Hello community, here is the log from the commit of package gnash for openSUSE:Factory checked in at Wed Feb 2 02:11:04 CET 2011. -------- --- gnash/gnash.changes 2010-11-16 16:52:10.000000000 +0100 +++ /mounts/work_src_done/STABLE/gnash/gnash.changes 2011-01-24 12:50:54.000000000 +0100 @@ -1,0 +2,6 @@ +Mon Jan 24 12:49:56 CET 2011 - tiwai@suse.de + +- Fix insecure temp files in configure script (CVE-2010-4337, + bnc#657906) + +------------------------------------------------------------------- calling whatdependson for head-i586 New: ---- gnash-fix-insecure-temp-files.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gnash.spec ++++++ --- /var/tmp/diff_new_pack.TUJ8mz/_old 2011-02-02 02:10:53.000000000 +0100 +++ /var/tmp/diff_new_pack.TUJ8mz/_new 2011-02-02 02:10:53.000000000 +0100 @@ -1,7 +1,7 @@ # -# spec file for package gnash (Version 0.8.8) +# spec file for package gnash # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -37,7 +37,7 @@ BuildRequires: ffmpeg-devel %endif Version: 0.8.8 -Release: 1 +Release: 2 License: GPLv2+ Summary: Free Flash movie player Group: Productivity/Networking/Web/Browsers @@ -51,6 +51,7 @@ Source1: %{name}-rpmlintrc # PATCH-FIX-UPSTREAM gnash-0.8.5-build-fixes.diff Patch: gnash-0.8.5-build-fixes.diff +Patch1: gnash-fix-insecure-temp-files.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -84,6 +85,7 @@ %setup -q -n gnash-%{version} %endif %patch -p1 +%patch1 -p1 %build autoreconf -fi ++++++ gnash-fix-insecure-temp-files.diff ++++++
From 6d86dd8cb9d567d8a6cedac301850c7349fe0ced Mon Sep 17 00:00:00 2001 From: Gabriele Giacone <1o5g4r8o@gmail.com> Date: Mon, 3 Jan 2011 17:55:51 +0100 Subject: [PATCH] Create configure temporary files in a secure way
--- configure.ac | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) --- a/configure.ac +++ b/configure.ac @@ -2923,9 +2923,14 @@ ########################## Final report begins... ############################ ### -cerr=/tmp/gnash-configure-errors.$$ -cwarn=/tmp/gnash-configure-warnings.$$ -crec=/tmp/gnash-configure-recommended.$$ +dnl Create temporary directory in a secure way +tmp=`mktemp -d ${TMPDIR=/tmp}/gnash-configure-XXXXXX` +if test ! -n "$tmp" || test ! -d "$tmp"; then + tmp=`(umask 077 && mkdir -d ${TMPDIR=/tmp}/gnash-configure-${RANDOM}-$$) 2>/dev/null` +fi +cerr=${tmp}/errors +cwarn=${tmp}/warnings +crec=${tmp}/recommended echo "" #trap 'rm cerr' 0 # trap isn't a good idea, might override other traps @@ -3194,6 +3199,7 @@ fi fi +rmdir $tmp if test x$build_hildon = xyes; then #{ if test x"$HILDON_LIBS" != x; then ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org