rpms/xastir/F-9 xastir-1.9.2-tmpdir.patch, NONE, 1.1 xastir.spec, 1.6, 1.7

Lucian Langa lucilanga at fedoraproject.org
Thu Aug 28 12:41:12 UTC 2008 

Author: lucilanga

Update of /cvs/pkgs/rpms/xastir/F-9
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv10998

Modified Files:
	xastir.spec 
Added Files:
	xastir-1.9.2-tmpdir.patch 
Log Message:
fix insecure auxiliary /tmp file usage bug #460429

xastir-1.9.2-tmpdir.patch:

--- NEW FILE xastir-1.9.2-tmpdir.patch ---
--- xastir-1.9.2/scripts/get-maptools.sh	2007-01-03 21:40:49.000000000 +0200
+++ xastir-1.9.2-mod/scripts/get-maptools.sh	2008-08-28 15:26:04.000000000 +0300
@@ -171,8 +171,9 @@
 	        cp $LDCONF_FILE /tmp/ldconfig.tmp
 	        $SUDO cp $LDCONF_FILE $LDCONF_FILE.orig.$$
 	fi
-        printf "/usr/local/lib\n" >> /tmp/ldconf.tmp
-        $SUDO cp /tmp/ldconf.tmp $LDCONF_FILE
+	MKT=`which mktemp`
+        printf "/usr/local/lib\n" >> $MKT
+        $SUDO cp $MKT $LDCONF_FILE
 
     fi
 
--- xastir-1.9.2/scripts/get_shapelib.sh	2007-01-03 21:40:50.000000000 +0200
+++ xastir-1.9.2-mod/scripts/get_shapelib.sh	2008-08-28 15:29:26.000000000 +0300
@@ -141,10 +141,11 @@
     if (! grep /usr/local/lib /etc/ld.so.conf 2>&1 > /dev/null) 
     then
         printf "Warning: /usr/local/lib not in /etc/ld.so.conf - adding it\n"
-        cp /etc/ld.so.conf /tmp
-        printf "/usr/local/lib\n" >> /tmp/ld.so.conf
+	MKT=`which mktemp`
+        cp /etc/ld.so.conf $MKT
+        printf "/usr/local/lib\n" >> $MKT
         $SUDO cp /etc/ld.so.conf /etc/ld.so.conf.save 
-        $SUDO cp /tmp/ld.so.conf /etc/ld.so.conf
+        $SUDO cp $MKT /etc/ld.so.conf
     fi
 
     if ( grep /usr/local/lib /etc/ld.so.conf ) 


Index: xastir.spec
===================================================================
RCS file: /cvs/pkgs/rpms/xastir/F-9/xastir.spec,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- xastir.spec	8 Jul 2008 16:11:24 -0000	1.6
+++ xastir.spec	28 Aug 2008 12:40:41 -0000	1.7
@@ -1,7 +1,7 @@
 Summary   : Amateur Station Tracking and Reporting system for amateur radio
 Name      : xastir
 Version   : 1.9.2
-Release   : 7%{?dist}
+Release   : 8%{?dist}
 License   : GPLv2
 Group     : Applications/Internet
 Source0   : http://downloads.sourceforge.net/xastir/xastir-%{version}.tar.gz
@@ -9,6 +9,7 @@
 Source2   : %{name}.png
 Patch0    : xastir-1.9.2-libdir.patch
 Patch1    : xastir-1.9.2-wget.patch
+Patch2    : xastir-1.9.2-tmpdir.patch
 URL       : http://www.xastir.org
 BuildRoot : %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 Requires : wget
@@ -40,6 +41,7 @@
 %setup -q -n %{name}-%{version}
 %patch0 -p1 -b .libdir
 %patch1 -p1 -b .wget
+%patch1 -p1 -b .tmpdir
 
 %build
 #./bootstrap.sh
@@ -98,6 +100,9 @@
 %doc README.MAPS README.win32 UPGRADE
 
 %changelog
+* Thu Aug 28 2008 Lucian Langa <cooly at gnome.eu.org> - 1.9.2-8
+- fix insecure auxiliary /tmp file usage bug #460429
+
 * Thu Jul 08 2008 Lucian Langa <cooly at gnome.eu.org> - 1.9.2-7
 - Rebuild against newer db4 headers/libs

More information about the fedora-extras-commits mailing list