<maintainer>
-<email>maintainer-needed@gentoo.org</email>
-</maintainer>
+<herd>net-news</herd>
 </pkgmetadata>
diff --git a/net-news/yarssr/yarssr-0.2.2.ebuild b/net-news/yarssr/yarssr-0.2.2-r1.ebuild
index 5d7262baeb73..1a4f881dd381 100644
--- a/net-news/yarssr/yarssr-0.2.2.ebuild
+++ b/net-news/yarssr/yarssr-0.2.2-r1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2007 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-news/yarssr/yarssr-0.2.2.ebuild,v 1.2 2007/07/02 15:07:03 peper Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-news/yarssr/yarssr-0.2.2-r1.ebuild,v 1.1 2007/11/04 20:58:58 philantrop Exp $
 
 inherit eutils
 
@@ -8,16 +8,17 @@ DESCRIPTION="Yet Another RSS Reader - A KDE/Gnome system tray rss aggregator"
 HOMEPAGE="http://yarssr.sourceforge.net/"
 SRC_URI="mirror://sourceforge/${PN}/${P}.tar.bz2"
 LICENSE="GPL-2"
-RESTRICT="mirror"
+
 SLOT="0"
-KEYWORDS="~x86 ~amd64"
+KEYWORDS="~amd64 ~x86"
 IUSE=""
+
 RDEPEND="dev-perl/Locale-gettext
-	dev-perl/XML-RSS
-	dev-perl/gtk2-trayicon
-	dev-perl/gtk2-gladexml
-	dev-perl/gnome2-vfs-perl
-	>=dev-perl/gnome2-perl-0.94"
+		dev-perl/XML-RSS
+		dev-perl/gtk2-trayicon
+		dev-perl/gtk2-gladexml
+		dev-perl/gnome2-vfs-perl
+		>=dev-perl/gnome2-perl-0.94"
 DEPEND=""
 
 src_unpack() {
@@ -25,9 +26,12 @@ src_unpack() {
 	cd "${S}"
 
 	epatch "${FILESDIR}/${P}-makefile.patch"
+
+	# Fixes plain 0.2.2's code injection vulnerability. cf. bug 197660.
+	epatch "${FILESDIR}/${P}-code_injection_197660.patch"
 }
 
 src_install() {
 	emake DESTDIR="${D}" install || die "emake install died"
-	dodoc ChangeLog TODO README
+	dodoc ChangeLog TODO README || die "installing docs failed"
 }
author	Wulf Krueger <philantrop@gentoo.org>	2007-11-04 20:58:58 +0000
committer	Wulf Krueger <philantrop@gentoo.org>	2007-11-04 20:58:58 +0000
commit	3f5f4cd7ecfbb019ff267e2e86a8de8b67a50df2 (patch)
tree	96847107ba79b2c4de898203bcedff7220919721 /net-news
parent	old (diff)
download	historical-3f5f4cd7ecfbb019ff267e2e86a8de8b67a50df2.tar.gz historical-3f5f4cd7ecfbb019ff267e2e86a8de8b67a50df2.tar.bz2 historical-3f5f4cd7ecfbb019ff267e2e86a8de8b67a50df2.zip