Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/net-news/yarssr/files
diff options
context:
space:
mode:
Diffstat (limited to 'net-news/yarssr/files')
-rw-r--r--net-news/yarssr/files/yarssr-0.2.2-code_injection_197660.patch12
-rw-r--r--net-news/yarssr/files/yarssr-0.2.2-cve-2007-5837.patch23
-rw-r--r--net-news/yarssr/files/yarssr-0.2.2-makefile.patch16
3 files changed, 51 insertions, 0 deletions
diff --git a/net-news/yarssr/files/yarssr-0.2.2-code_injection_197660.patch b/net-news/yarssr/files/yarssr-0.2.2-code_injection_197660.patch
new file mode 100644
index 000000000000..4f5b11130f6f
--- /dev/null
+++ b/net-news/yarssr/files/yarssr-0.2.2-code_injection_197660.patch
@@ -0,0 +1,12 @@
+diff -urNad yarssr-0.2.2~/lib/Yarssr/GUI.pm yarssr-0.2.2/lib/Yarssr/GUI.pm
+--- yarssr-0.2.2~/lib/Yarssr/GUI.pm 2007-10-31 12:40:08.000000000 +0100
++++ yarssr-0.2.2/lib/Yarssr/GUI.pm 2007-10-31 12:42:17.958217449 +0100
+@@ -164,7 +164,7 @@
+ else {
+ my $b = Yarssr::Config->get_browser;
+ $b .= " \"$url\"" unless $b =~ s/\%s/"$url"/;
+- exec($b) or warn "unable to launch browser\n";
++ exec(split(' ',$b)) or warn "unable to launch browser\n";
+ exit;
+ }
+ }
diff --git a/net-news/yarssr/files/yarssr-0.2.2-cve-2007-5837.patch b/net-news/yarssr/files/yarssr-0.2.2-cve-2007-5837.patch
new file mode 100644
index 000000000000..a73289d98d66
--- /dev/null
+++ b/net-news/yarssr/files/yarssr-0.2.2-cve-2007-5837.patch
@@ -0,0 +1,23 @@
+Improved patch to fix CVE 2007-5837 - remote code injection.
+See Gentoo bug #197660 and #378413.
+
+--- yarssr-0.2.2/lib/Yarssr/GUI.pm
++++ yarssr-0.2.2/lib/Yarssr/GUI.pm
+@@ -163,8 +163,15 @@
+ }
+ else {
+ my $b = Yarssr::Config->get_browser;
+- $b .= " \"$url\"" unless $b =~ s/\%s/"$url"/;
+- exec($b) or warn "unable to launch browser\n";
++ my @b = split(' ', Yarssr::Config->get_browser);
++ if (grep(/\%s/, @b))
++ {
++ map {grep(s/\%s/$url/, $_) => $_} @b;
++ }
++ else {
++ push(@b, $url);
++ }
++ exec(@b) or warn "unable to launch browser\n";
+ exit;
+ }
+ }
diff --git a/net-news/yarssr/files/yarssr-0.2.2-makefile.patch b/net-news/yarssr/files/yarssr-0.2.2-makefile.patch
new file mode 100644
index 000000000000..70655550955e
--- /dev/null
+++ b/net-news/yarssr/files/yarssr-0.2.2-makefile.patch
@@ -0,0 +1,16 @@
+--- Makefile.orig 2006-10-24 22:01:58.000000000 -0600
++++ Makefile 2006-10-24 22:02:16.000000000 -0600
+@@ -1,4 +1,4 @@
+-PREFIX=/usr/local
++PREFIX=/usr
+ BINDIR=$(PREFIX)/bin
+ LIBDIR=$(PREFIX)/lib/yarssr
+ DATADIR=$(PREFIX)/share
+@@ -27,7 +27,6 @@
+ @echo Copying share files to $(DESTDIR)/$(DATADIR):
+ @cp -Rp share/* $(DESTDIR)/$(DATADIR)/
+
+- find $(DESTDIR)/$(DATADIR) -type f -exec chmod 644 "{}" \;
+ find $(DESTDIR)/$(LIBDIR) -type f -exec chmod 644 "{}" \;
+
+ install -m 0644 build/locale/en/$(LC_CATEGORY)/yarssr.mo $(DESTDIR)/$(LOCALEDIR)/en/$(LC_CATEGORY)/