diff options
Diffstat (limited to 'net-news/yarssr/files')
3 files changed, 51 insertions, 0 deletions
diff --git a/net-news/yarssr/files/yarssr-0.2.2-code_injection_197660.patch b/net-news/yarssr/files/yarssr-0.2.2-code_injection_197660.patch new file mode 100644 index 000000000000..4f5b11130f6f --- /dev/null +++ b/net-news/yarssr/files/yarssr-0.2.2-code_injection_197660.patch @@ -0,0 +1,12 @@ +diff -urNad yarssr-0.2.2~/lib/Yarssr/GUI.pm yarssr-0.2.2/lib/Yarssr/GUI.pm +--- yarssr-0.2.2~/lib/Yarssr/GUI.pm 2007-10-31 12:40:08.000000000 +0100 ++++ yarssr-0.2.2/lib/Yarssr/GUI.pm 2007-10-31 12:42:17.958217449 +0100 +@@ -164,7 +164,7 @@ + else { + my $b = Yarssr::Config->get_browser; + $b .= " \"$url\"" unless $b =~ s/\%s/"$url"/; +- exec($b) or warn "unable to launch browser\n"; ++ exec(split(' ',$b)) or warn "unable to launch browser\n"; + exit; + } + } diff --git a/net-news/yarssr/files/yarssr-0.2.2-cve-2007-5837.patch b/net-news/yarssr/files/yarssr-0.2.2-cve-2007-5837.patch new file mode 100644 index 000000000000..a73289d98d66 --- /dev/null +++ b/net-news/yarssr/files/yarssr-0.2.2-cve-2007-5837.patch @@ -0,0 +1,23 @@ +Improved patch to fix CVE 2007-5837 - remote code injection. +See Gentoo bug #197660 and #378413. + +--- yarssr-0.2.2/lib/Yarssr/GUI.pm ++++ yarssr-0.2.2/lib/Yarssr/GUI.pm +@@ -163,8 +163,15 @@ + } + else { + my $b = Yarssr::Config->get_browser; +- $b .= " \"$url\"" unless $b =~ s/\%s/"$url"/; +- exec($b) or warn "unable to launch browser\n"; ++ my @b = split(' ', Yarssr::Config->get_browser); ++ if (grep(/\%s/, @b)) ++ { ++ map {grep(s/\%s/$url/, $_) => $_} @b; ++ } ++ else { ++ push(@b, $url); ++ } ++ exec(@b) or warn "unable to launch browser\n"; + exit; + } + } diff --git a/net-news/yarssr/files/yarssr-0.2.2-makefile.patch b/net-news/yarssr/files/yarssr-0.2.2-makefile.patch new file mode 100644 index 000000000000..70655550955e --- /dev/null +++ b/net-news/yarssr/files/yarssr-0.2.2-makefile.patch @@ -0,0 +1,16 @@ +--- Makefile.orig 2006-10-24 22:01:58.000000000 -0600 ++++ Makefile 2006-10-24 22:02:16.000000000 -0600 +@@ -1,4 +1,4 @@ +-PREFIX=/usr/local ++PREFIX=/usr + BINDIR=$(PREFIX)/bin + LIBDIR=$(PREFIX)/lib/yarssr + DATADIR=$(PREFIX)/share +@@ -27,7 +27,6 @@ + @echo Copying share files to $(DESTDIR)/$(DATADIR): + @cp -Rp share/* $(DESTDIR)/$(DATADIR)/ + +- find $(DESTDIR)/$(DATADIR) -type f -exec chmod 644 "{}" \; + find $(DESTDIR)/$(LIBDIR) -type f -exec chmod 644 "{}" \; + + install -m 0644 build/locale/en/$(LC_CATEGORY)/yarssr.mo $(DESTDIR)/$(LOCALEDIR)/en/$(LC_CATEGORY)/ |