rpms/comix/devel comix-3.6.4-command-argument-closure.patch, NONE, 1.1 comix.spec, 1.10, 1.11
Mamoru Tasaka (mtasaka)
fedora-extras-commits at redhat.com
Wed Apr 2 12:26:57 UTC 2008
Author: mtasaka
Update of /cvs/extras/rpms/comix/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv10412/devel
Modified Files:
comix.spec
Added Files:
comix-3.6.4-command-argument-closure.patch
Log Message:
* Wed Apr 2 2008 Mamoru Tasaka <mtasaka at ioa.s.u-tokyo.ac.jp> - 3.6.4-4
- First patch for bug 430635
Replace os.popen() with subprocess.Popen() to handle hostile filename
properly (CVE-2008-1568)
comix-3.6.4-command-argument-closure.patch:
--- NEW FILE comix-3.6.4-command-argument-closure.patch ---
--- comix-3.6.4/comix.debug 2007-05-27 01:30:16.000000000 +0900
+++ comix-3.6.4/comix 2008-04-02 20:11:53.000000000 +0900
@@ -44,6 +44,9 @@
import pwd
import cPickle
+import subprocess
+import string
+
try:
import pygtk
pygtk.require('2.0')
@@ -6277,9 +6280,12 @@
archive = tarfile.open(path, 'r')
files = archive.getnames()
elif type == 'rar':
+ #files = \
+ #os.popen(self.rar + ' vb "' + path +
+ #'"').readlines()
files = \
- os.popen(self.rar + ' vb "' + path +
- '"').readlines()
+ subprocess.Popen([self.rar, 'vb', path],
+ stdout=subprocess.PIPE).communicate()[0].splitlines()
files = [file.rstrip('\n') for file in files]
cover = None
files.sort()
@@ -6302,9 +6308,20 @@
break
if cover != None:
if type == 'rar':
- os.popen(self.rar + ' p -inul -- "' + path + '" "' +
- cover + '" > "' + thumb_dir +
- '/temp" 2>/dev/null', "r").close()
+ #os.popen(self.rar + ' p -inul -- "' + path + '" "' +
+ #cover + '" > "' + thumb_dir +
+ #'/temp" 2>/dev/null', "r").close()
+ filen = thumb_dir + '/temp'
+ try:
+ os.remove(filen)
+ except:
+ pass
+ fp = open(filen, 'w')
+ fdp = fp.fileno()
+ p = subprocess.Popen(
+ [self.rar, 'p', '-inul', '--', path,
+ cover ], stdout = fdp).wait()
+ fp.close()
image = Image.open(thumb_dir + '/temp')
os.remove(thumb_dir + '/temp')
elif type == 'zip':
@@ -8733,8 +8750,10 @@
# =======================================================
elif archive_type == 'rar':
if self.rar:
- os.popen(
- self.rar + ' x "' + src_path + '" "' + dst_path + '"')
+ #os.popen(
+ #self.rar + ' x "' + src_path + '" "' + dst_path + '"')
+ subprocess.Popen(
+ [self.rar, 'x', src_path, dst_path],stdout=sys.stdout).wait()
else:
self.statusbar.push(0,
_('Could not find the unrar executable. Please install it if you wish to open RAR archives.'))
@@ -9168,9 +9187,37 @@
self.are_you_sure_dialog.hide()
if response != -5:
return
- os.popen(self.jpegtran + ' -copy all -trim ' + operation +
- ' -outfile "' + self.file[self.file_number] + '" "' +
- self.file[self.file_number] + '"')
+ #os.popen(self.jpegtran + ' -copy all -trim ' + operation +
+ #' -outfile "' + self.file[self.file_number] + '" "' +
+ #self.file[self.file_number] + '"')
+ op = operation.split()
+ op_len = len(op)
+
+ i=1
+ filen = self.file[self.file_number]
+ while (1):
+ tmp_file = filen + '.tmp' + 'z' * i
+ if os.path.exists(tmp_file):
+ i += 1
+ else:
+ break
+
+ # Ugly hack :(
+ if op_len == 2:
+ p = subprocess.Popen(
+ [self.jpegtran, '-copy', 'all', '-trim', op[0], op[1],
+ '-outfile', tmp_file, filen],
+ stdin=sys.stdin, stdout=sys.stdout)
+ else:
+ p = subprocess.Popen(
+ [self.jpegtran, '-copy', 'all', '-trim', op[0],
+ '-outfile', tmp_file, filen],
+ stdin=sys.stdin, stdout=sys.stdout)
+ p.wait()
+ if p.returncode == 0:
+ shutil.copymode(filen, tmp_file)
+ shutil.copy(tmp_file, filen)
+ os.remove(tmp_file)
try:
uri = 'file://' + urllib.pathname2url(self.file[self.file_number])
thumb_path = md5.new()
--- comix-3.6.4/mime/comicthumb.debug 2007-05-27 01:30:16.000000000 +0900
+++ comix-3.6.4/mime/comicthumb 2008-04-02 21:11:10.000000000 +0900
@@ -22,6 +22,9 @@
import StringIO
import re
import shutil
+
+import subprocess
+
try:
import Image
except:
@@ -138,19 +141,35 @@
if not rar:
print "You must install unrar or rar to thumbnail RAR archives."
sys.exit(1)
- rarfiles = os.popen('%s vb "%s"' % (rar, compressed_file)).readlines()
+ #rarfiles = os.popen('%s vb "%s"' % (rar, compressed_file)).readlines()
+ rarfiles = subprocess.Popen([rar, 'vb', compressed_file],
+ stdout=subprocess.PIPE).communicate()[0].splitlines()
for i in range(len(rarfiles)):
rarfiles[i] = rarfiles[i].rstrip("\n")
rarfiles.sort()
cover = guessCover(rarfiles)
if cover:
- picture = StringIO.StringIO(os.popen('%s p -inul -- "%s" "%s"'
- % (rar, compressed_file, cover), "r").read())
+ #picture = StringIO.StringIO(os.popen('%s p -inul -- "%s" "%s"'
+ #% (rar, compressed_file, cover), "r").read())
+ picture = StringIO.StringIO(subprocess.Popen(
+ [rar, 'p', '-inul', '--', compressed_file, cover],
+ stdout=subprocess.PIPE).stdout.read())
else:
subarchive = first_archive(rarfiles)
if subarchive:
- os.popen('%s p -inul -- "%s" "%s" > "/tmp/comicthumb/archive%d"'
- % (rar, compressed_file, subarchive, depth), "r")
+ #os.popen('%s p -inul -- "%s" "%s" > "/tmp/comicthumb/archive%d"'
+ #% (rar, compressed_file, subarchive, depth), "r")
+ filen = "/tmp/comicthumb/archive%d"%(depth)
+ try:
+ os.remove(filen)
+ except:
+ pass
+ fp = open(filen, 'w')
+ fdp = fp.fileno()
+ subprocess.Popen(
+ [rar, 'p', '-inul', '--', compressed_file, subarchive],
+ stdout = fdp).wait()
+ fp.close()
return get_image("/tmp/comicthumb/archive%d" % (depth),
depth + 1)
return picture
Index: comix.spec
===================================================================
RCS file: /cvs/extras/rpms/comix/devel/comix.spec,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- comix.spec 4 Dec 2007 16:36:04 -0000 1.10
+++ comix.spec 2 Apr 2008 12:26:19 -0000 1.11
@@ -1,12 +1,13 @@
Name: comix
Version: 3.6.4
-Release: 3%{?dist}
+Release: 4%{?dist}
Summary: A user-friendly, customizable image viewer
Group: Amusements/Graphics
URL: http://comix.sourceforge.net/
License: GPLv2+
Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz
+Patch0: comix-3.6.4-command-argument-closure.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildArch: noarch
@@ -31,6 +32,7 @@
%prep
%setup -q
+%patch0 -p1 -b .CVE-2008-1568
%build
%{__sed} -i -e 's|shutil.copy|shutil.copy2|' install.py
@@ -132,6 +134,11 @@
%changelog
+* Wed Apr 2 2008 Mamoru Tasaka <mtasaka at ioa.s.u-tokyo.ac.jp> - 3.6.4-4
+- First patch for bug 430635
+ Replace os.popen() with subprocess.Popen() to handle hostile filename
+ properly (CVE-2008-1568)
+
* Wed Dec 5 2007 Mamoru Tasaka <mtasaka at ioa.s.u-tokyo.ac.jp> - 3.6.4-3
- Fix icon path in desktop file for desktop-file-utils 0.14+
More information about the scm-commits
mailing list