This commit is contained in:
OBS User unknown
Git OBS Bridge
parent
6f16cec98f
commit
0bec648f6d
@ -1,3 +1,9 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue May 20 15:53:07 CEST 2008 - max@suse.de
|
||||
|
||||
- Use exclusive flag when opening temporary files to make tempnam
|
||||
and tmpnam safe (bnc#390106, CVE-2008-2266).
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 25 21:42:29 CET 2006 - mls@suse.de
|
||||
|
||||
|
||||
@ -11,15 +11,15 @@
|
||||
UUSetOption (UUOPT_FAST, atoi (cval), NULL);
|
||||
--- unix/uudeview.c
|
||||
+++ unix/uudeview.c
|
||||
@@ -434,7 +434,7 @@
|
||||
@@ -454,7 +454,7 @@
|
||||
return 0;
|
||||
}
|
||||
|
||||
- if ((stdfile = tempnam (NULL, "uu")) == NULL) {
|
||||
+ if ((stdfile = _FP_tempnam (NULL, "uu")) == NULL) {
|
||||
fprintf (stderr, "proc_stdin: cannot get temporary file\n");
|
||||
return 0;
|
||||
}
|
||||
- if ((target = fopen (stdfile, "wb")) == NULL) {
|
||||
+ if ((target = fopen (stdfile, "wbx")) == NULL) {
|
||||
fprintf (stderr, "proc_stdin: cannot open temp file %s for writing: %s\n",
|
||||
stdfile, strerror (errno));
|
||||
_FP_free (stdfile);
|
||||
--- uulib/fptools.c
|
||||
+++ uulib/fptools.c
|
||||
@@ -83,7 +83,7 @@
|
||||
@ -31,23 +31,6 @@
|
||||
{
|
||||
char *result;
|
||||
|
||||
@@ -507,5 +507,15 @@
|
||||
char * TOOLEXPORT
|
||||
_FP_tempnam (char *dir, char *pfx)
|
||||
{
|
||||
- return _FP_strdup (tmpnam (NULL));
|
||||
+ int fd;
|
||||
+ char fileName[100];
|
||||
+
|
||||
+ strncpy(fileName, pfx, 90);
|
||||
+ strcat(fileName, "XXXXXX");
|
||||
+ fd = mkstemp(fileName);
|
||||
+ if (fd == -1)
|
||||
+ return NULL;
|
||||
+ close(fd);
|
||||
+ unlink(fileName);
|
||||
+ return _FP_strdup (fileName);
|
||||
}
|
||||
--- uulib/fptools.h
|
||||
+++ uulib/fptools.h
|
||||
@@ -33,7 +33,7 @@
|
||||
@ -72,7 +55,7 @@
|
||||
void (*) (void *,
|
||||
--- uulib/uulib.c
|
||||
+++ uulib/uulib.c
|
||||
@@ -504,7 +504,7 @@
|
||||
@@ -505,7 +505,7 @@
|
||||
}
|
||||
|
||||
int UUEXPORT
|
||||
@ -83,21 +66,24 @@
|
||||
case UUOPT_FAST:
|
||||
--- uulib/uunconc.c
|
||||
+++ uulib/uunconc.c
|
||||
@@ -1264,7 +1264,7 @@
|
||||
@@ -1325,9 +1325,9 @@
|
||||
return UURET_NODATA;
|
||||
|
||||
if (data->uudet == PT_ENCODED)
|
||||
- mode = "wt"; /* open text files in text mode */
|
||||
+ mode = "wtx"; /* open text files in text mode */
|
||||
else
|
||||
mode = "wb"; /* otherwise in binary */
|
||||
- mode = "wb"; /* otherwise in binary */
|
||||
+ mode = "wbx"; /* otherwise in binary */
|
||||
|
||||
- if ((data->binfile = tempnam (NULL, "uu")) == NULL) {
|
||||
+ if ((data->binfile = _FP_tempnam (NULL, "uu")) == NULL) {
|
||||
if ((data->binfile = tempnam (NULL, "uu")) == NULL) {
|
||||
UUMessage (uunconc_id, __LINE__, UUMSG_ERROR,
|
||||
uustring (S_NO_TEMP_NAME));
|
||||
return UURET_NOMEM;
|
||||
@@ -1426,7 +1426,7 @@
|
||||
*/
|
||||
|
||||
if (data->uudet == BH_ENCODED && data->binfile) {
|
||||
- if ((ntmp = tempnam (NULL, "uu")) == NULL) {
|
||||
+ if ((ntmp = _FP_tempnam (NULL, "uu")) == NULL) {
|
||||
@@ -1510,7 +1510,7 @@
|
||||
free (ntmp);
|
||||
return UURET_IOERR;
|
||||
}
|
||||
- if ((dataout = fopen (ntmp, "wb")) == NULL) {
|
||||
+ if ((dataout = fopen (ntmp, "wbx")) == NULL) {
|
||||
UUMessage (uunconc_id, __LINE__, UUMSG_ERROR,
|
||||
uustring (S_NO_TEMP_NAME));
|
||||
progress.action = 0;
|
||||
uustring (S_NOT_OPEN_TARGET),
|
||||
ntmp, strerror (uu_errno = errno));
|
||||
|
||||
@ -1,28 +1,29 @@
|
||||
#
|
||||
# spec file for package uudeview (Version 0.5.20)
|
||||
#
|
||||
# Copyright (c) 2004 SUSE LINUX AG, Nuernberg, Germany.
|
||||
# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||
# This file and all modifications and additions to the pristine
|
||||
# package are under the same license as the package itself.
|
||||
#
|
||||
# Please submit bugfixes or comments via http://www.suse.de/feedback/
|
||||
# Please submit bugfixes or comments via http://bugs.opensuse.org/
|
||||
#
|
||||
|
||||
# norootforbuild
|
||||
|
||||
Name: uudeview
|
||||
BuildRequires: mininews postfix tk-devel xorg-x11-devel
|
||||
URL: http://www.fpx.de/fp/Software/UUDeview
|
||||
License: GPL
|
||||
Group: Productivity/Networking/News/Utilities
|
||||
Provides: sharutils:/usr/bin/uudeview
|
||||
Autoreqprov: on
|
||||
Version: 0.5.20
|
||||
Release: 26
|
||||
Summary: The Nice and Friendly Decoder
|
||||
Source: %{name}-%{version}.tar.bz2
|
||||
Patch0: %{name}.patch
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
|
||||
Name: uudeview
|
||||
BuildRequires: mininews postfix tk-devel xorg-x11-devel
|
||||
Url: http://www.fpx.de/fp/Software/UUDeview
|
||||
License: GPL v2 or later
|
||||
Group: Productivity/Networking/News/Utilities
|
||||
Provides: sharutils:/usr/bin/uudeview
|
||||
AutoReqProv: on
|
||||
Version: 0.5.20
|
||||
Release: 193
|
||||
Summary: The Nice and Friendly Decoder
|
||||
Source: %{name}-%{version}.tar.bz2
|
||||
Patch0: %{name}.patch
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
|
||||
%description
|
||||
The UUDeview package contains a very smart decoder and an encoder for
|
||||
@ -74,35 +75,38 @@ test $RPM_BUILD_ROOT -ef / || rm -rf $RPM_BUILD_ROOT
|
||||
%doc %{_mandir}/man1/uuenview.1.gz
|
||||
%doc %{_mandir}/man1/xdeview.1.gz
|
||||
|
||||
%changelog -n uudeview
|
||||
* Wed Jan 25 2006 - mls@suse.de
|
||||
%changelog
|
||||
* Tue May 20 2008 max@suse.de
|
||||
- Use exclusive flag when opening temporary files to make tempnam
|
||||
and tmpnam safe (bnc#390106, CVE-2008-2266).
|
||||
* Wed Jan 25 2006 mls@suse.de
|
||||
- converted neededforbuild to BuildRequires
|
||||
* Thu Nov 11 2004 - ro@suse.de
|
||||
* Thu Nov 11 2004 ro@suse.de
|
||||
- fixed file list
|
||||
* Tue Oct 05 2004 - max@suse.de
|
||||
* Tue Oct 05 2004 max@suse.de
|
||||
- Removed the part of the patch that changed uulib/uuscan.c because
|
||||
it I couldn't find out what it was supposed to fix, and it caused
|
||||
an endless loop when decoding certain files. [Bug #46777]
|
||||
* Fri Mar 26 2004 - ro@suse.de
|
||||
* Fri Mar 26 2004 ro@suse.de
|
||||
- added postfix to neededforbuild
|
||||
* Mon Mar 22 2004 - max@suse.de
|
||||
* Mon Mar 22 2004 max@suse.de
|
||||
- Fixed a problem with insecure temp file handling (Bug #35996).
|
||||
- Added -DUSE_NON_CONST to CFLAGS to prevent warnings with Tcl 8.4.
|
||||
* Wed Mar 03 2004 - max@suse.de
|
||||
* Wed Mar 03 2004 max@suse.de
|
||||
- New version: 0.5.20 - fixes a buffer overflow problem.
|
||||
* Sun Jan 11 2004 - adrian@suse.de
|
||||
* Sun Jan 11 2004 adrian@suse.de
|
||||
- add %%defattr
|
||||
* Wed Jul 23 2003 - max@suse.de
|
||||
* Wed Jul 23 2003 max@suse.de
|
||||
- Added tk-devel to neededforbuild.
|
||||
* Thu Jun 12 2003 - kukuk@suse.de
|
||||
* Thu Jun 12 2003 kukuk@suse.de
|
||||
- Fix filelist
|
||||
* Sun Oct 20 2002 - olh@suse.de
|
||||
* Sun Oct 20 2002 olh@suse.de
|
||||
- provide libuu.a, for tin
|
||||
* Tue Jul 02 2002 - max@suse.de
|
||||
* Tue Jul 02 2002 max@suse.de
|
||||
- re-added mininews to neededforbuild
|
||||
* Tue Jul 02 2002 - ro@suse.de
|
||||
* Tue Jul 02 2002 ro@suse.de
|
||||
- added split provides
|
||||
* Tue Jul 02 2002 - max@suse.de
|
||||
* Tue Jul 02 2002 max@suse.de
|
||||
- Split off from the sharutils package.
|
||||
- New version: 0.5.18 .
|
||||
- Now also supports yEnc encoding.
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user