[gentoo-commits] repo/gentoo:master commit in: dev-perl/Clipboard/files/, dev-perl/Clipboard/

Sat, 19 Nov 2016 03:35:17 -0800 

commit:     6ea7c366c608b4ea144a8a31cdaf2553b08bf5ef
Author:     Patrice Clement <monsieurp <AT> gentoo <DOT> org>
AuthorDate: Sat Nov 19 11:32:52 2016 +0000
Commit:     Patrice Clement <monsieurp <AT> gentoo <DOT> org>
CommitDate: Sat Nov 19 11:33:53 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6ea7c366

dev-perl/Clipboard: fix insecure temporary file usage.

This is a community patch taken from
https://anonscm.debian.org/cgit/pkg-perl/packages/libclipboard-perl.git/tree/debian/patches/insecure-tempfile.patch.

Courtesy of Gregor Herrmann <gregoa <AT> debian.org>.

Gentoo-Bug: https://bugs.gentoo.org/521890

Package-Manager: portage-2.3.0

 dev-perl/Clipboard/Clipboard-0.130.0-r2.ebuild     | 22 +++++++++++++++++++++
 .../Clipboard-0.130.0-insecure-tempfile.patch      | 23 ++++++++++++++++++++++
 2 files changed, 45 insertions(+)

diff --git a/dev-perl/Clipboard/Clipboard-0.130.0-r2.ebuild 
b/dev-perl/Clipboard/Clipboard-0.130.0-r2.ebuild
new file mode 100644
index 00000000..0696164
--- /dev/null
+++ b/dev-perl/Clipboard/Clipboard-0.130.0-r2.ebuild
@@ -0,0 +1,22 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+MODULE_AUTHOR=KING
+MODULE_VERSION=0.13
+inherit perl-module
+
+DESCRIPTION="Copy and paste with any OS"
+
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~ppc ~ppc64 ~x86"
+IUSE=""
+
+# See bug 521890.
+PATCHES=(
+       "${FILESDIR}"/"${P}"-insecure-tempfile.patch
+)
+
+RDEPEND="x11-misc/xclip"

diff --git a/dev-perl/Clipboard/files/Clipboard-0.130.0-insecure-tempfile.patch 
b/dev-perl/Clipboard/files/Clipboard-0.130.0-insecure-tempfile.patch
new file mode 100644
index 00000000..1fd452c
--- /dev/null
+++ b/dev-perl/Clipboard/files/Clipboard-0.130.0-insecure-tempfile.patch
@@ -0,0 +1,23 @@
+Description: Fix insecure use of temporary files.
+ This is CVE-2014-5509.
+Origin: vendor
+Bug: https://rt.cpan.org/Public/Bug/Display.html?id=98435
+Forwarded: https://rt.cpan.org/Public/Bug/Display.html?id=98435
+Author: gregor herrmann <gre...@debian.org>
+Last-Update: 2016-08-13
+
+--- a/scripts/clipedit
++++ b/scripts/clipedit
+@@ -1,10 +1,11 @@
+ #!/usr/bin/perl
+ use strict;
+ use Clipboard;
++use File::Temp qw( tempfile );
+ 
+ my $orig = Clipboard->paste;
+ 
+-my $tmpfilename = "/tmp/clipedit$$";
++my ($tmpfile, $tmpfilename) = tempfile();
+ open my $tmpfile, ">$tmpfilename" or die "Failure to open $tmpfilename: $!";
+ print $tmpfile $orig;
+ close $tmpfile;

Reply via email to