diff options
author | Wulf Krueger <philantrop@gentoo.org> | 2007-11-04 20:58:58 +0000 |
---|---|---|
committer | Wulf Krueger <philantrop@gentoo.org> | 2007-11-04 20:58:58 +0000 |
commit | 590e3224104810dc2c0519bd57ce747ea5e58933 (patch) | |
tree | efb4926207ff17c023df77bae3929ca7070e6c76 /net-news | |
parent | old (diff) | |
download | gentoo-2-590e3224104810dc2c0519bd57ce747ea5e58933.tar.gz gentoo-2-590e3224104810dc2c0519bd57ce747ea5e58933.tar.bz2 gentoo-2-590e3224104810dc2c0519bd57ce747ea5e58933.zip |
Added a patch to fix plain 0.2.2's code injection vulnerability. cf. bug 197660. Removed the vulnerable version.
(Portage version: 2.1.3.16)
Diffstat (limited to 'net-news')
-rw-r--r-- | net-news/yarssr/ChangeLog | 10 | ||||
-rw-r--r-- | net-news/yarssr/files/digest-yarssr-0.2.2-r1 (renamed from net-news/yarssr/files/digest-yarssr-0.2.2) | 0 | ||||
-rw-r--r-- | net-news/yarssr/files/yarssr-0.2.2-code_injection_197660.patch | 12 | ||||
-rw-r--r-- | net-news/yarssr/metadata.xml | 5 | ||||
-rw-r--r-- | net-news/yarssr/yarssr-0.2.2-r1.ebuild (renamed from net-news/yarssr/yarssr-0.2.2.ebuild) | 22 |
5 files changed, 35 insertions, 14 deletions
diff --git a/net-news/yarssr/ChangeLog b/net-news/yarssr/ChangeLog index f66e92955fcd..7e4328353e3e 100644 --- a/net-news/yarssr/ChangeLog +++ b/net-news/yarssr/ChangeLog @@ -1,6 +1,14 @@ # ChangeLog for net-news/yarssr # Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-news/yarssr/ChangeLog,v 1.3 2007/07/02 15:07:03 peper Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-news/yarssr/ChangeLog,v 1.4 2007/11/04 20:58:58 philantrop Exp $ + +*yarssr-0.2.2-r1 (04 Nov 2007) + + 04 Nov 2007; Wulf C. Krueger <philantrop@gentoo.org> metadata.xml, + +files/yarssr-0.2.2-code_injection_197660.patch, -yarssr-0.2.2.ebuild, + +yarssr-0.2.2-r1.ebuild: + Added a patch to fix plain 0.2.2's code injection vulnerability. cf. bug + 197660. 02 Jul 2007; Piotr Jaroszyński <peper@gentoo.org> yarssr-0.2.2.ebuild: (QA) RESTRICT clean up. diff --git a/net-news/yarssr/files/digest-yarssr-0.2.2 b/net-news/yarssr/files/digest-yarssr-0.2.2-r1 index 79d0ed3babeb..79d0ed3babeb 100644 --- a/net-news/yarssr/files/digest-yarssr-0.2.2 +++ b/net-news/yarssr/files/digest-yarssr-0.2.2-r1 diff --git a/net-news/yarssr/files/yarssr-0.2.2-code_injection_197660.patch b/net-news/yarssr/files/yarssr-0.2.2-code_injection_197660.patch new file mode 100644 index 000000000000..4f5b11130f6f --- /dev/null +++ b/net-news/yarssr/files/yarssr-0.2.2-code_injection_197660.patch @@ -0,0 +1,12 @@ +diff -urNad yarssr-0.2.2~/lib/Yarssr/GUI.pm yarssr-0.2.2/lib/Yarssr/GUI.pm +--- yarssr-0.2.2~/lib/Yarssr/GUI.pm 2007-10-31 12:40:08.000000000 +0100 ++++ yarssr-0.2.2/lib/Yarssr/GUI.pm 2007-10-31 12:42:17.958217449 +0100 +@@ -164,7 +164,7 @@ + else { + my $b = Yarssr::Config->get_browser; + $b .= " \"$url\"" unless $b =~ s/\%s/"$url"/; +- exec($b) or warn "unable to launch browser\n"; ++ exec(split(' ',$b)) or warn "unable to launch browser\n"; + exit; + } + } diff --git a/net-news/yarssr/metadata.xml b/net-news/yarssr/metadata.xml index 54494c4bb860..4d0ebe73a55f 100644 --- a/net-news/yarssr/metadata.xml +++ b/net-news/yarssr/metadata.xml @@ -1,8 +1,5 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> <pkgmetadata> -<herd>no-herd</herd> -<maintainer> -<email>maintainer-needed@gentoo.org</email> -</maintainer> +<herd>net-news</herd> </pkgmetadata> diff --git a/net-news/yarssr/yarssr-0.2.2.ebuild b/net-news/yarssr/yarssr-0.2.2-r1.ebuild index 5d7262baeb73..1a4f881dd381 100644 --- a/net-news/yarssr/yarssr-0.2.2.ebuild +++ b/net-news/yarssr/yarssr-0.2.2-r1.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2007 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-news/yarssr/yarssr-0.2.2.ebuild,v 1.2 2007/07/02 15:07:03 peper Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-news/yarssr/yarssr-0.2.2-r1.ebuild,v 1.1 2007/11/04 20:58:58 philantrop Exp $ inherit eutils @@ -8,16 +8,17 @@ DESCRIPTION="Yet Another RSS Reader - A KDE/Gnome system tray rss aggregator" HOMEPAGE="http://yarssr.sourceforge.net/" SRC_URI="mirror://sourceforge/${PN}/${P}.tar.bz2" LICENSE="GPL-2" -RESTRICT="mirror" + SLOT="0" -KEYWORDS="~x86 ~amd64" +KEYWORDS="~amd64 ~x86" IUSE="" + RDEPEND="dev-perl/Locale-gettext - dev-perl/XML-RSS - dev-perl/gtk2-trayicon - dev-perl/gtk2-gladexml - dev-perl/gnome2-vfs-perl - >=dev-perl/gnome2-perl-0.94" + dev-perl/XML-RSS + dev-perl/gtk2-trayicon + dev-perl/gtk2-gladexml + dev-perl/gnome2-vfs-perl + >=dev-perl/gnome2-perl-0.94" DEPEND="" src_unpack() { @@ -25,9 +26,12 @@ src_unpack() { cd "${S}" epatch "${FILESDIR}/${P}-makefile.patch" + + # Fixes plain 0.2.2's code injection vulnerability. cf. bug 197660. + epatch "${FILESDIR}/${P}-code_injection_197660.patch" } src_install() { emake DESTDIR="${D}" install || die "emake install died" - dodoc ChangeLog TODO README + dodoc ChangeLog TODO README || die "installing docs failed" } |