rpms/hugin/devel hugin-0.6.1-CVE-2007-5200.patch, NONE, 1.1 hugin.spec, 1.6, 1.7
Bruno Postle (bpostle)
fedora-extras-commits at redhat.com
Mon Nov 5 22:07:50 UTC 2007
Author: bpostle
Update of /cvs/pkgs/rpms/hugin/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv27548/devel
Modified Files:
hugin.spec
Added Files:
hugin-0.6.1-CVE-2007-5200.patch
Log Message:
FC-6, F-7, F-8 and devel fixes for CVE-2007-5200 bug #332401
hugin-0.6.1-CVE-2007-5200.patch:
--- NEW FILE hugin-0.6.1-CVE-2007-5200.patch ---
Modified: hugin/branches/stable/src/Panorama/PTOptimise.cpp
===================================================================
--- hugin/tags/hugin-0-6-1/src/Panorama/PTOptimise.cpp 2007-10-24 19:30:32 UTC (rev 2491)
+++ hugin/branches/stable/src/Panorama/PTOptimise.cpp 2007-10-24 19:42:36 UTC (rev 2492)
@@ -36,9 +36,6 @@
#include <boost/property_map.hpp>
#include <boost/graph/graph_utility.hpp>
-#define DEBUG_WRITE_OPTIM_OUTPUT
-#define DEBUG_WRITE_OPTIM_OUTPUT_FILE "hugin_debug_optim_results.txt"
-
using namespace std;
using namespace PT;
using namespace PTools;
@@ -132,13 +129,6 @@
RunLMOptimizer( &opt );
ainf.data = opt.message;
// get results from align info.
-#ifdef DEBUG_WRITE_OPTIM_OUTPUT
- fullPath path;
- StringtoFullPath(&path, DEBUG_WRITE_OPTIM_OUTPUT_FILE );
-
- ainf.data = opt.message;
- WriteResults( script, &path, &ainf, distSquared, 0);
-#endif
pano.updateVariables(GetAlignInfoVariables(ainf) );
pano.updateCtrlPointErrors( GetAlignInfoCtrlPoints(ainf) );
}
Modified: hugin/branches/stable/src/hugin/AutoCtrlPointCreator.cpp
===================================================================
--- hugin/tags/hugin-0-6-1/src/hugin/AutoCtrlPointCreator.cpp 2007-10-24 19:30:32 UTC (rev 2491)
+++ hugin/branches/stable/src/hugin/AutoCtrlPointCreator.cpp 2007-10-24 19:42:36 UTC (rev 2492)
@@ -225,7 +225,7 @@
}
#endif
- wxString ptofile(wxT("autopano_result_tempfile.pto"));
+ wxString ptofile = wxFileName::CreateTempFileName(wxT("ap_res"));
autopanoArgs.Replace(wxT("%o"), ptofile);
wxString tmp;
tmp.Printf(wxT("%d"), nFeatures);
@@ -415,7 +415,7 @@
imgNr++;
}
- wxString ptofile(wxT("autopano_result_tempfile"));
+ wxString ptofile = wxFileName::CreateTempFileName(wxT("ap_res"));
autopanoArgs.Replace(wxT("%o"), ptofile);
wxString tmp;
tmp.Printf(wxT("%d"), nFeatures);
Index: hugin.spec
===================================================================
RCS file: /cvs/pkgs/rpms/hugin/devel/hugin.spec,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- hugin.spec 22 Aug 2007 20:26:27 -0000 1.6
+++ hugin.spec 5 Nov 2007 22:07:17 -0000 1.7
@@ -1,7 +1,7 @@
Summary: Frontend for Panorama Tools, similar to PTAssembler, PTGui or Open for Windows
Name: hugin
Version: 0.6.1
-Release: 9%{?dist}
+Release: 10%{?dist}
License: GPLv2+
Group: Applications/Multimedia
Source: http://downloads.sourceforge.net/hugin/%{name}-%{version}.tar.bz2
@@ -12,6 +12,7 @@
BuildRequires: libpano12-devel >= 2.8.6 zlib-devel libtiff-devel libjpeg-devel
BuildRequires: libpng-devel gettext-devel wxGTK-devel >= 2.6.0 boost-devel
BuildRequires: desktop-file-utils
+Patch0: hugin-0.6.1-CVE-2007-5200.patch
%description
hugin can be used to stitch multiple images together. The resulting image can
@@ -21,6 +22,7 @@
%prep
%setup -q
+%patch0 -p3
# autopanog.exe is a mono app
sed -i 's/"autopanog.exe"/"mono `which autopanog.exe`"/' \
src/include/hugin/config_defaults.h
@@ -74,6 +76,10 @@
%doc ABOUT-NLS AUTHORS BUGS ChangeLog COPYING INSTALL LICENCE NEWS README TODO src/hugin/xrc/data/*.htm src/hugin/xrc/data/*.html src/hugin/xrc/data/help_en_EN src/hugin/xrc/data/help_fr_FR HACKING LICENCE_JHEAD LICENCE_VIGRA doc/nona.txt
%changelog
+* Mon Nov 05 2007 Bruno Postle <bruno at postle.net> 0.6.1-10
+- fix for CVE-2007-5200 hugin unsafe temporary file usage
+- bug #332401; bug #362851; bug #362861; bug #362871
+
* Wed Aug 22 2007 Bruno Postle <bruno at postle.net> 0.6.1-9
- bumping for rebuild against new libpano12-2.8.6 abi
- fix Source tag
More information about the fedora-extras-commits
mailing list