vdr/vdr/debian/patches 08_security_CAN-2005-0071.dpatch 00list
Thomas Schmidt
pkg-vdr-dvb-changes@lists.alioth.debian.org
Sun, 16 Jan 2005 22:02:59 +0000
Update of /cvsroot/pkg-vdr-dvb/vdr/vdr/debian/patches
In directory haydn:/tmp/cvs-serv16831/vdr/vdr/debian/patches
Modified Files:
00list
Added Files:
08_security_CAN-2005-0071.dpatch
Log Message:
* added fix for CAN-2005-0071 (do not overwrite files with the GRAB-Command anymore)
* improved adduser-code in postinst
--- NEW FILE: 08_security_CAN-2005-0071.dpatch ---
#! /bin/sh /usr/share/dpatch/dpatch-run
## 08_security_CAN-2005-0071.dpatch by Thomas Schmidt <thomas.schmidt@in.stud.tu-ilmenau.de>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: Fixes CAN-2005-0071 (It is not possible to overwrite files with
## DP: the GRAB-Command anymore)
@DPATCH@
diff -urNad vdr-1.2.6/dvbdevice.c /tmp/dpep.80S4AN/vdr-1.2.6/dvbdevice.c
--- vdr-1.2.6/dvbdevice.c 2004-04-22 12:48:31.000000000 +0200
+++ /tmp/dpep.80S4AN/vdr-1.2.6/dvbdevice.c 2005-01-16 21:51:24.000000000 +0100
@@ -505,8 +505,10 @@
Quality = 255; //XXX is this 'best'???
isyslog("grabbing to %s (%s %d %d %d)", FileName, Jpeg ? "JPEG" : "PNM", Quality, vm.width, vm.height);
- FILE *f = fopen(FileName, "wb");
- if (f) {
+ int fd = open(FileName, O_CREAT | O_EXCL | O_TRUNC | O_RDWR, 0600);
+ if (fd > -1) {
+ FILE *f = fdopen(fd, "wb");
+ if (f) {
if (Jpeg) {
// write JPEG file:
struct jpeg_compress_struct cinfo;
@@ -540,7 +542,8 @@
}
}
fclose(f);
- }
+ }
+ }
else {
LOG_ERROR_STR(FileName);
result |= 1;
Index: 00list
===================================================================
RCS file: /cvsroot/pkg-vdr-dvb/vdr/vdr/debian/patches/00list,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -d -r1.13 -r1.14
--- 00list 16 Jan 2005 19:39:47 -0000 1.13
+++ 00list 16 Jan 2005 22:02:56 -0000 1.14
@@ -6,6 +6,7 @@
05_set_system_time_as_user
06_default_svdrp_port_0
07_not_as_root
+08_security_CAN-2005-0071
# The Elchi AIO 4d patch for a nicer OSD, inlcuding the frames and black
# square fix.