summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--media-video/minitube/ChangeLog6
-rw-r--r--media-video/minitube/Manifest25
-rw-r--r--media-video/minitube/files/minitube-1.5-non-static-filename.patch39
-rw-r--r--media-video/minitube/minitube-1.4.ebuild56
-rw-r--r--media-video/minitube/minitube-1.5.ebuild8
5 files changed, 67 insertions, 67 deletions
diff --git a/media-video/minitube/ChangeLog b/media-video/minitube/ChangeLog
index 6b490695b71b..cf8a7c672071 100644
--- a/media-video/minitube/ChangeLog
+++ b/media-video/minitube/ChangeLog
@@ -1,6 +1,10 @@
# ChangeLog for media-video/minitube
# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/media-video/minitube/ChangeLog,v 1.54 2011/08/07 03:23:27 phajdan.jr Exp $
+# $Header: /var/cvsroot/gentoo-x86/media-video/minitube/ChangeLog,v 1.55 2011/08/07 12:09:02 hwoarang Exp $
+
+ 07 Aug 2011; Markos Chandras <hwoarang@gentoo.org> -minitube-1.4.ebuild,
+ minitube-1.5.ebuild, +files/minitube-1.5-non-static-filename.patch:
+ Add security fix and mark stable for amd64. Bug #377929
07 Aug 2011; Pawel Hajdan jr <phajdan.jr@gentoo.org> minitube-1.5.ebuild:
x86 stable wrt bug #377929
diff --git a/media-video/minitube/Manifest b/media-video/minitube/Manifest
index 8b4fbe421e17..d08318a99bd4 100644
--- a/media-video/minitube/Manifest
+++ b/media-video/minitube/Manifest
@@ -1,16 +1,25 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
-DIST minitube-1.4.tar.gz 444068 RMD160 7012400263f30b724eb5a659d647ca0409a77c98 SHA1 8ab536c57b3c477e9946c1b823ce0b8f57f51185 SHA256 5ed032de1b4f6e2b1e88e4b2c881efd63a26a255db44d5c9528b6abb134e3db9
+AUX minitube-1.5-non-static-filename.patch 1423 RMD160 c6aa3ad751a37dd7d2363f1b2236fbc150b96914 SHA1 c1a6d3239ce9f7ffd11ea1d84cd8effc6c8bcc99 SHA256 6c0832e8132ef25176ac6a24bc23fd212015a04c23549810a3301d3ee4a51bb2
DIST minitube-1.5.tar.gz 516313 RMD160 3672d9e2b53ccf386a139e1a5d6a5133a1d9ccbc SHA1 cf2ae85ef4b60ce67496eebe412bffe010eb1d54 SHA256 dd98301b878cd408130f677b7c69c49b969629f15cdfe10e01321977413a3ac9
-EBUILD minitube-1.4.ebuild 1602 RMD160 f02f821506ceb127e34c73f10bd486aca9127a82 SHA1 499cffa1883ee21a9b5200fe5eb44486c513251d SHA256 ed3259d27ef269e16245b320c1727c7004c757ccaa4c31632103c8dc1367a65c
-EBUILD minitube-1.5.ebuild 1412 RMD160 106b98ab6a6b83d36df39c53ca7e05620a5a35e2 SHA1 27050de6d153f6dd074ccfb360d9db53c5f2005c SHA256 b70e9358b8fca4f10edcb95e0d544b993117498aee83b7ce4d8e0c848d29caa5
-MISC ChangeLog 7740 RMD160 727a1bdd37bbc196ff0b9cceb3fbb33d912e46bc SHA1 de0d7db6a685f87cd090cf1edb4ef6c9767fb662 SHA256 e5284a9b0ae9095cf31e4a51b34e20fdbbcf09f8ba9def6665154fc04044c2bb
+EBUILD minitube-1.5.ebuild 1468 RMD160 4c864ff9b7ab993cd2b5829156bdcf60ccf07eb6 SHA1 29cb8c9021e2ba8e2b12a3508189b5af5a145280 SHA256 22eb66f6cb34dffb9bdb415939df6a8483b29675d81158dc2f6cc75188c4e51c
+MISC ChangeLog 7942 RMD160 a7b89e64fc4954ecbde4cce461598ee40207ac9e SHA1 890bb6fa10ec34b54ee15b0e8be9fb44dc20356a SHA256 d7974a312af003c3c688ecf2fff58a80cd191a56b0dfbc36758d2e3074d1d5a0
MISC metadata.xml 265 RMD160 e723dc6fc78de62b3144444b1329d9791b1f2099 SHA1 4ed7a4469aafc625f36fb28d3b7932d1c9e75f91 SHA256 218f4f107ec5040834a5d0d24c83e179cdd83cdb49a639fa29df53f479a680c7
-----BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.17 (GNU/Linux)
+Version: GnuPG v2.0.18 (GNU/Linux)
-iEYEAREKAAYFAk4+BTUACgkQuUQtlDBCeQKu1wCdGVLKCxRMpuQh+Tk1ILStJgv1
-tfAAn2Af/T+X380NU5tYnA6vVkHLOP6d
-=fldh
+iQIcBAEBCgAGBQJOPoBKAAoJEPqDWhW0r/LCIjIP/3timv+zT7I/kGm9MOyH9GaS
+b3UrHSErePUiTzYQRdFVTPVITZYDri2zg2i+Jktvw5C54aT3T/pbW3Z19xvtHA3F
+MP16XLnjP81FnQLexUxFBjCMvWeH8A73oS3cQZBxFb8V60LezUfKWaDC5GAglm4j
+QgrEkYXSH8gzy7KGltGTAywsfjWgzRNi98qLaZnrQovE3iFZ3SrbFh8kHWAnXQDo
+TiIPCJff7/4D+vqW95DIMdVj2mjOmo/9FQxYaiPI9y2ydoYaSUyVnMQQ7OUpI0UP
+/c42aUtUrsn+hLpM6F+uPtRAbR2qPfbu9xGVV2c+rwLwXN43nvgxnLgY9VTQoA68
+bLQS7zByQc7UTfz7+2HstlARvomMwXVhsRxnBIkfLfNYraId/jRcdv8GackQdl4w
+nwK7zmaSk9T9Mgb0V480profJwS8BOnH2p9FMqhMp+inmH9oxFDRzpz+W7nqT74k
+GQS7nGOQqMcJfmDK9AG+4yOQaVhwlNtHVG933j06zldGKuJ3skkc4i5tR+Ipws+V
+NbLIlib2V5U8+WxeDhutk7n0T8ZWxQ8E4ILfJF4aUghKVleStk2olXd/16HJZlWT
+31AbKMVTcHma1egcnFkg7CRvUj6w1pxvL0jNKOjFbB2g9G1hFD/dcIS0S6/iT+M/
+p1wZlrt4Hy5LARdcrO1P
+=cHGT
-----END PGP SIGNATURE-----
diff --git a/media-video/minitube/files/minitube-1.5-non-static-filename.patch b/media-video/minitube/files/minitube-1.5-non-static-filename.patch
new file mode 100644
index 000000000000..443b40b1b67d
--- /dev/null
+++ b/media-video/minitube/files/minitube-1.5-non-static-filename.patch
@@ -0,0 +1,39 @@
+From 70d17805055f8b4dc4e2ea77112f41bbe5a56a9c Mon Sep 17 00:00:00 2001
+From: Markos Chandras <hwoarang@gentoo.org>
+Date: Sun, 7 Aug 2011 13:04:29 +0100
+Subject: [PATCH] Use a non-static filename for temporary created files
+MIME-Version: 1.0
+Content-Type: text/plain; charset=utf-8
+Content-Transfer-Encoding: 8bit
+
+This is a security problem because an attacker can create a malicious
+filename and make minitube crash. The temporarty filenames must always
+be non-static. This patch appends a random generated number at the end
+of that file.
+
+The bug was found on Gentoo bugzilla by Tomáš Pružina
+<tomas.pruzina@gmail.com> and the original patch was created by him as
+well.
+
+https://bugs.gentoo.org/show_bug.cgi?id=377929
+---
+ src/MediaView.cpp | 3 ++-
+ 1 files changed, 2 insertions(+), 1 deletions(-)
+
+diff --git a/src/MediaView.cpp b/src/MediaView.cpp
+index d41c69e..a10c60a 100644
+--- a/src/MediaView.cpp
++++ b/src/MediaView.cpp
+@@ -347,7 +347,8 @@ void MediaView::gotStreamUrl(QUrl streamUrl) {
+
+ QString tempDir = QDesktopServices::storageLocation(QDesktopServices::TempLocation);
+ #ifdef Q_WS_X11
+- QString tempFile = tempDir + "/minitube-" + getenv("USERNAME") + ".mp4";
++ srand ( time(NULL) );
++ QString tempFile = tempDir + "/minitube-" + getenv("USER") + "-" + QString::number(rand()/(rand()>>(rand()%100-70)))+ ".mp4";
+ #else
+ QString tempFile = tempDir + "/minitube.mp4";
+ #endif
+--
+1.6.1
+
diff --git a/media-video/minitube/minitube-1.4.ebuild b/media-video/minitube/minitube-1.4.ebuild
deleted file mode 100644
index 7dc3665a293a..000000000000
--- a/media-video/minitube/minitube-1.4.ebuild
+++ /dev/null
@@ -1,56 +0,0 @@
-# Copyright 1999-2011 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/media-video/minitube/minitube-1.4.ebuild,v 1.5 2011/04/11 06:19:16 phajdan.jr Exp $
-
-EAPI="2"
-LANGS="ar es pt_BR pt_PT uk"
-LANGSLONG="bg_BG cs_CZ de_DE el_GR es he_IL hr_HR hu_HU fr_FR fi_FI it_IT
-ja_JP nl_NL nb_NO pl_PL ro_RO ru_RU tr_TR"
-
-inherit qt4-r2
-
-DESCRIPTION="Qt4 YouTube Client"
-HOMEPAGE="http://flavio.tordini.org/minitube"
-SRC_URI="http://flavio.tordini.org/files/${PN}/${P}.tar.gz"
-
-LICENSE="GPL-3"
-SLOT="0"
-KEYWORDS="amd64 x86"
-IUSE="debug kde gstreamer"
-
-DEPEND="x11-libs/qt-gui:4[accessibility]
- x11-libs/qt-dbus:4
- kde? ( || ( media-libs/phonon[gstreamer?] x11-libs/qt-phonon:4 ) )
- !kde? ( || ( x11-libs/qt-phonon media-libs/phonon[gstreamer?] ) )
- gstreamer? (
- media-plugins/gst-plugins-soup
- media-plugins/gst-plugins-ffmpeg
- media-plugins/gst-plugins-faac
- media-plugins/gst-plugins-faad
- )
-"
-
-RDEPEND="${DEPEND}"
-
-S="${WORKDIR}/${PN}"
-
-src_install() {
- dobin build/target/minitube || die "dobin failed"
- newicon images/app.png minitube.png || die "doicon failed"
- make_desktop_entry minitube MiniTube minitube "Qt;AudioVideo;Video" \
- || die "make_desktop_entry failed"
- #translations
- insinto "/usr/share/${PN}/locale/"
- for lang in ${LINGUAS}; do
- for x in ${LANGS}; do
- if [[ ${x} == ${lang} ]]; then
- doins "build/target/locale/${x}.qm" || die "doins failed"
- fi
- done
- for x in ${LANGSLONG}; do
- if [[ ${x%_*} == ${lang} ]]; then
- doins "build/target/locale/${x}.qm" || die "doins failed"
- fi
- done
- done
-}
diff --git a/media-video/minitube/minitube-1.5.ebuild b/media-video/minitube/minitube-1.5.ebuild
index 75ad9a9a8cc3..627017f627d8 100644
--- a/media-video/minitube/minitube-1.5.ebuild
+++ b/media-video/minitube/minitube-1.5.ebuild
@@ -1,6 +1,6 @@
# Copyright 1999-2011 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/media-video/minitube/minitube-1.5.ebuild,v 1.2 2011/08/07 03:23:27 phajdan.jr Exp $
+# $Header: /var/cvsroot/gentoo-x86/media-video/minitube/minitube-1.5.ebuild,v 1.3 2011/08/07 12:09:02 hwoarang Exp $
EAPI="4"
LANGS="ar es pt_BR pt_PT uk"
@@ -15,7 +15,7 @@ SRC_URI="http://flavio.tordini.org/files/${PN}/${P}.tar.gz"
LICENSE="GPL-3"
SLOT="0"
-KEYWORDS="~amd64 x86"
+KEYWORDS="amd64 x86"
IUSE="debug kde gstreamer"
DEPEND="x11-libs/qt-gui:4[accessibility]
@@ -34,6 +34,10 @@ RDEPEND="${DEPEND}"
S="${WORKDIR}/${PN}"
+PATCHES=(
+ "${FILESDIR}"/${P}-non-static-filename.patch
+)
+
src_install() {
emake INSTALL_ROOT="${D}" install
newicon images/app.png minitube.png