summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTim Harder <radhermit@gentoo.org>2017-08-24 05:20:00 -0400
committerTim Harder <radhermit@gentoo.org>2017-08-24 05:22:10 -0400
commitae6b8912bae084921b36d6176bbc0181f08441a3 (patch)
tree76b4fbef5aad0934d191767b7e68d6df9be08193 /net-news
parentapp-text/t1utils: bump eapi, fix missing docs, bug #628712 (diff)
downloadgentoo-ae6b8912bae084921b36d6176bbc0181f08441a3.tar.gz
gentoo-ae6b8912bae084921b36d6176bbc0181f08441a3.tar.bz2
gentoo-ae6b8912bae084921b36d6176bbc0181f08441a3.zip
net-news/newsbeuter: apply security fix for bug #628796
Diffstat (limited to 'net-news')
-rw-r--r--net-news/newsbeuter/files/newsbeuter-2.9-security-fix.patch20
-rw-r--r--net-news/newsbeuter/newsbeuter-2.9-r3.ebuild76
2 files changed, 96 insertions, 0 deletions
diff --git a/net-news/newsbeuter/files/newsbeuter-2.9-security-fix.patch b/net-news/newsbeuter/files/newsbeuter-2.9-security-fix.patch
new file mode 100644
index 000000000000..5e7b39a5f20f
--- /dev/null
+++ b/net-news/newsbeuter/files/newsbeuter-2.9-security-fix.patch
@@ -0,0 +1,20 @@
+Newsbeuter didn't properly shell-escape the arguments passed to bookmarking
+command, which allows a remote attacker to perform remote code execution by
+crafting an RSS item whose title and/or URL contain something interpretable by
+the shell (most notably subshell invocations.)
+
+--- a/src/controller.cpp
++++ b/src/controller.cpp
+@@ -1275,9 +1275,10 @@ std::string controller::bookmark(const std::string& url, const std::string& titl
+ std::string bookmark_cmd = cfg.get_configvalue("bookmark-cmd");
+ bool is_interactive = cfg.get_configvalue_as_bool("bookmark-interactive");
+ if (bookmark_cmd.length() > 0) {
+- std::string cmdline = utils::strprintf("%s '%s' %s %s",
++ std::string cmdline = utils::strprintf("%s '%s' '%s' '%s'",
+ bookmark_cmd.c_str(), utils::replace_all(url,"'", "%27").c_str(),
+- stfl::quote(title).c_str(), stfl::quote(description).c_str());
++ utils::replace_all(title,"'", "%27").c_str(),
++ utils::replace_all(description,"'", "%27").c_str());
+
+ LOG(LOG_DEBUG, "controller::bookmark: cmd = %s", cmdline.c_str());
+
diff --git a/net-news/newsbeuter/newsbeuter-2.9-r3.ebuild b/net-news/newsbeuter/newsbeuter-2.9-r3.ebuild
new file mode 100644
index 000000000000..1145dfbfbfc5
--- /dev/null
+++ b/net-news/newsbeuter/newsbeuter-2.9-r3.ebuild
@@ -0,0 +1,76 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+if [[ ${PV} == 9999 ]]; then
+ inherit git-r3
+ EGIT_REPO_URI="https://github.com/akrennmair/newsbeuter.git"
+else
+ KEYWORDS="~amd64 ~ppc ~x86"
+ SRC_URI="http://www.newsbeuter.org/downloads/${P}.tar.gz"
+fi
+
+inherit toolchain-funcs
+
+DESCRIPTION="A RSS/Atom feed reader for the text console"
+HOMEPAGE="http://www.newsbeuter.org/index.html"
+
+LICENSE="MIT"
+SLOT="0"
+IUSE="test"
+
+RDEPEND="
+ >=dev-db/sqlite-3.5:3
+ >=dev-libs/stfl-0.21
+ >=net-misc/curl-7.18.0
+ >=dev-libs/json-c-0.11:=
+ dev-libs/libxml2
+ sys-libs/ncurses:0=[unicode]
+"
+DEPEND="${RDEPEND}
+ dev-lang/perl
+ virtual/pkgconfig
+ sys-devel/gettext
+ test? (
+ dev-libs/boost
+ sys-devel/bc
+ )
+"
+[[ ${PV} == 9999 ]] && DEPEND+=" app-text/asciidoc"
+
+# tests require network access
+RESTRICT="test"
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-2.9-ncurses6.patch
+ "${FILESDIR}"/${PN}-2.9-fix-mem-leak.patch
+ "${FILESDIR}"/${PN}-2.9-fix-segfault.patch
+ "${FILESDIR}"/${PN}-2.9-security-fix.patch
+)
+
+src_prepare() {
+ default
+ sed -i 's:-ggdb::' Makefile || die
+}
+
+src_configure() {
+ ./config.sh || die
+}
+
+src_compile() {
+ emake prefix="/usr" CXX="$(tc-getCXX)" AR="$(tc-getAR)" RANLIB="$(tc-getRANLIB)"
+ [[ ${PV} == 9999 ]] && emake doc
+}
+
+src_test() {
+ emake test
+ # Tests fail if in ${S} rather than in ${S}/test
+ cd "${S}"/test || die
+ ./test || die
+}
+
+src_install() {
+ emake DESTDIR="${D}" prefix="/usr" docdir="/usr/share/doc/${PF}" install
+ dodoc AUTHORS README CHANGES
+}