2008/devel/system/base/coreutils - Fix unsafe temporary directory use in distcheck ru...

Onur Küçük paketler-commits at pardus.org.tr
Thu Dec 10 00:58:29 EET 2009 

Author: onur
Date: Thu Dec 10 00:58:29 2009
New Revision: 82386

Added:
   2008/devel/system/base/coreutils/files/CVE-2009-4135.patch
Modified:
   2008/devel/system/base/coreutils/actions.py
   2008/devel/system/base/coreutils/pspec.xml
Log:
Fix unsafe temporary directory use in distcheck rule, CVE-2009-4135 bug #11693

BUG:COMMENT:11693



---
 actions.py                |    5 +++--
 files/CVE-2009-4135.patch |   22 ++++++++++++++++++++++
 pspec.xml                 |   11 +++++++++++
 3 files changed, 36 insertions(+), 2 deletions(-)

Modified: 2008/devel/system/base/coreutils/actions.py
=================================================================
--- 2008/devel/system/base/coreutils/actions.py	(original)
+++ 2008/devel/system/base/coreutils/actions.py	Thu Dec 10 00:58:29 2009
@@ -18,8 +18,9 @@
 def build():
     autotools.make("LDFLAGS=%s" % get.LDFLAGS())
 
-def check():
-    autotools.make("check")
+# to be on the safe side
+#def check():
+#    autotools.make("check")
 
 def install():
     autotools.rawInstall("DESTDIR=%s" % get.installDIR())

Modified: 2008/devel/system/base/coreutils/pspec.xml
=================================================================
--- 2008/devel/system/base/coreutils/pspec.xml	(original)
+++ 2008/devel/system/base/coreutils/pspec.xml	Thu Dec 10 00:58:29 2009
@@ -25,6 +25,8 @@
             <Patch level="1">coreutils-overflow.patch</Patch>
             <Patch level="1">coreutils-gentoo-uname.patch</Patch>
             <Patch level="1">date_utf8.patch</Patch>
+
+            <Patch level="1">CVE-2009-4135.patch</Patch>
         </Patches>
     </Source>
 
@@ -55,6 +57,15 @@
     </Package>
 
     <History>
+        <Update release="29" type="security">
+            <Date>2009-12-09</Date>
+            <Version>6.12</Version>
+            <Comment>
+                Fix unsafe temporary directory use in distcheck rule, CVE-2009-4135 bug #11693
+            </Comment>
+            <Name>Onur Küçük</Name>
+            <Email>onur at pardus.org.tr</Email>
+        </Update>
         <Update release="28">
             <Date>2008-06-26</Date>
             <Version>6.12</Version>

More information about the paketler-commits mailing list