Hello community, here is the log from the commit of package gnash for openSUSE:Factory checked in at 2012-03-07 13:41:55 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gnash (Old) and /work/SRC/openSUSE:Factory/.gnash.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gnash", Maintainer is "[email protected]" Changes: -------- --- /work/SRC/openSUSE:Factory/gnash/gnash.changes 2011-10-18 14:13:12.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.gnash.new/gnash.changes 2012-03-07 13:42:35.000000000 +0100 @@ -1,0 +2,6 @@ +Mon Mar 5 18:08:08 CET 2012 - [email protected] + +- VUL-1: CVE-2011-4328: gnash: Unsafe management of HTTP cookies + (bnc#732324) + +------------------------------------------------------------------- New: ---- gnash-CVE-2011-4328.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gnash.spec ++++++ --- /var/tmp/diff_new_pack.JCfX0h/_old 2012-03-07 13:42:36.000000000 +0100 +++ /var/tmp/diff_new_pack.JCfX0h/_new 2012-03-07 13:42:36.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package gnash # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -38,9 +38,9 @@ BuildRequires: ffmpeg-devel %endif Version: 0.8.8 -Release: 2 -License: GPL-2.0+ +Release: 0 Summary: Free Flash movie player +License: GPL-2.0+ Group: Productivity/Networking/Web/Browsers %if %{cvs_date} %define package_version %{version}.cvs%{cvs_date} @@ -53,6 +53,7 @@ # PATCH-FIX-UPSTREAM gnash-0.8.5-build-fixes.diff Patch: gnash-0.8.5-build-fixes.diff Patch1: gnash-fix-insecure-temp-files.diff +Patch2: gnash-CVE-2011-4328.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -66,7 +67,6 @@ of the areas to work on to achieve full version 7 compliance. %package devel -License: GPL-2.0+ Summary: Gnash include files Group: Development/Libraries/C and C++ Requires: %{name} = %{version} @@ -87,6 +87,7 @@ %endif %patch -p1 %patch1 -p1 +%patch2 -p1 %build autoreconf -fi ++++++ gnash-CVE-2011-4328.diff ++++++ >From 8fc19a890ee787d26200dc1b8b5546e3bb15ac7b Mon Sep 17 00:00:00 2001 From: Gabriele Giacone <[email protected]> Date: Thu, 01 Dec 2011 00:59:15 +0000 Subject: CVE-2011-4328 fix. mkstemps and boost::iostreams. See bug #34903 --- --- plugin/npapi/Makefile.am | 1 plugin/npapi/plugin.cpp | 48 +++++++++++++++++++++++++++++++++-------------- 2 files changed, 35 insertions(+), 14 deletions(-) --- a/plugin/npapi/Makefile.am +++ b/plugin/npapi/Makefile.am @@ -70,6 +70,7 @@ libgnashplugin_la_SOURCES = plugin.cpp libgnashplugin_la_LIBADD = \ $(GLIB_LIBS) \ + -lboost_iostreams \ $(NULL) # Scriptable plugin support --- a/plugin/npapi/plugin.cpp +++ b/plugin/npapi/plugin.cpp @@ -75,6 +75,8 @@ #include <boost/tokenizer.hpp> #include <boost/algorithm/string/join.hpp> +#include <boost/iostreams/device/file_descriptor.hpp> +#include <boost/iostreams/stream.hpp> #include <boost/format.hpp> #include <sys/param.h> #include <csignal> @@ -132,6 +134,17 @@ getPluginDescription() return desc; } +boost::iostreams::file_descriptor_sink getfdsink(char mkstemplate[]); + +boost::iostreams::file_descriptor_sink +getfdsink(char mksTemplate[]) +{ + int suffix = std::string(mksTemplate).size() - std::string(mksTemplate).find("XXXXXX") - 6; + int fd = mkstemps (mksTemplate, suffix); + boost::iostreams::file_descriptor_sink fdsink(fd, boost::iostreams::close_handle); + return fdsink; +} + // // general initialization and shutdown // @@ -919,16 +932,17 @@ create_standalone_launcher(const std::st return; } - std::ofstream saLauncher; - - std::stringstream ss; - static int debugno = 0; - debugno = (debugno + 1) % 10; - ss << "/tmp/gnash-debug-" << debugno << ".sh"; - saLauncher.open(ss.str().c_str(), std::ios::out | std::ios::trunc); + char debugname[] = "/tmp/gnash-debug-XXXXXX.sh"; + boost::iostreams::file_descriptor_sink fdsink = getfdsink(debugname); + if (fdsink.handle() == -1) { + gnash::log_error("Failed to create sink: %s", debugname); + return; + } + boost::iostreams::stream<boost::iostreams::file_descriptor_sink> + saLauncher (fdsink); if (!saLauncher) { - gnash::log_error("Failed to open new file for standalone launcher: " + ss.str()); + gnash::log_error("Failed to open new file for standalone launcher: %s", debugname); return; } @@ -951,6 +965,7 @@ create_standalone_launcher(const std::st << std::endl; saLauncher.close(); + fdsink.close(); #endif } @@ -996,15 +1011,20 @@ nsPluginInstance::getCmdLine(int hostfd, std::string ncookie (cookie, length); if (cookie) { gnash::log_debug("The Cookie for %s is %s", url, ncookie); - std::ofstream cookiefile; - std::stringstream ss; - ss << "/tmp/gnash-cookies." << getpid(); - - cookiefile.open(ss.str().c_str(), std::ios::out | std::ios::trunc); + char cookiename[] = "/tmp/gnash-cookies.XXXXXX"; + boost::iostreams::file_descriptor_sink fdsink = getfdsink(cookiename); + if (fdsink.handle() == -1) { + gnash::log_error("Failed to create sink: %s", cookiename); + return arg_vec; + } + boost::iostreams::stream<boost::iostreams::file_descriptor_sink> + cookiefile (fdsink); + cookiefile << "Set-Cookie: " << ncookie << std::endl; cookiefile.close(); + fdsink.close(); - if (setenv("GNASH_COOKIES_IN", ss.str().c_str(), 1) < 0) { + if (setenv("GNASH_COOKIES_IN", cookiename, 1) < 0) { gnash::log_error( "Couldn't set environment variable GNASH_COOKIES_IN to %s", ncookie); -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
