[arch-commits] Commit in pcmanfm/trunk (Fix-CVE-2017-8934.patch PKGBUILD)
Balló György
bgyorgy at archlinux.org
Sun Jun 18 09:19:49 UTC 2017
Date: Sunday, June 18, 2017 @ 09:19:48
Author: bgyorgy
Revision: 238024
upgpkg: pcmanfm 1.2.5-2
Fix CVE-2017-8934 (FS#54070)
Added:
pcmanfm/trunk/Fix-CVE-2017-8934.patch
Modified:
pcmanfm/trunk/PKGBUILD
-------------------------+
Fix-CVE-2017-8934.patch | 56 ++++++++++++++++++++++++++++++++++++++++++++++
PKGBUILD | 13 ++++++++--
2 files changed, 66 insertions(+), 3 deletions(-)
Added: Fix-CVE-2017-8934.patch
===================================================================
--- Fix-CVE-2017-8934.patch (rev 0)
+++ Fix-CVE-2017-8934.patch 2017-06-18 09:19:48 UTC (rev 238024)
@@ -0,0 +1,56 @@
+From bc8c3d871e9ecc67c47ff002b68cf049793faf08 Mon Sep 17 00:00:00 2001
+From: Andriy Grytsenko <andrej at rep.kiev.ua>
+Date: Sun, 14 May 2017 21:35:40 +0300
+Subject: [PATCH] Fix potential access violation, use runtime user dir instead
+ of tmp dir.
+
+---
+ NEWS | 4 ++++
+ src/single-inst.c | 7 ++++++-
+ 2 files changed, 10 insertions(+), 1 deletion(-)
+
+diff --git a/NEWS b/NEWS
+index 8c2049a..876f7f3 100644
+--- a/NEWS
++++ b/NEWS
+@@ -1,3 +1,7 @@
++* Fixed potential access violation, use runtime user dir instead of tmp dir
++ for single instance socket.
++
++
+ Changes on 1.2.5 since 1.2.4:
+
+ * Removed options to Cut, Remove and Rename from context menu on mounted
+diff --git a/src/single-inst.c b/src/single-inst.c
+index 62c37b3..aaf84ab 100644
+--- a/src/single-inst.c
++++ b/src/single-inst.c
+@@ -2,7 +2,7 @@
+ * single-inst.c: simple IPC mechanism for single instance app
+ *
+ * Copyright 2010 Hong Jen Yee (PCMan) <pcman.tw at gmail.com>
+- * Copyright 2012 Andriy Grytsenko (LStranger) <andrej at rep.kiev.ua>
++ * Copyright 2012-2017 Andriy Grytsenko (LStranger) <andrej at rep.kiev.ua>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+@@ -404,11 +404,16 @@ static void get_socket_name(SingleInstData* data, char* buf, int len)
+ }
+ else
+ dpynum = 0;
++#if GLIB_CHECK_VERSION(2, 28, 0)
++ g_snprintf(buf, len, "%s/%s-socket-%s-%d", g_get_user_runtime_dir(),
++ data->prog_name, host ? host : "", dpynum);
++#else
+ g_snprintf(buf, len, "%s/.%s-socket-%s-%d-%s",
+ g_get_tmp_dir(),
+ data->prog_name,
+ host ? host : "",
+ dpynum,
+ g_get_user_name());
++#endif
+ }
+
+--
+2.1.4
+
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2017-06-18 09:15:18 UTC (rev 238023)
+++ PKGBUILD 2017-06-18 09:19:48 UTC (rev 238024)
@@ -7,7 +7,7 @@
pkgname=pcmanfm
pkgver=1.2.5
-pkgrel=1
+pkgrel=2
pkgdesc='Extremely fast and lightweight file manager'
arch=('i686' 'x86_64')
url='http://pcmanfm.sourceforge.net/'
@@ -17,9 +17,16 @@
makedepends=('intltool')
optdepends=('gvfs: for trash support, mounting with udisks and remote filesystems'
'xarchiver: archive management')
-source=(https://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.xz)
-sha256sums=('0c86cac028b705ff314c7464d814c2cf7ff604c17491c20aa204b1ef1a80ad67')
+source=(https://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.xz
+ Fix-CVE-2017-8934.patch)
+sha256sums=('0c86cac028b705ff314c7464d814c2cf7ff604c17491c20aa204b1ef1a80ad67'
+ 'b6c72862e70d4c4d2ec9754427bf7835b4f3104fea642e7ba4dd871c782bd1f1')
+prepare() {
+ cd $pkgname-$pkgver
+ patch -Np1 -i ../Fix-CVE-2017-8934.patch
+}
+
build() {
cd $pkgname-$pkgver
./configure --sysconfdir=/etc --prefix=/usr
More information about the arch-commits
mailing list