Date: Sunday, June 18, 2017 @ 09:22:39 Author: bgyorgy Revision: 238026
upgpkg: pcmanfm-gtk3 1.2.5-2 Fix CVE-2017-8934 (FS#54070) Added: pcmanfm-gtk3/trunk/Fix-CVE-2017-8934.patch Modified: pcmanfm-gtk3/trunk/PKGBUILD -------------------------+ Fix-CVE-2017-8934.patch | 56 ++++++++++++++++++++++++++++++++++++++++++++++ PKGBUILD | 13 ++++++++-- 2 files changed, 66 insertions(+), 3 deletions(-) Added: Fix-CVE-2017-8934.patch =================================================================== --- Fix-CVE-2017-8934.patch (rev 0) +++ Fix-CVE-2017-8934.patch 2017-06-18 09:22:39 UTC (rev 238026) @@ -0,0 +1,56 @@ +From bc8c3d871e9ecc67c47ff002b68cf049793faf08 Mon Sep 17 00:00:00 2001 +From: Andriy Grytsenko <[email protected]> +Date: Sun, 14 May 2017 21:35:40 +0300 +Subject: [PATCH] Fix potential access violation, use runtime user dir instead + of tmp dir. + +--- + NEWS | 4 ++++ + src/single-inst.c | 7 ++++++- + 2 files changed, 10 insertions(+), 1 deletion(-) + +diff --git a/NEWS b/NEWS +index 8c2049a..876f7f3 100644 +--- a/NEWS ++++ b/NEWS +@@ -1,3 +1,7 @@ ++* Fixed potential access violation, use runtime user dir instead of tmp dir ++ for single instance socket. ++ ++ + Changes on 1.2.5 since 1.2.4: + + * Removed options to Cut, Remove and Rename from context menu on mounted +diff --git a/src/single-inst.c b/src/single-inst.c +index 62c37b3..aaf84ab 100644 +--- a/src/single-inst.c ++++ b/src/single-inst.c +@@ -2,7 +2,7 @@ + * single-inst.c: simple IPC mechanism for single instance app + * + * Copyright 2010 Hong Jen Yee (PCMan) <[email protected]> +- * Copyright 2012 Andriy Grytsenko (LStranger) <[email protected]> ++ * Copyright 2012-2017 Andriy Grytsenko (LStranger) <[email protected]> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by +@@ -404,11 +404,16 @@ static void get_socket_name(SingleInstData* data, char* buf, int len) + } + else + dpynum = 0; ++#if GLIB_CHECK_VERSION(2, 28, 0) ++ g_snprintf(buf, len, "%s/%s-socket-%s-%d", g_get_user_runtime_dir(), ++ data->prog_name, host ? host : "", dpynum); ++#else + g_snprintf(buf, len, "%s/.%s-socket-%s-%d-%s", + g_get_tmp_dir(), + data->prog_name, + host ? host : "", + dpynum, + g_get_user_name()); ++#endif + } + +-- +2.1.4 + Modified: PKGBUILD =================================================================== --- PKGBUILD 2017-06-18 09:19:55 UTC (rev 238025) +++ PKGBUILD 2017-06-18 09:22:39 UTC (rev 238026) @@ -8,7 +8,7 @@ pkgname=pcmanfm-gtk3 _pkgname=pcmanfm pkgver=1.2.5 -pkgrel=1 +pkgrel=2 pkgdesc='Extremely fast and lightweight file manager (GTK+ 3 version)' arch=('i686' 'x86_64') url='http://pcmanfm.sourceforge.net/' @@ -19,9 +19,16 @@ optdepends=('gvfs: for trash support, mounting with udisks and remote filesystems' 'xarchiver: archive management') conflicts=($_pkgname) -source=(https://downloads.sourceforge.net/$_pkgname/$_pkgname-$pkgver.tar.xz) -sha256sums=('0c86cac028b705ff314c7464d814c2cf7ff604c17491c20aa204b1ef1a80ad67') +source=(https://downloads.sourceforge.net/$_pkgname/$_pkgname-$pkgver.tar.xz + Fix-CVE-2017-8934.patch) +sha256sums=('0c86cac028b705ff314c7464d814c2cf7ff604c17491c20aa204b1ef1a80ad67' + 'b6c72862e70d4c4d2ec9754427bf7835b4f3104fea642e7ba4dd871c782bd1f1') +prepare() { + cd $_pkgname-$pkgver + patch -Np1 -i ../Fix-CVE-2017-8934.patch +} + build() { cd $_pkgname-$pkgver ./configure --sysconfdir=/etc --prefix=/usr --with-gtk=3
