pool/uudeview
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/uudeview?expand=0&rev=2

Browse Source
This commit is contained in:
OBS User unknown 2008-05-23 00:09:15 +00:00 committed by Git OBS Bridge
parent 6f16cec98f
commit 0bec648f6d
3 changed files with 63 additions and 67 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
uudeview.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Tue May 20 15:53:07 CEST 2008 - max@suse.de
- Use exclusive flag when opening temporary files to make tempnam
and tmpnam safe (bnc#390106, CVE-2008-2266).
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Jan 25 21:42:29 CET 2006 - mls@suse.de Wed Jan 25 21:42:29 CET 2006 - mls@suse.de

62
uudeview.patch
View File

@ -11,15 +11,15 @@
UUSetOption (UUOPT_FAST, atoi (cval), NULL); UUSetOption (UUOPT_FAST, atoi (cval), NULL);
--- unix/uudeview.c --- unix/uudeview.c
+++ unix/uudeview.c +++ unix/uudeview.c
@@ -434,7 +434,7 @@ @@ -454,7 +454,7 @@
return 0; return 0;
} }
- if ((stdfile = tempnam (NULL, "uu")) == NULL) { - if ((target = fopen (stdfile, "wb")) == NULL) {
+ if ((stdfile = _FP_tempnam (NULL, "uu")) == NULL) { + if ((target = fopen (stdfile, "wbx")) == NULL) {
fprintf (stderr, "proc_stdin: cannot get temporary file\n"); fprintf (stderr, "proc_stdin: cannot open temp file %s for writing: %s\n",
return 0; stdfile, strerror (errno));
} _FP_free (stdfile);
--- uulib/fptools.c --- uulib/fptools.c
+++ uulib/fptools.c +++ uulib/fptools.c
@@ -83,7 +83,7 @@ @@ -83,7 +83,7 @@
@ -31,23 +31,6 @@
{ {
char *result; char *result;
@@ -507,5 +507,15 @@
char * TOOLEXPORT
_FP_tempnam (char *dir, char *pfx)
{
- return _FP_strdup (tmpnam (NULL));
+ int fd;
+ char fileName[100];
+
+ strncpy(fileName, pfx, 90);
+ strcat(fileName, "XXXXXX");
+ fd = mkstemp(fileName);
+ if (fd == -1)
+ return NULL;
+ close(fd);
+ unlink(fileName);
+ return _FP_strdup (fileName);
}
--- uulib/fptools.h --- uulib/fptools.h
+++ uulib/fptools.h +++ uulib/fptools.h
@@ -33,7 +33,7 @@ @@ -33,7 +33,7 @@
@ -72,7 +55,7 @@
void (*) (void *, void (*) (void *,
--- uulib/uulib.c --- uulib/uulib.c
+++ uulib/uulib.c +++ uulib/uulib.c
@@ -504,7 +504,7 @@ @@ -505,7 +505,7 @@
} }
int UUEXPORT int UUEXPORT
@ -83,21 +66,24 @@
case UUOPT_FAST: case UUOPT_FAST:
--- uulib/uunconc.c --- uulib/uunconc.c
+++ uulib/uunconc.c +++ uulib/uunconc.c
@@ -1264,7 +1264,7 @@ @@ -1325,9 +1325,9 @@
return UURET_NODATA;
if (data->uudet == PT_ENCODED)
- mode = "wt"; /* open text files in text mode */
+ mode = "wtx"; /* open text files in text mode */
else else
mode = "wb"; /* otherwise in binary */ - mode = "wb"; /* otherwise in binary */
+ mode = "wbx"; /* otherwise in binary */
- if ((data->binfile = tempnam (NULL, "uu")) == NULL) { if ((data->binfile = tempnam (NULL, "uu")) == NULL) {
+ if ((data->binfile = _FP_tempnam (NULL, "uu")) == NULL) {
UUMessage (uunconc_id, __LINE__, UUMSG_ERROR, UUMessage (uunconc_id, __LINE__, UUMSG_ERROR,
uustring (S_NO_TEMP_NAME)); @@ -1510,7 +1510,7 @@
return UURET_NOMEM; free (ntmp);
@@ -1426,7 +1426,7 @@ return UURET_IOERR;
*/ }
- if ((dataout = fopen (ntmp, "wb")) == NULL) {
if (data->uudet == BH_ENCODED && data->binfile) { + if ((dataout = fopen (ntmp, "wbx")) == NULL) {
- if ((ntmp = tempnam (NULL, "uu")) == NULL) {
+ if ((ntmp = _FP_tempnam (NULL, "uu")) == NULL) {
UUMessage (uunconc_id, __LINE__, UUMSG_ERROR, UUMessage (uunconc_id, __LINE__, UUMSG_ERROR,
uustring (S_NO_TEMP_NAME)); uustring (S_NOT_OPEN_TARGET),
progress.action = 0; ntmp, strerror (uu_errno = errno));

62
uudeview.spec
View File

@ -1,28 +1,29 @@
# #
# spec file for package uudeview (Version 0.5.20) # spec file for package uudeview (Version 0.5.20)
# #
# Copyright (c) 2004 SUSE LINUX AG, Nuernberg, Germany. # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine # This file and all modifications and additions to the pristine
# package are under the same license as the package itself. # package are under the same license as the package itself.
# #
# Please submit bugfixes or comments via http://www.suse.de/feedback/ # Please submit bugfixes or comments via http://bugs.opensuse.org/
# #
# norootforbuild # norootforbuild
Name: uudeview
BuildRequires: mininews postfix tk-devel xorg-x11-devel Name: uudeview
URL: http://www.fpx.de/fp/Software/UUDeview BuildRequires: mininews postfix tk-devel xorg-x11-devel
License: GPL Url: http://www.fpx.de/fp/Software/UUDeview
Group: Productivity/Networking/News/Utilities License: GPL v2 or later
Provides: sharutils:/usr/bin/uudeview Group: Productivity/Networking/News/Utilities
Autoreqprov: on Provides: sharutils:/usr/bin/uudeview
Version: 0.5.20 AutoReqProv: on
Release: 26 Version: 0.5.20
Summary: The Nice and Friendly Decoder Release: 193
Source: %{name}-%{version}.tar.bz2 Summary: The Nice and Friendly Decoder
Patch0: %{name}.patch Source: %{name}-%{version}.tar.bz2
BuildRoot: %{_tmppath}/%{name}-%{version}-build Patch0: %{name}.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description %description
The UUDeview package contains a very smart decoder and an encoder for The UUDeview package contains a very smart decoder and an encoder for
@ -74,35 +75,38 @@ test $RPM_BUILD_ROOT -ef / || rm -rf $RPM_BUILD_ROOT
%doc %{_mandir}/man1/uuenview.1.gz %doc %{_mandir}/man1/uuenview.1.gz
%doc %{_mandir}/man1/xdeview.1.gz %doc %{_mandir}/man1/xdeview.1.gz
%changelog -n uudeview %changelog
* Wed Jan 25 2006 - mls@suse.de * Tue May 20 2008 max@suse.de
- Use exclusive flag when opening temporary files to make tempnam
and tmpnam safe (bnc#390106, CVE-2008-2266).
* Wed Jan 25 2006 mls@suse.de
- converted neededforbuild to BuildRequires - converted neededforbuild to BuildRequires
* Thu Nov 11 2004 - ro@suse.de * Thu Nov 11 2004 ro@suse.de
- fixed file list - fixed file list
* Tue Oct 05 2004 - max@suse.de * Tue Oct 05 2004 max@suse.de
- Removed the part of the patch that changed uulib/uuscan.c because - Removed the part of the patch that changed uulib/uuscan.c because
it I couldn't find out what it was supposed to fix, and it caused it I couldn't find out what it was supposed to fix, and it caused
an endless loop when decoding certain files. [Bug #46777] an endless loop when decoding certain files. [Bug #46777]
* Fri Mar 26 2004 - ro@suse.de * Fri Mar 26 2004 ro@suse.de
- added postfix to neededforbuild - added postfix to neededforbuild
* Mon Mar 22 2004 - max@suse.de * Mon Mar 22 2004 max@suse.de
- Fixed a problem with insecure temp file handling (Bug #35996). - Fixed a problem with insecure temp file handling (Bug #35996).
- Added -DUSE_NON_CONST to CFLAGS to prevent warnings with Tcl 8.4. - Added -DUSE_NON_CONST to CFLAGS to prevent warnings with Tcl 8.4.
* Wed Mar 03 2004 - max@suse.de * Wed Mar 03 2004 max@suse.de
- New version: 0.5.20 - fixes a buffer overflow problem. - New version: 0.5.20 - fixes a buffer overflow problem.
* Sun Jan 11 2004 - adrian@suse.de * Sun Jan 11 2004 adrian@suse.de
- add %%defattr - add %%defattr
* Wed Jul 23 2003 - max@suse.de * Wed Jul 23 2003 max@suse.de
- Added tk-devel to neededforbuild. - Added tk-devel to neededforbuild.
* Thu Jun 12 2003 - kukuk@suse.de * Thu Jun 12 2003 kukuk@suse.de
- Fix filelist - Fix filelist
* Sun Oct 20 2002 - olh@suse.de * Sun Oct 20 2002 olh@suse.de
- provide libuu.a, for tin - provide libuu.a, for tin
* Tue Jul 02 2002 - max@suse.de * Tue Jul 02 2002 max@suse.de
- re-added mininews to neededforbuild - re-added mininews to neededforbuild
* Tue Jul 02 2002 - ro@suse.de * Tue Jul 02 2002 ro@suse.de
- added split provides - added split provides
* Tue Jul 02 2002 - max@suse.de * Tue Jul 02 2002 max@suse.de
- Split off from the sharutils package. - Split off from the sharutils package.
- New version: 0.5.18 . - New version: 0.5.18 .
- Now also supports yEnc encoding. - Now also supports yEnc encoding.