rpms/wyrd/devel wyrd-1.4.3b-02-CVE-2008-0806.patch, NONE, 1.1 .cvsignore, 1.2, 1.3 sources, 1.2, 1.3 wyrd.spec, 1.3, 1.4

Till Maas (till) fedora-extras-commits at redhat.com
Thu Feb 21 09:04:10 UTC 2008 

Author: till

Update of /cvs/pkgs/rpms/wyrd/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv13218

Modified Files:
	.cvsignore sources wyrd.spec 
Added Files:
	wyrd-1.4.3b-02-CVE-2008-0806.patch 
Log Message:
* Thu Feb 21 2008 Till Maas <opensource till name> - 1.4.3b-1
- update to latest version
- include patch from debian to fix CVE-2008-0806


wyrd-1.4.3b-02-CVE-2008-0806.patch:

--- NEW FILE wyrd-1.4.3b-02-CVE-2008-0806.patch ---
#! /bin/sh /usr/share/dpatch/dpatch-run
## 02-CVE-2008-0806.dpatch by Nico Golde <nion at debian.org>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: No description.

@DPATCH@
diff -urNad wyrd-1.4.3b~/interface_main.ml wyrd-1.4.3b/interface_main.ml
--- wyrd-1.4.3b~/interface_main.ml	2007-08-20 03:24:26.000000000 +0200
+++ wyrd-1.4.3b/interface_main.ml	2008-02-20 19:51:39.000000000 +0100
@@ -1066,9 +1066,9 @@
    in
    Hashtbl.iter find_binding Rcfile.table_commandstr_command;
    let sorted_list = List.fast_sort Pervasives.compare !bindings in
-   let out_channel = open_out Rcfile.tmpfile in
+   let out_channel = Rcfile.tmpfd in
    List.iter (output_string out_channel) sorted_list;
-   close_out out_channel;
+   flush out_channel;
    def_prog_mode ();
    endwin ();
    let _ = Unix.system ("less " ^ Rcfile.tmpfile) in 
@@ -1786,8 +1786,9 @@
          let i = draw_msg iface in
          handle_refresh i reminders
       |Rcfile.Quit ->
-         let new_iface = {iface with run_wyrd = false} in
-         (new_iface, reminders)
+           let out_channel = Rcfile.tmpfd in
+           close_out out_channel;Sys.remove Rcfile.tmpfile;let new_iface = {iface with run_wyrd = false} in
+           (new_iface, reminders)
    with Not_found ->
       let _ = beep () in
       draw_error iface "key is not bound." false;
diff -urNad wyrd-1.4.3b~/rcfile.ml wyrd-1.4.3b/rcfile.ml
--- wyrd-1.4.3b~/rcfile.ml	2007-08-20 03:24:26.000000000 +0200
+++ wyrd-1.4.3b/rcfile.ml	2008-02-20 19:51:19.000000000 +0100
@@ -136,7 +136,7 @@
 (* Final hash table that maps from object to color_pair index *)
 let object_palette      = Hashtbl.create 20
 
-let tmpfile = "/tmp/wyrd-tmp." ^ (string_of_int (Unix.getuid ()))
+let tmpfile,tmpfd = Filename.open_temp_file "wyrd" "-temp"
       
 
 (* Turn colors on and off *)


Index: .cvsignore
===================================================================
RCS file: /cvs/pkgs/rpms/wyrd/devel/.cvsignore,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- .cvsignore	21 Oct 2007 17:49:17 -0000	1.2
+++ .cvsignore	21 Feb 2008 09:03:35 -0000	1.3
@@ -1 +1 @@
-wyrd-1.4.3.tar.gz
+wyrd-1.4.3b.tar.gz


Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/wyrd/devel/sources,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- sources	21 Oct 2007 17:49:17 -0000	1.2
+++ sources	21 Feb 2008 09:03:35 -0000	1.3
@@ -1 +1 @@
-defb0708a77bc1433607cbaf8273323a  wyrd-1.4.3.tar.gz
+d428191d81769894cf773b8de6cae7ac  wyrd-1.4.3b.tar.gz


Index: wyrd.spec
===================================================================
RCS file: /cvs/pkgs/rpms/wyrd/devel/wyrd.spec,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- wyrd.spec	20 Feb 2008 05:21:23 -0000	1.3
+++ wyrd.spec	21 Feb 2008 09:03:35 -0000	1.4
@@ -1,6 +1,6 @@
 Name:           wyrd
-Version:        1.4.3
-Release:        4%{?dist}
+Version:        1.4.3b
+Release:        1%{?dist}
 Summary:        A ncurses frontend for the calendar application remind
 
 Group:          Applications/Productivity
@@ -9,6 +9,7 @@
 Source0:        http://www.eecs.umich.edu/~pelzlpj/wyrd/wyrd-%{version}.tar.gz
 Source1:        wyrd-wyrdrc.local
 Patch0:         wyrd-1.4.3-wyrdrc-local.patch
+Patch1:         wyrd-1.4.3b-02-CVE-2008-0806.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 # There is no ocaml for ppc64
@@ -31,6 +32,7 @@
 %prep
 %setup -q
 %patch0 -p1
+%patch1 -p1 -b .02-CVE-2008-0806
 
 
 %build
@@ -60,6 +62,10 @@
 
 
 %changelog
+* Thu Feb 21 2008 Till Maas <opensource till name> - 1.4.3b-1
+- update to latest version
+- include patch from debian to fix CVE-2008-0806
+
 * Wed Feb 20 2008 Fedora Release Engineering <rel-eng at fedoraproject.org> - 1.4.3-4
 - Autorebuild for GCC 4.3

More information about the fedora-extras-commits mailing list