Hello community, here is the log from the commit of package conky for openSUSE:Factory checked in at 2013-07-22 16:39:35 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/conky (Old) and /work/SRC/openSUSE:Factory/.conky.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "conky" Changes: -------- --- /work/SRC/openSUSE:Factory/conky/conky.changes 2012-03-06 13:37:46.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.conky.new/conky.changes 2013-07-22 16:39:36.000000000 +0200 @@ -1,0 +2,26 @@ +Fri Nov 9 08:06:23 UTC 2012 - [email protected] + +- merged PMBS changes here. enabled more options.(OBS compatible) +- add dependency imlib2-loaders for conky-imlib2. + or conky will keep warning can't load images. +- add two patches from debian which also confirmed by user + please_try_again. + * fix-apcupsd.patch, revert broken apcupsd code to previous + working version. + * fix-CVE-2011-3616.patch. avoid rewriting an arbitrary user file + already upstreamed. but not in 1.9.0. remove next release. + +------------------------------------------------------------------- +Sun Oct 21 00:31:29 UTC 2012 - [email protected] + +- merged back with my changes for SLES build compatibility + +------------------------------------------------------------------- +Thu Jun 21 09:23:47 UTC 2012 - [email protected] + +- Update to 1.9.0 for changes please see + http://conky.sourceforge.net/changelog.html + * reworked conky-libiw_with_libm.patch as conky-1.9.0-libiw_with_libm.patch + * removed conky-fix-curl-FTBFS.patch as fixed by upstream + +------------------------------------------------------------------- Old: ---- conky-1.8.1.tar.bz2 conky-fix-curl-FTBFS.patch New: ---- conky-1.9.0-libiw_with_libm.patch conky-1.9.0.tar.bz2 fix-CVE-2011-3616.patch fix-apcupsd.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ conky.spec ++++++ --- /var/tmp/diff_new_pack.csGV7v/_old 2013-07-22 16:39:37.000000000 +0200 +++ /var/tmp/diff_new_pack.csGV7v/_new 2013-07-22 16:39:37.000000000 +0200 @@ -1,4 +1,3 @@ -# vim: set sw=4 ts=4 et: # # spec file for package conky # @@ -15,7 +14,8 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # -# + + %if 0%{?suse_version} >= 1100 %define with_lua_extra 1 %else @@ -23,43 +23,46 @@ %endif Name: conky -Version: 1.8.1 +Version: 1.9.0 Release: 0 Summary: Lightweight System Monitor -License: GPL-3.0+ +License: GPL-3.0+ and LGPL-3.0+ and MIT Group: System/Monitoring +Url: http://conky.sourceforge.net Source: http://prdownloads.sourceforge.net/conky/conky-%{version}.tar.bz2 Source1: conky.desktop -# PATCH-FIX-UPSTREAM - conky-fix-curl-FTBFS.patch - remove deprecated curl/types.h to fix FTBFS in newer versions of curl, http://tinyurl.com/4x76bbx -%if 0%{?suse_version} >= 1210 -Patch0: %{name}-fix-curl-FTBFS.patch -%endif # PATCH-FIX - add -lm when linking against -liw -Patch1: conky-libiw_with_libm.patch +Patch1: conky-1.9.0-libiw_with_libm.patch +# PATCH-FIX-UPSTREAM - revert broken apcupsd to previous working version. +Patch2: fix-apcupsd.patch +# PATCH-FIX-UPSTREAM - avoid rewriting an arbitrary user file. remove next release +Patch3: fix-CVE-2011-3616.patch Source99: conky-rpmlintrc -Url: http://conky.sourceforge.net -BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: fontconfig-devel BuildRequires: freetype2-devel BuildRequires: gcc BuildRequires: make +BuildRequires: pkgconfig +%if 0%{?suse_version} >= 1000 BuildRequires: xorg-x11-devel +%else +BuildRequires: XFree86-devel +%endif %if 0%{?suse_version} >= 1120 BuildRequires: libiw-devel %else BuildRequires: wireless-tools %endif -BuildRequires: glib2-devel -BuildRequires: libpng-devel -BuildRequires: zlib-devel -BuildRequires: xorg-x11-devel -BuildRequires: cairo-devel -BuildRequires: update-desktop-files +BuildRequires: alsa-devel BuildRequires: autoconf BuildRequires: automake -BuildRequires: libtool +BuildRequires: cairo-devel BuildRequires: docbook2x -BuildRequires: alsa-devel +BuildRequires: glib2-devel +BuildRequires: libpng-devel +BuildRequires: libtool +BuildRequires: update-desktop-files +BuildRequires: zlib-devel %if %with_lua_extra BuildRequires: tolua++ %endif @@ -86,15 +89,19 @@ %else BuildRequires: vim %endif -%if %suse_version >= 1030 +%if 0%{?suse_version} >= 1030 BuildRequires: libcurl-devel %else BuildRequires: curl-devel %endif %if 0%{?packman_bs} BuildRequires: audacious-devel +# fix dbus-glib-1 no found for audacious +BuildRequires: dbus-1-glib-devel BuildRequires: libXNVCtrl +BuildRequires: xmm2-devel %endif +BuildRoot: %{_tmppath}/%{name}-%{version}-build %description Conky is an advanced, highly configurable system monitor for X. @@ -118,6 +125,8 @@ Summary: Imlib2 Rendering Backend for %{name} Group: System/Monitoring Requires: %{name} = %{version} +# This is required for imlib2 function properly. +Requires: imlib2-loaders %description imlib2 Conky is an advanced, highly configurable system monitor for X. @@ -162,7 +171,7 @@ %package feature-audacious Summary: Pseudo Package for %{name} with Audacious Support Group: System/Monitoring -Requires: %{name} = %{version}-%{release} +Requires: %{name} = %{version} %description feature-audacious This is a pseudo-package that doesn't contain any files but @@ -172,7 +181,7 @@ %package feature-nvidia Summary: Pseudo Package for %{name} with nVidia Support Group: System/Monitoring -Requires: %{name} = %{version}-%{release} +Requires: %{name} = %{version} %description feature-nvidia This is a pseudo-package that doesn't contain any files but @@ -182,16 +191,15 @@ %endif %prep %setup -q -%if 0%{?suse_version} >= 1210 -%patch0 -p1 -%endif %patch1 +%patch2 -p1 +%patch3 -p1 for i in AUTHORS ChangeLog; do - %__mv "${i}" "${i}.orig" && \ + mv "${i}" "${i}.orig" && \ iconv -f iso8859-1 -t utf8 -o "${i}" "${i}.orig" && \ - %__rm "${i}.orig" + rm "${i}.orig" done %build @@ -210,6 +218,9 @@ --enable-x11 \ --enable-xdamage \ --enable-portmon \ + --enable-ibm \ + --enable-weather-metar \ + --enable-weather-xoap \ --enable-rss \ --enable-eve \ --%{?with_imlib2:enable}%{!?with_imlib2:disable}-imlib2 \ @@ -228,7 +239,8 @@ --enable-wlan \ %if 0%{?packman_bs} --enable-audacious=yes \ - --enable-nvidia=yes + --enable-nvidia=yes \ + --enable-xmms2=yes %else --enable-audacious=no \ --enable-nvidia=no @@ -236,16 +248,16 @@ # inotify on SLE < 11 is too old %if 0%{?sles_version} > 0 && 0%{?sles_version} < 11 -%__sed -i '/^#define HAVE_SYS_INOTIFY_H/d' src/config.h +sed -i '/^#define HAVE_SYS_INOTIFY_H/d' src/config.h echo '#undef HAVE_SYS_INOTIFY_H' >> src/config.h %endif -%__make %{?jobs:-j%{jobs}} +make %{?_smp_flags} %install -%makeinstall +make DESTDIR=%{buildroot} install -%__install -D -m 0644 "%{SOURCE1}" "%{buildroot}%{_datadir}/applications/%{name}.desktop" +install -D -m 0644 "%{SOURCE1}" "%{buildroot}%{_datadir}/applications/%{name}.desktop" %suse_update_desktop_file -r "%{name}" System Monitor for feature in audacious nvidia; do @@ -257,35 +269,35 @@ EOF done -%__install -D -m0644 extras/vim/ftdetect/conkyrc.vim "%{buildroot}%{_datadir}/vim/site/ftdetect/conkyrc.vim" -%__install -D -m0644 extras/vim/syntax/conkyrc.vim "%{buildroot}%{_datadir}/vim/site/syntax/conkyrc.vim" +install -D -m0644 extras/vim/ftdetect/conkyrc.vim "%{buildroot}%{_datadir}/vim/site/ftdetect/conkyrc.vim" +install -D -m0644 extras/vim/syntax/conkyrc.vim "%{buildroot}%{_datadir}/vim/site/syntax/conkyrc.vim" -%__install -D -m0644 extras/nano/conky.nanorc "%{buildroot}%{_datadir}/nano/conky.nanorc" +install -D -m0644 extras/nano/conky.nanorc "%{buildroot}%{_datadir}/nano/conky.nanorc" -%__install -d "%{buildroot}%{_docdir}/%{name}" +install -d "%{buildroot}%{_docdir}/%{name}" MAINDOCFILES="$PWD/doc.main.lst" echo -n >"$MAINDOCFILES" for f in AUTHORS ChangeLog COPYING NEWS README TODO data/conky.conf; do ff=$(basename "$f") - %__install -D -m0644 "$f" "%{buildroot}%{_docdir}/%{name}/$ff" + install -D -m0644 "$f" "%{buildroot}%{_docdir}/%{name}/$ff" echo "%doc %{_docdir}/%{name}/$ff" >>"$MAINDOCFILES" done DOCDOCFILES="$PWD/doc.doc.lst" echo -n >"$DOCDOCFILES" for f in doc/*.html; do ff=$(basename "$f") - %__install -D -m0644 "$f" "%{buildroot}%{_docdir}/%{name}/$ff" + install -D -m0644 "$f" "%{buildroot}%{_docdir}/%{name}/$ff" echo "%doc %{_docdir}/%{name}/$ff" >>"$DOCDOCFILES" done %if %with_lua_extra -%__rm -rf "%{buildroot}%{_libdir}/conky"/*.{a,la} +rm -rf "%{buildroot}%{_libdir}/conky"/*.{a,la} %else -%__install -d "%{buildroot}%{_libdir}/conky" +install -d "%{buildroot}%{_libdir}/conky" %endif %clean -%{?buildroot:%__rm -rf "%{buildroot}"} +%{?buildroot:rm -rf %{buildroot}} %files -f doc.main.lst %defattr(-,root,root) ++++++ conky-1.9.0-libiw_with_libm.patch ++++++ --- configure.orig +++ configure @@ -14867,7 +14867,7 @@ if ${ac_cv_lib_iw_iw_sockets_open+:} fal $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS -LIBS="-liw $conky_LIBS $LIBS" +LIBS="-liw -lm $conky_LIBS $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -14898,7 +14898,7 @@ fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_iw_iw_sockets_open" >&5 $as_echo "$ac_cv_lib_iw_iw_sockets_open" >&6; } if test "x$ac_cv_lib_iw_iw_sockets_open" = xyes; then : - conky_LIBS="-liw $conky_LIBS" + conky_LIBS="-liw -lm $conky_LIBS" else as_fn_error $? "iw_sockets_open not found" "$LINENO" 5 fi --- configure.ac.orig +++ configure.ac @@ -546,8 +546,8 @@ AC_ARG_ENABLE([wlan], AM_CONDITIONAL(BUILD_WLAN, test x$want_wlan = xyes) if test x$want_wlan = xyes; then AC_CHECK_HEADERS([iwlib.h], [], AC_MSG_ERROR([iwlib.h header not found])) - AC_CHECK_LIB([iw], [iw_sockets_open], [conky_LIBS="-liw $conky_LIBS"], - AC_MSG_ERROR([iw_sockets_open not found]), [$conky_LIBS]) + AC_CHECK_LIB([iw], [iw_sockets_open], [conky_LIBS="-liw -lm $conky_LIBS"], + AC_MSG_ERROR([iw_sockets_open not found]), [-lm $conky_LIBS]) AC_DEFINE(HAVE_IWLIB, 1, [Define if you want wireless support]) fi --- configure.ac.in.orig +++ configure.ac.in @@ -546,8 +546,8 @@ AC_ARG_ENABLE([wlan], AM_CONDITIONAL(BUILD_WLAN, test x$want_wlan = xyes) if test x$want_wlan = xyes; then AC_CHECK_HEADERS([iwlib.h], [], AC_MSG_ERROR([iwlib.h header not found])) - AC_CHECK_LIB([iw], [iw_sockets_open], [conky_LIBS="-liw $conky_LIBS"], - AC_MSG_ERROR([iw_sockets_open not found]), [$conky_LIBS]) + AC_CHECK_LIB([iw], [iw_sockets_open], [conky_LIBS="-liw -lm $conky_LIBS"], + AC_MSG_ERROR([iw_sockets_open not found]), [-lm $conky_LIBS]) AC_DEFINE(HAVE_IWLIB, 1, [Define if you want wireless support]) fi ++++++ conky-1.8.1.tar.bz2 -> conky-1.9.0.tar.bz2 ++++++ ++++ 25575 lines of diff (skipped) ++++++ fix-CVE-2011-3616.patch ++++++ Description: Fix CVE-2011-3616; avoid rewriting an arbitrary user file The getSkillname function in the eve module in Conky 1.8.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on /tmp/.cesf. Although this has been patched in upstream git, the latest stable Conky releases (including 1.9.0) have not been patched upstream and thus still seem to be vulnerable. Origin: upstream, http://git.omp.am/?p=conky.git;a=patch;h=70b6f35a846f7b85bd11e66c1f23feee6b369688 Bug: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3616 Bug: http://sourceforge.net/support/tracker.php?aid=3524945 Bug-Debian: http://bugs.debian.org/612033 Bug-Ubuntu: https://launchpad.net/bugs/607309 --- a/src/eve.c +++ b/src/eve.c @@ -251,19 +251,6 @@ } } -static int file_exists(const char *filename) -{ - struct stat fi; - - if ((stat(filename, &fi)) == 0) { - if (fi.st_size > 0) - return 1; - else - return 0; - } else - return 0; -} - static void writeSkilltree(char *content, const char *filename) { FILE *fp = fopen(filename, "w"); @@ -279,13 +266,12 @@ xmlDocPtr doc = 0; xmlNodePtr root = 0; - if (!file_exists(file)) { - skilltree = getXmlFromAPI(NULL, NULL, NULL, EVEURL_SKILLTREE); - writeSkilltree(skilltree, file); - free(skilltree); - } + skilltree = getXmlFromAPI(NULL, NULL, NULL, EVEURL_SKILLTREE); + writeSkilltree(skilltree, file); + free(skilltree); doc = xmlReadFile(file, NULL, 0); + unlink(file); if (!doc) return NULL; @@ -336,7 +322,7 @@ static char *eve(char *userid, char *apikey, char *charid) { Character *chr = NULL; - const char *skillfile = "/tmp/.cesf"; + char skillfile[] = "/tmp/.cesfXXXXXX"; int i = 0; char *output = 0; char *timel = 0; @@ -344,6 +330,7 @@ char *content = 0; time_t now = 0; char *error = 0; + int tmp_fd, old_umask; for (i = 0; i < MAXCHARS; i++) { @@ -396,6 +383,14 @@ output = (char *)malloc(200 * sizeof(char)); timel = formatTime(&chr->ends); + old_umask = umask(0066); + tmp_fd = mkstemp(skillfile); + umask(old_umask); + if (tmp_fd == -1) { + error = strdup("Cannot create temporary file"); + return error; + } + close(tmp_fd); skill = getSkillname(skillfile, chr->skill); chr->skillname = strdup(skill); ++++++ fix-apcupsd.patch ++++++ Description: Fix broken apcupsd support in Conky 1.8.1 Revert apcupsd-related code to Conky 1.8.0 in order to fix broken apcupsd support. This is a workaround until upstream properly addresses this issue. From: Brian Derr <[email protected]> Forwarded: http://sourceforge.net/support/tracker.php?aid=3083859 Bug-Ubuntu: https://bugs.launchpad.net/bugs/897495 Last-Update: 2011-12-02 --- a/src/apcupsd.c +++ b/src/apcupsd.c @@ -154,7 +154,7 @@ // // Conky update function for apcupsd data // -int update_apcupsd(void) { +void update_apcupsd(void) { int i; APCUPSD_S apc; @@ -164,41 +164,44 @@ memcpy(apc.items[i], "N/A", 4); // including \0 do { - struct addrinfo hints; - struct addrinfo *ai, *rp; - int res; + struct hostent* he = 0; + struct sockaddr_in addr; short sz = 0; - char portbuf[8]; +#ifdef HAVE_GETHOSTBYNAME_R + struct hostent he_mem; + int he_errno; + char hostbuff[2048]; +#endif // // connect to apcupsd daemon // - memset(&hints, 0, sizeof(struct addrinfo)); - hints.ai_family = AF_UNSPEC; - hints.ai_socktype = SOCK_STREAM; - hints.ai_flags = 0; - hints.ai_protocol = 0; - snprintf(portbuf, 8, "%d", info.apcupsd.port); - res = getaddrinfo(info.apcupsd.host, portbuf, &hints, &ai); - if (res != 0) { - NORM_ERR("APCUPSD getaddrinfo: %s", gai_strerror(res)); + sock = socket(AF_INET, SOCK_STREAM, 0); + if (sock < 0) { + perror("socket"); break; } - for (rp = ai; rp != NULL; rp = rp->ai_next) { - sock = socket(rp->ai_family, rp->ai_socktype, rp->ai_protocol); - if (sock == -1) { - continue; - } - if (connect(sock, rp->ai_addr, rp->ai_addrlen) != -1) { - break; - } - close(sock); +#ifdef HAVE_GETHOSTBYNAME_R + if (gethostbyname_r(info.apcupsd.host, &he_mem, hostbuff, sizeof(hostbuff), &he, &he_errno) || !he ) { + NORM_ERR("APCUPSD gethostbyname_r: %s", hstrerror(h_errno)); + break; + } +#else /* HAVE_GETHOSTBYNAME_R */ + he = gethostbyname(info.apcupsd.host); + if (!he) { + herror("gethostbyname"); + break; } - freeaddrinfo(ai); - if (rp == NULL) { +#endif /* HAVE_GETHOSTBYNAME_R */ + + memset(&addr, 0, sizeof(addr)); + addr.sin_family = AF_INET; + addr.sin_port = info.apcupsd.port; + memcpy(&addr.sin_addr, he->h_addr, he->h_length); + if (connect(sock, (struct sockaddr*)&addr, sizeof(struct sockaddr)) < 0) { // no error reporting, the daemon is probably not running break; } - + // // send status request - "status" - 6B // @@ -222,5 +225,5 @@ // "atomically" copy the data into working set // memcpy(info.apcupsd.items, apc.items, sizeof(info.apcupsd.items)); - return 0; + return; } --- a/src/apcupsd.h +++ b/src/apcupsd.h @@ -49,6 +49,6 @@ } APCUPSD_S, *PAPCUPSD_S; /* Service routine for the conky main thread */ -int update_apcupsd(void); +void update_apcupsd(void); #endif /*APCUPSD_H_*/ -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
