rpms/comix/F-8 comix-3.6.4-tmpfile.patch, NONE, 1.1 comix.spec, 1.10, 1.11

Mamoru Tasaka (mtasaka) fedora-extras-commits at redhat.com
Wed Apr 2 14:41:43 UTC 2008 

Author: mtasaka

Update of /cvs/extras/rpms/comix/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv27440/F-8

Modified Files:
	comix.spec 
Added Files:
	comix-3.6.4-tmpfile.patch 
Log Message:
* Wed Apr  2 2008 Mamoru Tasaka <mtasaka at ioa.s.u-tokyo.ac.jp> - 3.6.4-5
- Second patch for bug 430635
  Use tempfile.mkdtemp() for multiple user race condition


comix-3.6.4-tmpfile.patch:

--- NEW FILE comix-3.6.4-tmpfile.patch ---
--- comix-3.6.4/comix.tmpdir	2008-04-02 21:17:54.000000000 +0900
+++ comix-3.6.4/comix	2008-04-02 23:32:50.000000000 +0900
@@ -47,6 +47,8 @@
 import subprocess
 import string
 
+import tempfile
+
 try:
     import pygtk
     pygtk.require('2.0')
@@ -257,6 +259,8 @@
     window_height = 0
     colour_adjust_signal_kill = False
     colour_adjust_dialog_displayed = False
+
+    _tmp_dir = None
     
     def close_application(self, widget, event=None):
         
@@ -270,8 +274,8 @@
         self.prefs['page of last file'] = self.file_number
         if os.path.exists(self.base_dir):
             shutil.rmtree(self.base_dir)
-            if len(os.listdir('/tmp/comix')) == 0:
-                shutil.rmtree('/tmp/comix')
+            if len(os.listdir(self._tmp_dir)) == 0:
+                shutil.rmtree(self._tmp_dir)
         self.exit = True
 
         # =======================================================
@@ -369,9 +373,9 @@
         # =======================================================
         if os.path.exists(self.base_dir):
             shutil.rmtree(self.base_dir)
-        if os.path.isdir('/tmp/comix'):
-            if len(os.listdir('/tmp/comix')) == 0:
-                shutil.rmtree('/tmp/comix')
+        if os.path.isdir(self._tmp_dir):
+            if len(os.listdir(self._tmp_dir)) == 0:
+                shutil.rmtree(self._tmp_dir)
 
         
         # =======================================================
@@ -8027,7 +8031,7 @@
             return False
         
         # We don't want to open files from our selves.
-        if selection.data.startswith('file:///tmp/comix/'):
+        if selection.data.startswith('file://' + self._tmp_dir):
             return
         
         uri = selection.data.strip()
@@ -10543,15 +10547,20 @@
         # The dir is /tmp/comix/<num> where <num> is 1 or higher
         # depending on the number of Comix sessions opened.
         # =======================================================
-        if not os.path.exists('/tmp/comix/'):
-            os.makedirs('/tmp/comix/')
-            os.chmod('/tmp/comix/', 0700)
+        #if not os.path.exists('/tmp/comix/'):
+        #    os.makedirs('/tmp/comix/')
+        #    os.chmod('/tmp/comix/', 0700)
+
+        self._tmp_dir = tempfile.mkdtemp(prefix='comix.', suffix=os.sep, 
+             dir = '/tmp')
+        self._tmp_dir += "/"
+
         dir_number = 1
         while 1:
-            if not os.path.exists('/tmp/comix/' + str(dir_number)):
-                os.mkdir('/tmp/comix/' + str(dir_number))
-                os.chmod('/tmp/comix/' + str(dir_number), 0700)
-                self.base_dir = '/tmp/comix/' + str(dir_number) + '/'
+            if not os.path.exists(self._tmp_dir + str(dir_number)):
+                os.mkdir(self._tmp_dir + str(dir_number))
+                os.chmod(self._tmp_dir + str(dir_number), 0700)
+                self.base_dir = self._tmp_dir + str(dir_number) + '/'
                 break
             dir_number += 1
             


Index: comix.spec
===================================================================
RCS file: /cvs/extras/rpms/comix/F-8/comix.spec,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- comix.spec	2 Apr 2008 12:26:10 -0000	1.10
+++ comix.spec	2 Apr 2008 14:41:00 -0000	1.11
@@ -1,6 +1,6 @@
 Name:		comix
 Version:	3.6.4
-Release:	4%{?dist}
+Release:	5%{?dist}
 Summary:	A user-friendly, customizable image viewer
 
 Group:		Amusements/Graphics
@@ -8,6 +8,7 @@
 License:	GPLv2+
 Source0:	http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz
 Patch0:		comix-3.6.4-command-argument-closure.patch
+Patch1:		comix-3.6.4-tmpfile.patch
 BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 BuildArch:	noarch
@@ -33,6 +34,7 @@
 %prep
 %setup -q
 %patch0 -p1 -b .CVE-2008-1568
+%patch1 -p1 -b .tmpfile
 
 %build
 %{__sed} -i -e 's|shutil.copy|shutil.copy2|' install.py
@@ -134,6 +136,10 @@
 
 
 %changelog
+* Wed Apr  2 2008 Mamoru Tasaka <mtasaka at ioa.s.u-tokyo.ac.jp> - 3.6.4-5
+- Second patch for bug 430635
+  Use tempfile.mkdtemp() for multiple user race condition
+
 * Wed Apr  2 2008 Mamoru Tasaka <mtasaka at ioa.s.u-tokyo.ac.jp> - 3.6.4-4
 - First patch for bug 430635
   Replace os.popen() with subprocess.Popen() to handle hostile filename

More information about the fedora-extras-commits mailing list