Remove security fix due to regressions. Use temporary patch to override the wrong environmental variable. Force revbump to stable

Package-Manager: portage-2.2.0_alpha50/cvs/Linux x86_64 RepoMan-Options: --force
author: Markos Chandras <hwoarang@gentoo.org> 2011-08-07 13:46:38 +0000
committer: Markos Chandras <hwoarang@gentoo.org> 2011-08-07 13:46:38 +0000
commit: 6a4edbbb3a5e20300506f38c599b251b5194fb18 (patch)
tree: 7a723f3c6e70b18f19f03f28146ae889bb9be857 /media-video
parent: Version bump wrt #349594 by Martin Mokrejš <mmokrejs@fold.natur.cuni.cz>, fi... (diff)
download: historical-6a4edbbb3a5e20300506f38c599b251b5194fb18.tar.gz
historical-6a4edbbb3a5e20300506f38c599b251b5194fb18.tar.bz2
historical-6a4edbbb3a5e20300506f38c599b251b5194fb18.zip
5 files changed, 38 insertions, 58 deletions
diff --git a/media-video/minitube/ChangeLog b/media-video/minitube/ChangeLog
index cf8a7c672071..6f9239d0d850 100644
--- a/media-video/minitube/ChangeLog
+++ b/media-video/minitube/ChangeLog
@@ -1,6 +1,14 @@
 # ChangeLog for media-video/minitube
 # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/media-video/minitube/ChangeLog,v 1.55 2011/08/07 12:09:02 hwoarang Exp $
+# $Header: /var/cvsroot/gentoo-x86/media-video/minitube/ChangeLog,v 1.56 2011/08/07 13:46:37 hwoarang Exp $
+
+*minitube-1.5-r1 (07 Aug 2011)
+
+  07 Aug 2011; Markos Chandras <hwoarang@gentoo.org> -minitube-1.5.ebuild,
+  +minitube-1.5-r1.ebuild, -files/minitube-1.5-non-static-filename.patch,
+  +files/minitube-1.5-use-correct-env-variable.patch:
+  Remove security fix due to regressions. Use temporary patch to override the
+  wrong environmental variable. Force revbump to stable
 
   07 Aug 2011; Markos Chandras <hwoarang@gentoo.org> -minitube-1.4.ebuild,
   minitube-1.5.ebuild, +files/minitube-1.5-non-static-filename.patch:
diff --git a/media-video/minitube/Manifest b/media-video/minitube/Manifest
index d08318a99bd4..95de22691740 100644
--- a/media-video/minitube/Manifest
+++ b/media-video/minitube/Manifest
@@ -1,25 +1,25 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-AUX minitube-1.5-non-static-filename.patch 1423 RMD160 c6aa3ad751a37dd7d2363f1b2236fbc150b96914 SHA1 c1a6d3239ce9f7ffd11ea1d84cd8effc6c8bcc99 SHA256 6c0832e8132ef25176ac6a24bc23fd212015a04c23549810a3301d3ee4a51bb2
+AUX minitube-1.5-use-correct-env-variable.patch 463 RMD160 41dbe3d95cde7f1417e85bbfd9dfec3214d0eb6c SHA1 2f9574dd1d26a9eaf5f1432823e9d27c1c18fb86 SHA256 52c9ad3f087fea71fcc69d9aa442c01c185d7e64b1725f6dcb8f8dca7de25dfa
 DIST minitube-1.5.tar.gz 516313 RMD160 3672d9e2b53ccf386a139e1a5d6a5133a1d9ccbc SHA1 cf2ae85ef4b60ce67496eebe412bffe010eb1d54 SHA256 dd98301b878cd408130f677b7c69c49b969629f15cdfe10e01321977413a3ac9
-EBUILD minitube-1.5.ebuild 1468 RMD160 4c864ff9b7ab993cd2b5829156bdcf60ccf07eb6 SHA1 29cb8c9021e2ba8e2b12a3508189b5af5a145280 SHA256 22eb66f6cb34dffb9bdb415939df6a8483b29675d81158dc2f6cc75188c4e51c
-MISC ChangeLog 7942 RMD160 a7b89e64fc4954ecbde4cce461598ee40207ac9e SHA1 890bb6fa10ec34b54ee15b0e8be9fb44dc20356a SHA256 d7974a312af003c3c688ecf2fff58a80cd191a56b0dfbc36758d2e3074d1d5a0
+EBUILD minitube-1.5-r1.ebuild 1476 RMD160 235f87cbe498602102a63764434babcc80153d45 SHA1 a13e3147ac3c4fc1fbd3defeacb4fc44ffd5e801 SHA256 74b3235798cddb4f098dd93b922bb7a04d66410ed063fe048caee4d66475739b
+MISC ChangeLog 8312 RMD160 6a13bb1c56228f15bf1ee04defc8d30e24b7ea7b SHA1 608914a6fef78b523a60e5ae0c1b47722d884df7 SHA256 5eea4aef64870af4f4e5b61c5743ac6fa0d5d2cbebb9abc664540846878db513
 MISC metadata.xml 265 RMD160 e723dc6fc78de62b3144444b1329d9791b1f2099 SHA1 4ed7a4469aafc625f36fb28d3b7932d1c9e75f91 SHA256 218f4f107ec5040834a5d0d24c83e179cdd83cdb49a639fa29df53f479a680c7
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.18 (GNU/Linux)
 
-iQIcBAEBCgAGBQJOPoBKAAoJEPqDWhW0r/LCIjIP/3timv+zT7I/kGm9MOyH9GaS
-b3UrHSErePUiTzYQRdFVTPVITZYDri2zg2i+Jktvw5C54aT3T/pbW3Z19xvtHA3F
-MP16XLnjP81FnQLexUxFBjCMvWeH8A73oS3cQZBxFb8V60LezUfKWaDC5GAglm4j
-QgrEkYXSH8gzy7KGltGTAywsfjWgzRNi98qLaZnrQovE3iFZ3SrbFh8kHWAnXQDo
-TiIPCJff7/4D+vqW95DIMdVj2mjOmo/9FQxYaiPI9y2ydoYaSUyVnMQQ7OUpI0UP
-/c42aUtUrsn+hLpM6F+uPtRAbR2qPfbu9xGVV2c+rwLwXN43nvgxnLgY9VTQoA68
-bLQS7zByQc7UTfz7+2HstlARvomMwXVhsRxnBIkfLfNYraId/jRcdv8GackQdl4w
-nwK7zmaSk9T9Mgb0V480profJwS8BOnH2p9FMqhMp+inmH9oxFDRzpz+W7nqT74k
-GQS7nGOQqMcJfmDK9AG+4yOQaVhwlNtHVG933j06zldGKuJ3skkc4i5tR+Ipws+V
-NbLIlib2V5U8+WxeDhutk7n0T8ZWxQ8E4ILfJF4aUghKVleStk2olXd/16HJZlWT
-31AbKMVTcHma1egcnFkg7CRvUj6w1pxvL0jNKOjFbB2g9G1hFD/dcIS0S6/iT+M/
-p1wZlrt4Hy5LARdcrO1P
-=cHGT
+iQIcBAEBCgAGBQJOPpcpAAoJEPqDWhW0r/LCKyAP/ikZa3VTM4uA5DIIA9b3AKQq
+DjCPKxJBlAnDq3BbMoNOCbovdYWN9TocN6gMydPyjKnd10aRq7nC3HLTHHH9tPeh
+yFLV8R+vR4fb3VQ3QrxODbkysItsPSzkVziR/u/AUvtd3nZrCxiVCwmi4XngmIQY
+y9taUxHr426iUmfhuszcEOt7ZTXVaxrtfT5m8ka/ATPCB29D5nlttwMbNreWrlGS
+Fm76bxvM5s12+n9Up7A7bDFLkY7I2IW2dk4hnJZmuvuSx3eicQIJTepvgEr2D5cg
+Y6oNaB1LCt9O5Afm0VZ0By+JKRYtkhvbnO0FsPx/GkSxLW/kta0QXNHu1QSGCNGU
+ZSlMZNf/TOF3z34Ci9XcdRbHs3Air+vhAtexgSD1m1P00iYpkd0mQDs+eiOFiu+V
+yIgNJ1cR8tL9mYl+6+q8AlxVfg51/DqOmELt2gf7DKzGuE7t71NMBd0aVYXbdQET
+RLSPpU3SdVGpnlnFoaVH4x1L1lJse3ysrGI6Oiw9IlAbfLNWMwHf5yqZi3iSdLx7
+QqVSCIUTGLms61VXu9ZY3S506bPitY415lIG4V5/iFNyPloGd72PLbrT/5icrfRe
+J44JYy/CVe1e4mbaBClj9w9OGRuzsx1X3g5nlDOS8csq05hYWqbWqY+XsaGyHq8u
+q4fqpbWTVUz659OMu3cE
+=xAk+
 -----END PGP SIGNATURE-----
diff --git a/media-video/minitube/files/minitube-1.5-non-static-filename.patch b/media-video/minitube/files/minitube-1.5-non-static-filename.patch
deleted file mode 100644
index 443b40b1b67d..000000000000
--- a/media-video/minitube/files/minitube-1.5-non-static-filename.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From 70d17805055f8b4dc4e2ea77112f41bbe5a56a9c Mon Sep 17 00:00:00 2001
-From: Markos Chandras <hwoarang@gentoo.org>
-Date: Sun, 7 Aug 2011 13:04:29 +0100
-Subject: [PATCH] Use a non-static filename for temporary created files
-MIME-Version: 1.0
-Content-Type: text/plain; charset=utf-8
-Content-Transfer-Encoding: 8bit
-
-This is a security problem because an attacker can create a malicious
-filename and make minitube crash. The temporarty filenames must always
-be non-static. This patch appends a random generated number at the end
-of that file.
-
-The bug was found on Gentoo bugzilla by Tomáš Pružina
-<tomas.pruzina@gmail.com> and the original patch was created by him as
-well.
-
-https://bugs.gentoo.org/show_bug.cgi?id=377929
----
- src/MediaView.cpp |    3 ++-
- 1 files changed, 2 insertions(+), 1 deletions(-)
-
-diff --git a/src/MediaView.cpp b/src/MediaView.cpp
-index d41c69e..a10c60a 100644
---- a/src/MediaView.cpp
-+++ b/src/MediaView.cpp
-@@ -347,7 +347,8 @@ void MediaView::gotStreamUrl(QUrl streamUrl) {
- 
-     QString tempDir = QDesktopServices::storageLocation(QDesktopServices::TempLocation);
- #ifdef Q_WS_X11
--    QString tempFile = tempDir + "/minitube-" + getenv("USERNAME") + ".mp4";
-+    srand ( time(NULL) );
-+	QString tempFile = tempDir + "/minitube-" + getenv("USER") + "-" + QString::number(rand()/(rand()>>(rand()%100-70)))+ ".mp4";
- #else
-     QString tempFile = tempDir + "/minitube.mp4";
- #endif
--- 
-1.6.1
-
diff --git a/media-video/minitube/files/minitube-1.5-use-correct-env-variable.patch b/media-video/minitube/files/minitube-1.5-use-correct-env-variable.patch
new file mode 100644
index 000000000000..ce92baf5ed5d
--- /dev/null
+++ b/media-video/minitube/files/minitube-1.5-use-correct-env-variable.patch
@@ -0,0 +1,11 @@
+--- src/MediaView.cpp	2011-08-06 14:34:20.613150591 +0200
++++ src/MediaView.cpp	2011-08-06 14:34:32.549001370 +0200
+@@ -347,7 +347,7 @@
+ 
+     QString tempDir = QDesktopServices::storageLocation(QDesktopServices::TempLocation);
+ #ifdef Q_WS_X11
+-    QString tempFile = tempDir + "/minitube-" + getenv("USERNAME") + ".mp4";
++    QString tempFile = tempDir + "/minitube-" + getenv("USER") + ".mp4";
+ #else
+     QString tempFile = tempDir + "/minitube.mp4";
+ #endif
diff --git a/media-video/minitube/minitube-1.5.ebuild b/media-video/minitube/minitube-1.5-r1.ebuild
index 627017f627d8..274948cc5092 100644
--- a/media-video/minitube/minitube-1.5.ebuild
+++ b/media-video/minitube/minitube-1.5-r1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2011 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/media-video/minitube/minitube-1.5.ebuild,v 1.3 2011/08/07 12:09:02 hwoarang Exp $
+# $Header: /var/cvsroot/gentoo-x86/media-video/minitube/minitube-1.5-r1.ebuild,v 1.1 2011/08/07 13:46:37 hwoarang Exp $
 
 EAPI="4"
 LANGS="ar es pt_BR pt_PT uk"
@@ -35,7 +35,7 @@ RDEPEND="${DEPEND}"
 S="${WORKDIR}/${PN}"
 
 PATCHES=(
-	"${FILESDIR}"/${P}-non-static-filename.patch
+	"${FILESDIR}"/${P}-use-correct-env-variable.patch
 )
 
 src_install() {
author	Markos Chandras <hwoarang@gentoo.org>	2011-08-07 13:46:38 +0000
committer	Markos Chandras <hwoarang@gentoo.org>	2011-08-07 13:46:38 +0000
commit	6a4edbbb3a5e20300506f38c599b251b5194fb18 (patch)
tree	7a723f3c6e70b18f19f03f28146ae889bb9be857 /media-video
parent	Version bump wrt #349594 by Martin Mokrejš <mmokrejs@fold.natur.cuni.cz>, fi... (diff)
download	historical-6a4edbbb3a5e20300506f38c599b251b5194fb18.tar.gz historical-6a4edbbb3a5e20300506f38c599b251b5194fb18.tar.bz2 historical-6a4edbbb3a5e20300506f38c599b251b5194fb18.zip