SOURCES: tightvnc-security.patch (NEW), tightvnc-imake-tmpdir.patc...
glen
glen at pld-linux.org
Fri Jan 27 14:38:47 CET 2006
Author: glen Date: Fri Jan 27 13:38:47 2006 GMT
Module: SOURCES Tag: HEAD
---- Log message:
- security related patches from gentoo
---- Files affected:
SOURCES:
tightvnc-security.patch (NONE -> 1.1) (NEW), tightvnc-imake-tmpdir.patch (NONE -> 1.1) (NEW)
---- Diffs:
================================================================
Index: SOURCES/tightvnc-security.patch
diff -u /dev/null SOURCES/tightvnc-security.patch:1.1
--- /dev/null Fri Jan 27 14:38:47 2006
+++ SOURCES/tightvnc-security.patch Fri Jan 27 14:38:42 2006
@@ -0,0 +1,20 @@
+--- /tmp/vncserver 2003-02-21 17:29:45.000000000 +0000
++++ vncserver 2003-02-21 17:30:10.000000000 +0000
+@@ -153,15 +153,8 @@
+ $desktopLog = "$vncUserDir/$host:$displayNumber.log";
+ unlink($desktopLog);
+
+-# Make an X server cookie - use as the seed the sum of the current time, our
+-# PID and part of the encrypted form of the password. Ideally we'd use
+-# /dev/urandom, but that's only available on Linux.
+-
+-srand(time+$$+unpack("L",`cat $vncUserDir/passwd`));
+-$cookie = "";
+-for (1..16) {
+- $cookie .= sprintf("%02x", int(rand(256)));
+-}
++# Make an X server cookie - use mcookie
++$cookie = `/usr/bin/mcookie`;
+
+ system("xauth -f $xauthorityFile add $host:$displayNumber . $cookie");
+ system("xauth -f $xauthorityFile add $host/unix:$displayNumber . $cookie");
================================================================
Index: SOURCES/tightvnc-imake-tmpdir.patch
diff -u /dev/null SOURCES/tightvnc-imake-tmpdir.patch:1.1
--- /dev/null Fri Jan 27 14:38:47 2006
+++ SOURCES/tightvnc-imake-tmpdir.patch Fri Jan 27 14:38:42 2006
@@ -0,0 +1,37 @@
+--- vnc_unixsrc/Xvnc/config/imake/imake.c.orig 2000-06-11 14:00:51.000000000 +0200
++++ vnc_unixsrc/Xvnc/config/imake/imake.c 2003-09-01 22:59:25.000000000 +0200
+@@ -913,12 +913,25 @@
+ static void get_libc_version(inFile)
+ FILE* inFile;
+ {
+- char *aout = tmpnam (NULL);
++ char aout[PATH_MAX];
+ FILE *fp;
+ const char *format = "%s -o %s -x c -";
+ char *cc;
+ int len;
+ char *command;
++ char *tmpdir;
++ int tmpfd;
++
++ if((tmpdir = getenv("TMPDIR")) != NULL && strlen(tmpdir) < (PATH_MAX-13))
++ strcpy(aout, tmpdir);
++ else
++ strcpy(aout, "/tmp");
++ strcat(aout, "/imakeXXXXXX");
++
++ if((tmpfd = mkstemp(aout)) == -1) {
++ perror("mkstemp");
++ abort();
++ }
+
+ cc = getenv ("CC");
+ if (cc == NULL)
+@@ -930,6 +943,7 @@
+ if (snprintf (command , len, format, cc, aout) == len)
+ abort ();
+
++ close(tmpfd);
+ fp = popen (command, "w");
+ if (fp == NULL || fprintf (fp, "%s\n", libc_c) < 0
+ || pclose (fp) != 0)
================================================================
More information about the pld-cvs-commit
mailing list