rpms/comix/F-8 comix-3.6.4-tmpfile.patch, NONE, 1.1 comix.spec, 1.10, 1.11
Mamoru Tasaka (mtasaka)
fedora-extras-commits at redhat.com
Wed Apr 2 14:41:43 UTC 2008
Author: mtasaka
Update of /cvs/extras/rpms/comix/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv27440/F-8
Modified Files:
comix.spec
Added Files:
comix-3.6.4-tmpfile.patch
Log Message:
* Wed Apr 2 2008 Mamoru Tasaka <mtasaka at ioa.s.u-tokyo.ac.jp> - 3.6.4-5
- Second patch for bug 430635
Use tempfile.mkdtemp() for multiple user race condition
comix-3.6.4-tmpfile.patch:
--- NEW FILE comix-3.6.4-tmpfile.patch ---
--- comix-3.6.4/comix.tmpdir 2008-04-02 21:17:54.000000000 +0900
+++ comix-3.6.4/comix 2008-04-02 23:32:50.000000000 +0900
@@ -47,6 +47,8 @@
import subprocess
import string
+import tempfile
+
try:
import pygtk
pygtk.require('2.0')
@@ -257,6 +259,8 @@
window_height = 0
colour_adjust_signal_kill = False
colour_adjust_dialog_displayed = False
+
+ _tmp_dir = None
def close_application(self, widget, event=None):
@@ -270,8 +274,8 @@
self.prefs['page of last file'] = self.file_number
if os.path.exists(self.base_dir):
shutil.rmtree(self.base_dir)
- if len(os.listdir('/tmp/comix')) == 0:
- shutil.rmtree('/tmp/comix')
+ if len(os.listdir(self._tmp_dir)) == 0:
+ shutil.rmtree(self._tmp_dir)
self.exit = True
# =======================================================
@@ -369,9 +373,9 @@
# =======================================================
if os.path.exists(self.base_dir):
shutil.rmtree(self.base_dir)
- if os.path.isdir('/tmp/comix'):
- if len(os.listdir('/tmp/comix')) == 0:
- shutil.rmtree('/tmp/comix')
+ if os.path.isdir(self._tmp_dir):
+ if len(os.listdir(self._tmp_dir)) == 0:
+ shutil.rmtree(self._tmp_dir)
# =======================================================
@@ -8027,7 +8031,7 @@
return False
# We don't want to open files from our selves.
- if selection.data.startswith('file:///tmp/comix/'):
+ if selection.data.startswith('file://' + self._tmp_dir):
return
uri = selection.data.strip()
@@ -10543,15 +10547,20 @@
# The dir is /tmp/comix/<num> where <num> is 1 or higher
# depending on the number of Comix sessions opened.
# =======================================================
- if not os.path.exists('/tmp/comix/'):
- os.makedirs('/tmp/comix/')
- os.chmod('/tmp/comix/', 0700)
+ #if not os.path.exists('/tmp/comix/'):
+ # os.makedirs('/tmp/comix/')
+ # os.chmod('/tmp/comix/', 0700)
+
+ self._tmp_dir = tempfile.mkdtemp(prefix='comix.', suffix=os.sep,
+ dir = '/tmp')
+ self._tmp_dir += "/"
+
dir_number = 1
while 1:
- if not os.path.exists('/tmp/comix/' + str(dir_number)):
- os.mkdir('/tmp/comix/' + str(dir_number))
- os.chmod('/tmp/comix/' + str(dir_number), 0700)
- self.base_dir = '/tmp/comix/' + str(dir_number) + '/'
+ if not os.path.exists(self._tmp_dir + str(dir_number)):
+ os.mkdir(self._tmp_dir + str(dir_number))
+ os.chmod(self._tmp_dir + str(dir_number), 0700)
+ self.base_dir = self._tmp_dir + str(dir_number) + '/'
break
dir_number += 1
Index: comix.spec
===================================================================
RCS file: /cvs/extras/rpms/comix/F-8/comix.spec,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- comix.spec 2 Apr 2008 12:26:10 -0000 1.10
+++ comix.spec 2 Apr 2008 14:41:00 -0000 1.11
@@ -1,6 +1,6 @@
Name: comix
Version: 3.6.4
-Release: 4%{?dist}
+Release: 5%{?dist}
Summary: A user-friendly, customizable image viewer
Group: Amusements/Graphics
@@ -8,6 +8,7 @@
License: GPLv2+
Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz
Patch0: comix-3.6.4-command-argument-closure.patch
+Patch1: comix-3.6.4-tmpfile.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildArch: noarch
@@ -33,6 +34,7 @@
%prep
%setup -q
%patch0 -p1 -b .CVE-2008-1568
+%patch1 -p1 -b .tmpfile
%build
%{__sed} -i -e 's|shutil.copy|shutil.copy2|' install.py
@@ -134,6 +136,10 @@
%changelog
+* Wed Apr 2 2008 Mamoru Tasaka <mtasaka at ioa.s.u-tokyo.ac.jp> - 3.6.4-5
+- Second patch for bug 430635
+ Use tempfile.mkdtemp() for multiple user race condition
+
* Wed Apr 2 2008 Mamoru Tasaka <mtasaka at ioa.s.u-tokyo.ac.jp> - 3.6.4-4
- First patch for bug 430635
Replace os.popen() with subprocess.Popen() to handle hostile filename
More information about the fedora-extras-commits
mailing list