rpms/fbida/FC-3 CVE-2006-1695-fbgs.mktemp.patch, NONE, 1.1 fbida.spec, 1.5, 1.6

Adrian Reber (adrian) fedora-extras-commits at redhat.com
Mon Apr 24 06:19:55 UTC 2006 

Author: adrian

Update of /cvs/extras/rpms/fbida/FC-3
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv11261

Modified Files:
	fbida.spec 
Added Files:
	CVE-2006-1695-fbgs.mktemp.patch 
Log Message:
* Mon Apr 24 2006 Adrian Reber <adrian at lisas.de> - 2.03-4
- security fix for #189721


CVE-2006-1695-fbgs.mktemp.patch:

--- NEW FILE CVE-2006-1695-fbgs.mktemp.patch ---
diff -ru fbida-2.01.orig/fbgs fbida-2.01/fbgs
--- fbida-2.01.orig/fbgs	2004-03-28 13:32:16.000000000 +0200
+++ fbida-2.01/fbgs	2006-04-08 02:49:37.000000000 +0200
@@ -1,8 +1,8 @@
 #!/bin/bash
 
 # tmp dir
-DIR="${TMPDIR-/var/tmp}/fbps-$$"
-mkdir -p $DIR	|| exit 1
+DIR=`mktemp -dtp /tmp fbgs-XXXXXX`
+[ -d $DIR ]  || exit 1
 trap "rm -rf $DIR" EXIT
 
 # parse options


Index: fbida.spec
===================================================================
RCS file: /cvs/extras/rpms/fbida/FC-3/fbida.spec,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- fbida.spec	21 Feb 2005 17:19:10 -0000	1.5
+++ fbida.spec	24 Apr 2006 06:19:55 -0000	1.6
@@ -1,13 +1,12 @@
-# $Id$
-
 Summary:        FrameBuffer Imageviewer
 Name:           fbida
 Version:        2.03
-Release:        3
+Release:        4%{?dist}
 License:        GPL
 Group:          Applications/Multimedia
 URL:            http://linux.bytesex.org/fbida/
 Source:         http://dl.bytesex.org/releases/fbida/fbida-2.03.tar.gz
+Patch:          CVE-2006-1695-fbgs.mktemp.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires:  libexif-devel fontconfig-devel libjpeg-devel
 BuildRequires:  libpng-devel libtiff-devel pkgconfig
@@ -39,6 +38,7 @@
 
 %prep
 %setup -q
+%patch -p1
 
 %build
 LIB=%{_lib} prefix=%{_prefix} CFLAGS=$RPM_OPT_FLAGS %{__make} %{?_smp_mflags}
@@ -78,6 +78,9 @@
 %{_bindir}/fbgs
 
 %changelog
+* Mon Apr 24 2006 Adrian Reber <adrian at lisas.de> - 2.03-4
+- security fix for #189721
+
 * Mon Feb 21 2005 Thorsten Leemhuis <fedora at leemhuis dot info> - 2.03-3
 - Fix typo; must be LIB=%%{_lib}; really fixes x86_64

More information about the scm-commits mailing list