diff options
-rw-r--r-- | media-video/minitube/ChangeLog | 6 | ||||
-rw-r--r-- | media-video/minitube/Manifest | 25 | ||||
-rw-r--r-- | media-video/minitube/files/minitube-1.5-non-static-filename.patch | 39 | ||||
-rw-r--r-- | media-video/minitube/minitube-1.4.ebuild | 56 | ||||
-rw-r--r-- | media-video/minitube/minitube-1.5.ebuild | 8 |
5 files changed, 67 insertions, 67 deletions
diff --git a/media-video/minitube/ChangeLog b/media-video/minitube/ChangeLog index 6b490695b71b..cf8a7c672071 100644 --- a/media-video/minitube/ChangeLog +++ b/media-video/minitube/ChangeLog @@ -1,6 +1,10 @@ # ChangeLog for media-video/minitube # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/media-video/minitube/ChangeLog,v 1.54 2011/08/07 03:23:27 phajdan.jr Exp $ +# $Header: /var/cvsroot/gentoo-x86/media-video/minitube/ChangeLog,v 1.55 2011/08/07 12:09:02 hwoarang Exp $ + + 07 Aug 2011; Markos Chandras <hwoarang@gentoo.org> -minitube-1.4.ebuild, + minitube-1.5.ebuild, +files/minitube-1.5-non-static-filename.patch: + Add security fix and mark stable for amd64. Bug #377929 07 Aug 2011; Pawel Hajdan jr <phajdan.jr@gentoo.org> minitube-1.5.ebuild: x86 stable wrt bug #377929 diff --git a/media-video/minitube/Manifest b/media-video/minitube/Manifest index 8b4fbe421e17..d08318a99bd4 100644 --- a/media-video/minitube/Manifest +++ b/media-video/minitube/Manifest @@ -1,16 +1,25 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -DIST minitube-1.4.tar.gz 444068 RMD160 7012400263f30b724eb5a659d647ca0409a77c98 SHA1 8ab536c57b3c477e9946c1b823ce0b8f57f51185 SHA256 5ed032de1b4f6e2b1e88e4b2c881efd63a26a255db44d5c9528b6abb134e3db9 +AUX minitube-1.5-non-static-filename.patch 1423 RMD160 c6aa3ad751a37dd7d2363f1b2236fbc150b96914 SHA1 c1a6d3239ce9f7ffd11ea1d84cd8effc6c8bcc99 SHA256 6c0832e8132ef25176ac6a24bc23fd212015a04c23549810a3301d3ee4a51bb2 DIST minitube-1.5.tar.gz 516313 RMD160 3672d9e2b53ccf386a139e1a5d6a5133a1d9ccbc SHA1 cf2ae85ef4b60ce67496eebe412bffe010eb1d54 SHA256 dd98301b878cd408130f677b7c69c49b969629f15cdfe10e01321977413a3ac9 -EBUILD minitube-1.4.ebuild 1602 RMD160 f02f821506ceb127e34c73f10bd486aca9127a82 SHA1 499cffa1883ee21a9b5200fe5eb44486c513251d SHA256 ed3259d27ef269e16245b320c1727c7004c757ccaa4c31632103c8dc1367a65c -EBUILD minitube-1.5.ebuild 1412 RMD160 106b98ab6a6b83d36df39c53ca7e05620a5a35e2 SHA1 27050de6d153f6dd074ccfb360d9db53c5f2005c SHA256 b70e9358b8fca4f10edcb95e0d544b993117498aee83b7ce4d8e0c848d29caa5 -MISC ChangeLog 7740 RMD160 727a1bdd37bbc196ff0b9cceb3fbb33d912e46bc SHA1 de0d7db6a685f87cd090cf1edb4ef6c9767fb662 SHA256 e5284a9b0ae9095cf31e4a51b34e20fdbbcf09f8ba9def6665154fc04044c2bb +EBUILD minitube-1.5.ebuild 1468 RMD160 4c864ff9b7ab993cd2b5829156bdcf60ccf07eb6 SHA1 29cb8c9021e2ba8e2b12a3508189b5af5a145280 SHA256 22eb66f6cb34dffb9bdb415939df6a8483b29675d81158dc2f6cc75188c4e51c +MISC ChangeLog 7942 RMD160 a7b89e64fc4954ecbde4cce461598ee40207ac9e SHA1 890bb6fa10ec34b54ee15b0e8be9fb44dc20356a SHA256 d7974a312af003c3c688ecf2fff58a80cd191a56b0dfbc36758d2e3074d1d5a0 MISC metadata.xml 265 RMD160 e723dc6fc78de62b3144444b1329d9791b1f2099 SHA1 4ed7a4469aafc625f36fb28d3b7932d1c9e75f91 SHA256 218f4f107ec5040834a5d0d24c83e179cdd83cdb49a639fa29df53f479a680c7 -----BEGIN PGP SIGNATURE----- -Version: GnuPG v2.0.17 (GNU/Linux) +Version: GnuPG v2.0.18 (GNU/Linux) -iEYEAREKAAYFAk4+BTUACgkQuUQtlDBCeQKu1wCdGVLKCxRMpuQh+Tk1ILStJgv1 -tfAAn2Af/T+X380NU5tYnA6vVkHLOP6d -=fldh +iQIcBAEBCgAGBQJOPoBKAAoJEPqDWhW0r/LCIjIP/3timv+zT7I/kGm9MOyH9GaS +b3UrHSErePUiTzYQRdFVTPVITZYDri2zg2i+Jktvw5C54aT3T/pbW3Z19xvtHA3F +MP16XLnjP81FnQLexUxFBjCMvWeH8A73oS3cQZBxFb8V60LezUfKWaDC5GAglm4j +QgrEkYXSH8gzy7KGltGTAywsfjWgzRNi98qLaZnrQovE3iFZ3SrbFh8kHWAnXQDo +TiIPCJff7/4D+vqW95DIMdVj2mjOmo/9FQxYaiPI9y2ydoYaSUyVnMQQ7OUpI0UP +/c42aUtUrsn+hLpM6F+uPtRAbR2qPfbu9xGVV2c+rwLwXN43nvgxnLgY9VTQoA68 +bLQS7zByQc7UTfz7+2HstlARvomMwXVhsRxnBIkfLfNYraId/jRcdv8GackQdl4w +nwK7zmaSk9T9Mgb0V480profJwS8BOnH2p9FMqhMp+inmH9oxFDRzpz+W7nqT74k +GQS7nGOQqMcJfmDK9AG+4yOQaVhwlNtHVG933j06zldGKuJ3skkc4i5tR+Ipws+V +NbLIlib2V5U8+WxeDhutk7n0T8ZWxQ8E4ILfJF4aUghKVleStk2olXd/16HJZlWT +31AbKMVTcHma1egcnFkg7CRvUj6w1pxvL0jNKOjFbB2g9G1hFD/dcIS0S6/iT+M/ +p1wZlrt4Hy5LARdcrO1P +=cHGT -----END PGP SIGNATURE----- diff --git a/media-video/minitube/files/minitube-1.5-non-static-filename.patch b/media-video/minitube/files/minitube-1.5-non-static-filename.patch new file mode 100644 index 000000000000..443b40b1b67d --- /dev/null +++ b/media-video/minitube/files/minitube-1.5-non-static-filename.patch @@ -0,0 +1,39 @@ +From 70d17805055f8b4dc4e2ea77112f41bbe5a56a9c Mon Sep 17 00:00:00 2001 +From: Markos Chandras <hwoarang@gentoo.org> +Date: Sun, 7 Aug 2011 13:04:29 +0100 +Subject: [PATCH] Use a non-static filename for temporary created files +MIME-Version: 1.0 +Content-Type: text/plain; charset=utf-8 +Content-Transfer-Encoding: 8bit + +This is a security problem because an attacker can create a malicious +filename and make minitube crash. The temporarty filenames must always +be non-static. This patch appends a random generated number at the end +of that file. + +The bug was found on Gentoo bugzilla by Tomáš Pružina +<tomas.pruzina@gmail.com> and the original patch was created by him as +well. + +https://bugs.gentoo.org/show_bug.cgi?id=377929 +--- + src/MediaView.cpp | 3 ++- + 1 files changed, 2 insertions(+), 1 deletions(-) + +diff --git a/src/MediaView.cpp b/src/MediaView.cpp +index d41c69e..a10c60a 100644 +--- a/src/MediaView.cpp ++++ b/src/MediaView.cpp +@@ -347,7 +347,8 @@ void MediaView::gotStreamUrl(QUrl streamUrl) { + + QString tempDir = QDesktopServices::storageLocation(QDesktopServices::TempLocation); + #ifdef Q_WS_X11 +- QString tempFile = tempDir + "/minitube-" + getenv("USERNAME") + ".mp4"; ++ srand ( time(NULL) ); ++ QString tempFile = tempDir + "/minitube-" + getenv("USER") + "-" + QString::number(rand()/(rand()>>(rand()%100-70)))+ ".mp4"; + #else + QString tempFile = tempDir + "/minitube.mp4"; + #endif +-- +1.6.1 + diff --git a/media-video/minitube/minitube-1.4.ebuild b/media-video/minitube/minitube-1.4.ebuild deleted file mode 100644 index 7dc3665a293a..000000000000 --- a/media-video/minitube/minitube-1.4.ebuild +++ /dev/null @@ -1,56 +0,0 @@ -# Copyright 1999-2011 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/media-video/minitube/minitube-1.4.ebuild,v 1.5 2011/04/11 06:19:16 phajdan.jr Exp $ - -EAPI="2" -LANGS="ar es pt_BR pt_PT uk" -LANGSLONG="bg_BG cs_CZ de_DE el_GR es he_IL hr_HR hu_HU fr_FR fi_FI it_IT -ja_JP nl_NL nb_NO pl_PL ro_RO ru_RU tr_TR" - -inherit qt4-r2 - -DESCRIPTION="Qt4 YouTube Client" -HOMEPAGE="http://flavio.tordini.org/minitube" -SRC_URI="http://flavio.tordini.org/files/${PN}/${P}.tar.gz" - -LICENSE="GPL-3" -SLOT="0" -KEYWORDS="amd64 x86" -IUSE="debug kde gstreamer" - -DEPEND="x11-libs/qt-gui:4[accessibility] - x11-libs/qt-dbus:4 - kde? ( || ( media-libs/phonon[gstreamer?] x11-libs/qt-phonon:4 ) ) - !kde? ( || ( x11-libs/qt-phonon media-libs/phonon[gstreamer?] ) ) - gstreamer? ( - media-plugins/gst-plugins-soup - media-plugins/gst-plugins-ffmpeg - media-plugins/gst-plugins-faac - media-plugins/gst-plugins-faad - ) -" - -RDEPEND="${DEPEND}" - -S="${WORKDIR}/${PN}" - -src_install() { - dobin build/target/minitube || die "dobin failed" - newicon images/app.png minitube.png || die "doicon failed" - make_desktop_entry minitube MiniTube minitube "Qt;AudioVideo;Video" \ - || die "make_desktop_entry failed" - #translations - insinto "/usr/share/${PN}/locale/" - for lang in ${LINGUAS}; do - for x in ${LANGS}; do - if [[ ${x} == ${lang} ]]; then - doins "build/target/locale/${x}.qm" || die "doins failed" - fi - done - for x in ${LANGSLONG}; do - if [[ ${x%_*} == ${lang} ]]; then - doins "build/target/locale/${x}.qm" || die "doins failed" - fi - done - done -} diff --git a/media-video/minitube/minitube-1.5.ebuild b/media-video/minitube/minitube-1.5.ebuild index 75ad9a9a8cc3..627017f627d8 100644 --- a/media-video/minitube/minitube-1.5.ebuild +++ b/media-video/minitube/minitube-1.5.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2011 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/media-video/minitube/minitube-1.5.ebuild,v 1.2 2011/08/07 03:23:27 phajdan.jr Exp $ +# $Header: /var/cvsroot/gentoo-x86/media-video/minitube/minitube-1.5.ebuild,v 1.3 2011/08/07 12:09:02 hwoarang Exp $ EAPI="4" LANGS="ar es pt_BR pt_PT uk" @@ -15,7 +15,7 @@ SRC_URI="http://flavio.tordini.org/files/${PN}/${P}.tar.gz" LICENSE="GPL-3" SLOT="0" -KEYWORDS="~amd64 x86" +KEYWORDS="amd64 x86" IUSE="debug kde gstreamer" DEPEND="x11-libs/qt-gui:4[accessibility] @@ -34,6 +34,10 @@ RDEPEND="${DEPEND}" S="${WORKDIR}/${PN}" +PATCHES=( + "${FILESDIR}"/${P}-non-static-filename.patch +) + src_install() { emake INSTALL_ROOT="${D}" install newicon images/app.png minitube.png |