summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorWulf Krueger <philantrop@gentoo.org>2007-11-04 20:58:58 +0000
committerWulf Krueger <philantrop@gentoo.org>2007-11-04 20:58:58 +0000
commit590e3224104810dc2c0519bd57ce747ea5e58933 (patch)
treeefb4926207ff17c023df77bae3929ca7070e6c76 /net-news
parentold (diff)
downloadgentoo-2-590e3224104810dc2c0519bd57ce747ea5e58933.tar.gz
gentoo-2-590e3224104810dc2c0519bd57ce747ea5e58933.tar.bz2
gentoo-2-590e3224104810dc2c0519bd57ce747ea5e58933.zip
Added a patch to fix plain 0.2.2's code injection vulnerability. cf. bug 197660. Removed the vulnerable version.
(Portage version: 2.1.3.16)
Diffstat (limited to 'net-news')
-rw-r--r--net-news/yarssr/ChangeLog10
-rw-r--r--net-news/yarssr/files/digest-yarssr-0.2.2-r1 (renamed from net-news/yarssr/files/digest-yarssr-0.2.2)0
-rw-r--r--net-news/yarssr/files/yarssr-0.2.2-code_injection_197660.patch12
-rw-r--r--net-news/yarssr/metadata.xml5
-rw-r--r--net-news/yarssr/yarssr-0.2.2-r1.ebuild (renamed from net-news/yarssr/yarssr-0.2.2.ebuild)22
5 files changed, 35 insertions, 14 deletions
diff --git a/net-news/yarssr/ChangeLog b/net-news/yarssr/ChangeLog
index f66e92955fcd..7e4328353e3e 100644
--- a/net-news/yarssr/ChangeLog
+++ b/net-news/yarssr/ChangeLog
@@ -1,6 +1,14 @@
# ChangeLog for net-news/yarssr
# Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-news/yarssr/ChangeLog,v 1.3 2007/07/02 15:07:03 peper Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-news/yarssr/ChangeLog,v 1.4 2007/11/04 20:58:58 philantrop Exp $
+
+*yarssr-0.2.2-r1 (04 Nov 2007)
+
+ 04 Nov 2007; Wulf C. Krueger <philantrop@gentoo.org> metadata.xml,
+ +files/yarssr-0.2.2-code_injection_197660.patch, -yarssr-0.2.2.ebuild,
+ +yarssr-0.2.2-r1.ebuild:
+ Added a patch to fix plain 0.2.2's code injection vulnerability. cf. bug
+ 197660.
02 Jul 2007; Piotr Jaroszyński <peper@gentoo.org> yarssr-0.2.2.ebuild:
(QA) RESTRICT clean up.
diff --git a/net-news/yarssr/files/digest-yarssr-0.2.2 b/net-news/yarssr/files/digest-yarssr-0.2.2-r1
index 79d0ed3babeb..79d0ed3babeb 100644
--- a/net-news/yarssr/files/digest-yarssr-0.2.2
+++ b/net-news/yarssr/files/digest-yarssr-0.2.2-r1
diff --git a/net-news/yarssr/files/yarssr-0.2.2-code_injection_197660.patch b/net-news/yarssr/files/yarssr-0.2.2-code_injection_197660.patch
new file mode 100644
index 000000000000..4f5b11130f6f
--- /dev/null
+++ b/net-news/yarssr/files/yarssr-0.2.2-code_injection_197660.patch
@@ -0,0 +1,12 @@
+diff -urNad yarssr-0.2.2~/lib/Yarssr/GUI.pm yarssr-0.2.2/lib/Yarssr/GUI.pm
+--- yarssr-0.2.2~/lib/Yarssr/GUI.pm 2007-10-31 12:40:08.000000000 +0100
++++ yarssr-0.2.2/lib/Yarssr/GUI.pm 2007-10-31 12:42:17.958217449 +0100
+@@ -164,7 +164,7 @@
+ else {
+ my $b = Yarssr::Config->get_browser;
+ $b .= " \"$url\"" unless $b =~ s/\%s/"$url"/;
+- exec($b) or warn "unable to launch browser\n";
++ exec(split(' ',$b)) or warn "unable to launch browser\n";
+ exit;
+ }
+ }
diff --git a/net-news/yarssr/metadata.xml b/net-news/yarssr/metadata.xml
index 54494c4bb860..4d0ebe73a55f 100644
--- a/net-news/yarssr/metadata.xml
+++ b/net-news/yarssr/metadata.xml
@@ -1,8 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
-<herd>no-herd</herd>
-<maintainer>
-<email>maintainer-needed@gentoo.org</email>
-</maintainer>
+<herd>net-news</herd>
</pkgmetadata>
diff --git a/net-news/yarssr/yarssr-0.2.2.ebuild b/net-news/yarssr/yarssr-0.2.2-r1.ebuild
index 5d7262baeb73..1a4f881dd381 100644
--- a/net-news/yarssr/yarssr-0.2.2.ebuild
+++ b/net-news/yarssr/yarssr-0.2.2-r1.ebuild
@@ -1,6 +1,6 @@
# Copyright 1999-2007 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-news/yarssr/yarssr-0.2.2.ebuild,v 1.2 2007/07/02 15:07:03 peper Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-news/yarssr/yarssr-0.2.2-r1.ebuild,v 1.1 2007/11/04 20:58:58 philantrop Exp $
inherit eutils
@@ -8,16 +8,17 @@ DESCRIPTION="Yet Another RSS Reader - A KDE/Gnome system tray rss aggregator"
HOMEPAGE="http://yarssr.sourceforge.net/"
SRC_URI="mirror://sourceforge/${PN}/${P}.tar.bz2"
LICENSE="GPL-2"
-RESTRICT="mirror"
+
SLOT="0"
-KEYWORDS="~x86 ~amd64"
+KEYWORDS="~amd64 ~x86"
IUSE=""
+
RDEPEND="dev-perl/Locale-gettext
- dev-perl/XML-RSS
- dev-perl/gtk2-trayicon
- dev-perl/gtk2-gladexml
- dev-perl/gnome2-vfs-perl
- >=dev-perl/gnome2-perl-0.94"
+ dev-perl/XML-RSS
+ dev-perl/gtk2-trayicon
+ dev-perl/gtk2-gladexml
+ dev-perl/gnome2-vfs-perl
+ >=dev-perl/gnome2-perl-0.94"
DEPEND=""
src_unpack() {
@@ -25,9 +26,12 @@ src_unpack() {
cd "${S}"
epatch "${FILESDIR}/${P}-makefile.patch"
+
+ # Fixes plain 0.2.2's code injection vulnerability. cf. bug 197660.
+ epatch "${FILESDIR}/${P}-code_injection_197660.patch"
}
src_install() {
emake DESTDIR="${D}" install || die "emake install died"
- dodoc ChangeLog TODO README
+ dodoc ChangeLog TODO README || die "installing docs failed"
}