[arch-commits] Commit in menu-cache/trunk (Fix-CVE-2017-8933.patch PKGBUILD)
Balló György
bgyorgy at archlinux.org
Sun Jun 18 09:15:10 UTC 2017
Date: Sunday, June 18, 2017 @ 09:15:09
Author: bgyorgy
Revision: 238022
upgpkg: menu-cache 1.0.2-2
Fix CVE-2017-8933 (FS#54082)
Added:
menu-cache/trunk/Fix-CVE-2017-8933.patch
Modified:
menu-cache/trunk/PKGBUILD
-------------------------+
Fix-CVE-2017-8933.patch | 71 ++++++++++++++++++++++++++++++++++++++++++++++
PKGBUILD | 13 ++++++--
2 files changed, 81 insertions(+), 3 deletions(-)
Added: Fix-CVE-2017-8933.patch
===================================================================
--- Fix-CVE-2017-8933.patch (rev 0)
+++ Fix-CVE-2017-8933.patch 2017-06-18 09:15:09 UTC (rev 238022)
@@ -0,0 +1,71 @@
+From 56f66684592abf257c4004e6e1fff041c64a12ce Mon Sep 17 00:00:00 2001
+From: Andriy Grytsenko <andrej at rep.kiev.ua>
+Date: Sun, 14 May 2017 21:28:00 +0300
+Subject: [PATCH] Fix potential access violation, use runtime user dir instead
+ of tmp dir.
+
+Note: it limits libmenu-cache compatibility to menu-cached >= 0.7.0.
+---
+ NEWS | 3 +++
+ libmenu-cache/menu-cache.c | 7 ++++++-
+ menu-cache-daemon/menu-cached.c | 3 +++
+ 3 files changed, 12 insertions(+), 1 deletion(-)
+
+diff --git a/NEWS b/NEWS
+index f7f12e6..6177e9d 100644
+--- a/NEWS
++++ b/NEWS
+@@ -3,6 +3,9 @@
+ * Added new API menu_cache_app_get_generic_name() to get generic
+ name for application.
+
++* Fixed potential access violation, use runtime user dir instead of tmp dir.
++ It limits libmenu-cache compatibility to menu-cached >= 0.7.0.
++
+
+ Changes in 1.0.2 since 1.0.1:
+
+diff --git a/libmenu-cache/menu-cache.c b/libmenu-cache/menu-cache.c
+index 9e3e0db..d914127 100644
+--- a/libmenu-cache/menu-cache.c
++++ b/libmenu-cache/menu-cache.c
+@@ -3,7 +3,7 @@
+ *
+ * Copyright 2008 PCMan <pcman.tw at gmail.com>
+ * Copyright 2009 Jürgen Hötzel <juergen at archlinux.org>
+- * Copyright 2012-2015 Andriy Grytsenko (LStranger) <andrej at rep.kiev.ua>
++ * Copyright 2012-2017 Andriy Grytsenko (LStranger) <andrej at rep.kiev.ua>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+@@ -1538,8 +1538,13 @@ static void get_socket_name( char* buf, int len )
+ if(*p)
+ *p = '\0';
+ }
++#if GLIB_CHECK_VERSION(2, 28, 0)
++ g_snprintf( buf, len, "%s/menu-cached-%s", g_get_user_runtime_dir(),
++ dpy ? dpy : ":0" );
++#else
+ g_snprintf( buf, len, "%s/.menu-cached-%s-%s", g_get_tmp_dir(),
+ dpy ? dpy : ":0", g_get_user_name() );
++#endif
+ g_free(dpy);
+ }
+
+diff --git a/menu-cache-daemon/menu-cached.c b/menu-cache-daemon/menu-cached.c
+index a6895ee..c100484 100644
+--- a/menu-cache-daemon/menu-cached.c
++++ b/menu-cache-daemon/menu-cached.c
+@@ -473,6 +473,9 @@ static void get_socket_name( char* buf, int len )
+ if(*p)
+ *p = '\0';
+ }
++ /* NOTE: this socket name is incompatible with versions > 1.0.2,
++ although this function is never used since 0.7.0 but
++ libmenu-cache always requests exact socket name instead */
+ g_snprintf( buf, len, "%s/.menu-cached-%s-%s", g_get_tmp_dir(),
+ dpy ? dpy : ":0", g_get_user_name() );
+ g_free(dpy);
+--
+2.1.4
+
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2017-06-18 08:57:04 UTC (rev 238021)
+++ PKGBUILD 2017-06-18 09:15:09 UTC (rev 238022)
@@ -6,7 +6,7 @@
pkgname=menu-cache
pkgver=1.0.2
-pkgrel=1
+pkgrel=2
pkgdesc='Caching mechanism for freedesktop.org compliant menus'
arch=('i686' 'x86_64')
license=('GPL2')
@@ -13,9 +13,16 @@
url='http://lxde.org/'
depends=('libfm-extra')
makedepends=('gtk-doc')
-source=(https://downloads.sourceforge.net/lxde/$pkgname-$pkgver.tar.xz)
-sha256sums=('6f83edf2de34f83e701dcb52145d755250a5677580cd413476cc4d7f2d2012d5')
+source=(https://downloads.sourceforge.net/lxde/$pkgname-$pkgver.tar.xz
+ Fix-CVE-2017-8933.patch)
+sha256sums=('6f83edf2de34f83e701dcb52145d755250a5677580cd413476cc4d7f2d2012d5'
+ 'd0ee65717d07ae423bac48d0676989cec624674bdacd3619f5d9fcc64c9e5796')
+prepare() {
+ cd $pkgname-$pkgver
+ patch -Np1 -i ../Fix-CVE-2017-8933.patch
+}
+
build() {
cd $pkgname-$pkgver
./configure --prefix=/usr --sysconfdir=/etc \
More information about the arch-commits
mailing list