rpms/emacspeak/devel emacspeak-28.0-tmpfile.patch, NONE, 1.1 emacspeak.spec, 1.27, 1.28
Jens Petersen
petersen at fedoraproject.org
Fri Sep 26 08:28:57 UTC 2008
- Previous message (by thread): rpms/nedit/devel nedit-5.5-security.patch, NONE, 1.1 nedit.spec, 1.18, 1.19 nedit-5.4-security.patch, 1.1, NONE
- Next message (by thread): rpms/emacspeak/F-9 .cvsignore, 1.8, 1.9 emacspeak-15.0-fixpref.patch, 1.1, 1.2 emacspeak.spec, 1.23, 1.24 sources, 1.8, 1.9
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: petersen
Update of /cvs/pkgs/rpms/emacspeak/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv28007
Modified Files:
emacspeak.spec
Added Files:
emacspeak-28.0-tmpfile.patch
Log Message:
- (CVE-2008-4191) fix tmpfile vulnerability in extract-table.pl with
emacspeak-28.0-tmpfile.patch from upstream svn (#463821)
emacspeak-28.0-tmpfile.patch:
--- NEW FILE emacspeak-28.0-tmpfile.patch ---
diff -up emacspeak-28.0/etc/extract-table.pl.tmpfile emacspeak-28.0/etc/extract-table.pl
--- emacspeak-28.0/etc/extract-table.pl.tmpfile 2007-05-04 11:08:59.000000000 +1000
+++ emacspeak-28.0/etc/extract-table.pl 2008-09-26 17:50:05.000000000 +1000
@@ -1,36 +1,36 @@
#!/usr/bin/perl -w
-#$Id: extract-table.pl 4047 2006-08-11 19:11:17Z tv.raman.tv $
+#$Id: extract-table.pl 5842 2008-08-25 18:54:14Z tv.raman.tv $
# Accepts a URI and table spec
-#returns a csv file
+#returns csv output on STDOUT
use strict;
use FileHandle;
use LWP::UserAgent;
use HTML::TableExtract;
use IO::File;
+use File::Temp qw(tempfile);
use Getopt::Long;
use vars qw (%options);
-my ($url, $file, $task, $depth, $count, $cols);
+my ($url, $file, $depth, $count, $cols);
-my %options = (task => \$task,
- url => \$url,
-file => \$file,
- depth => \$depth,
-count => \$count,
-headers => \$cols);
+my %options = (
+ url => \$url,
+ file => \$file,
+ depth => \$depth,
+ count => \$count,
+ headers => \$cols);
GetOptions (\%options,
'file=s',
'url=s',
- 'task=s',
'depth=i',
'count=i',
'headers=s');
-$task ||= "extract-table";
-my $input;
+
+my ($input, $inputname);
if (defined ($file)) {
$input = $file;
} else {
- $input="/tmp/$options{task}.html";
- RetrieveURLToFile($url, $input);
+ ($input, $inputname) = tempfile(suffix=>'.html');
+ RetrieveURLToFile($url, $inputname);
}
my $te;
@@ -41,8 +41,9 @@ if ( defined ($cols)) {
$te = new HTML::TableExtract( depth => $depth, count=>$count);
}
$te->parse_file($input);
-my $output = new FileHandle ("> /tmp/$task.csv");
+
my ($ts,$row);
+my $output =\*STDOUT;
foreach $ts ($te->table_states) {
foreach $row ($ts->rows) {
$output->print ( join(',', @$row), "\n");
@@ -52,7 +53,7 @@ foreach $ts ($te->table_states) {
$output->close();
if (defined ($url)) {
- unlink ($input);
+ unlink ($inputname);
}
# {{{ retrieve URL to file
@@ -64,9 +65,8 @@ sub RetrieveURLToFile {
# Pass request to the user agent and get a response back
my $res = $ua->request($req, $filename);
if ($res->is_success()) {
- warn"table: Retrieved $url to $filename\n";
} elsif ($res->is_error()) {
- exit ("Retrieval for $url failed\n");
+ die ("Retrieval failed for $url");
}
}
Index: emacspeak.spec
===================================================================
RCS file: /cvs/pkgs/rpms/emacspeak/devel/emacspeak.spec,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -r1.27 -r1.28
--- emacspeak.spec 26 Sep 2008 07:05:02 -0000 1.27
+++ emacspeak.spec 26 Sep 2008 08:28:27 -0000 1.28
@@ -1,7 +1,7 @@
Summary: emacspeak -- The Complete Audio Desktop
Name: emacspeak
Version: 28.0
-Release: 2%{?dist}
+Release: 3%{?dist}
# main lisp files are GPL2+
# lisp/atom-blogger and lisp/g-client are BSD
License: GPLv2+ and BSD
@@ -18,6 +18,7 @@
Requires: emacs, tclx
Patch0: emacspeak-15.0-fixpref.patch
Patch1: emacspeak-28.0-no-httpd.patch
+Patch2: emacspeak-28.0-tmpfile.patch
%description
Emacspeak is a speech interface that allows visually impaired users to
@@ -34,6 +35,7 @@
%setup -q
%patch0 -p1 -b .0-infodir
%patch1 -p1 -b .1-httpd
+%patch2 -p1 -b .tmpfile
for i in `find . -type f -exec grep -q /usr/bin/tcl$ '{}' ';' -print` ; do
sed -i -e "s%#!/usr/bin/tcl$%#!/usr/bin/tclsh\npackage require Tclx%" $i
@@ -75,6 +77,10 @@
%{_infodir}/*
%changelog
+* Fri Sep 26 2008 Jens Petersen <petersen at redhat.com> - 28.0-3
+- (CVE-2008-4191) fix tmpfile vulnerability in extract-table.pl with
+ emacspeak-28.0-tmpfile.patch from upstream svn (#463821)
+
* Fri Sep 26 2008 Jens Petersen <petersen at redhat.com> - 28.0-2
- fix broken generated deps reported by mtasaka (#463899)
- script the replacement of tcl with tclsh to fix missing dtk-soft
- Previous message (by thread): rpms/nedit/devel nedit-5.5-security.patch, NONE, 1.1 nedit.spec, 1.18, 1.19 nedit-5.4-security.patch, 1.1, NONE
- Next message (by thread): rpms/emacspeak/F-9 .cvsignore, 1.8, 1.9 emacspeak-15.0-fixpref.patch, 1.1, 1.2 emacspeak.spec, 1.23, 1.24 sources, 1.8, 1.9
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list