Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/dev-perl/Clipboard
diff options
context:
space:
mode:
authorPatrice Clement <monsieurp@gentoo.org>2016-11-19 12:32:52 +0100
committerPatrice Clement <monsieurp@gentoo.org>2016-11-19 12:33:53 +0100
commit6ea7c366c608b4ea144a8a31cdaf2553b08bf5ef (patch)
tree26dbdae5b37e0af46bc463fbba923b07808337b0 /dev-perl/Clipboard
parentx11-libs/c++-gtk-utils: Shorten DESCRIPTION. (diff)
downloadgentoo-6ea7c366c608b4ea144a8a31cdaf2553b08bf5ef.tar.gz
gentoo-6ea7c366c608b4ea144a8a31cdaf2553b08bf5ef.tar.bz2
gentoo-6ea7c366c608b4ea144a8a31cdaf2553b08bf5ef.zip
dev-perl/Clipboard: fix insecure temporary file usage.
This is a community patch taken from https://anonscm.debian.org/cgit/pkg-perl/packages/libclipboard-perl.git/tree/debian/patches/insecure-tempfile.patch. Courtesy of Gregor Herrmann <gregoa@debian.org>. Gentoo-Bug: https://bugs.gentoo.org/521890 Package-Manager: portage-2.3.0
Diffstat (limited to 'dev-perl/Clipboard')
-rw-r--r--dev-perl/Clipboard/Clipboard-0.130.0-r2.ebuild22
-rw-r--r--dev-perl/Clipboard/files/Clipboard-0.130.0-insecure-tempfile.patch23
2 files changed, 45 insertions, 0 deletions
diff --git a/dev-perl/Clipboard/Clipboard-0.130.0-r2.ebuild b/dev-perl/Clipboard/Clipboard-0.130.0-r2.ebuild
new file mode 100644
index 000000000000..0696164de5d3
--- /dev/null
+++ b/dev-perl/Clipboard/Clipboard-0.130.0-r2.ebuild
@@ -0,0 +1,22 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+MODULE_AUTHOR=KING
+MODULE_VERSION=0.13
+inherit perl-module
+
+DESCRIPTION="Copy and paste with any OS"
+
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~ppc ~ppc64 ~x86"
+IUSE=""
+
+# See bug 521890.
+PATCHES=(
+ "${FILESDIR}"/"${P}"-insecure-tempfile.patch
+)
+
+RDEPEND="x11-misc/xclip"
diff --git a/dev-perl/Clipboard/files/Clipboard-0.130.0-insecure-tempfile.patch b/dev-perl/Clipboard/files/Clipboard-0.130.0-insecure-tempfile.patch
new file mode 100644
index 000000000000..1fd452c61481
--- /dev/null
+++ b/dev-perl/Clipboard/files/Clipboard-0.130.0-insecure-tempfile.patch
@@ -0,0 +1,23 @@
+Description: Fix insecure use of temporary files.
+ This is CVE-2014-5509.
+Origin: vendor
+Bug: https://rt.cpan.org/Public/Bug/Display.html?id=98435
+Forwarded: https://rt.cpan.org/Public/Bug/Display.html?id=98435
+Author: gregor herrmann <gregoa@debian.org>
+Last-Update: 2016-08-13
+
+--- a/scripts/clipedit
++++ b/scripts/clipedit
+@@ -1,10 +1,11 @@
+ #!/usr/bin/perl
+ use strict;
+ use Clipboard;
++use File::Temp qw( tempfile );
+
+ my $orig = Clipboard->paste;
+
+-my $tmpfilename = "/tmp/clipedit$$";
++my ($tmpfile, $tmpfilename) = tempfile();
+ open my $tmpfile, ">$tmpfilename" or die "Failure to open $tmpfilename: $!";
+ print $tmpfile $orig;
+ close $tmpfile;