Commits

Anonymous committed d708706

Applied the CVE patch and updated the VERSION, README and ChangeLog files.

Comments (0)

Files changed (6)

2.0.x/src/ChangeLog

   information about every single change.
   ___________________________________________________________________________
 
+  Changes between 2.0.9 and 2.0.12:
+
+    *) Fix compilation under gcc4.
+       Applied patch from Mandriva's RPM .spec
+       [Shlomi Fish <shlomif@iglu.org.il>]
+
+	*) Fixed wml on cygwin.
+       [Shlomi Fish <shlomif@iglu.org.il>]
+
+    *) Updated the README and VERSION.
+       [Denis Barbier <barbier@linuxfr.org>]
+    
+    *) Got the GNU Autotools build to work again.
+       [Shlomi Fish <shlomif@iglu.org.il>]
+
+    *) Added workaround to compile with perl-5.10.0.
+       [Shlomi Fish <shlomif@iglu.org.il>]
+
+    *) Applied the CVE-2008-0665 Patch (Temp files)
+       [Nico Golde <nion@debian.org>]
+       [Shlomi Fish <shlomif@iglu.org.il>]
+
   Changes between 2.0.8 and 2.0.9:
 
     *) Fix <directory-contents> (18-Oct-2002):
     \ V  V /| |  | | |___   ``WML is the Unix toolkit for getting
      \_/\_/ |_|  |_|_____|    your webdesigner's HTML job done.''
 
-  Website META Language, Version 2.0.11 (19-Aug-2006)
+  Website META Language, Version 2.0.12 (19-Aug-2006)
 
   Copyright (c) 1996-2000 Ralf S. Engelschall
   Copyright (c) 1999-2000 Denis Barbier

2.0.x/src/VERSION

   VERSION -- Version Information for WML (syntax: Text)
   [automatically generated and maintained by GNU shtool]
 
-  This is WML, Version 2.0.11 (19-Aug-2006)
+  This is WML, Version 2.0.12 (16-Apr-2008)
 

2.0.x/src/wml_backend/p1_ipp/ipp.src

 use Getopt::Long 2.13;
 use IO::Handle 1.15;
 use IO::File 1.06;
+use File::Temp;
 
 #
 #   help functions
 #   process the pre-loaded include files
 #
 $tmpdir = $ENV{'TMPDIR'} || '/tmp';
+my $tmpldir = ($ENV{'TMPDIR'} || '/tmp') . '/ipp.XXXXXX';
+$tmpdir = mkdtemp($tmpldir) or die "Unable to create temporary directory: $!\n";
 $tmpfile = $tmpdir . "/ipp.$$.tmp";
 unlink($tmpfile);
 $tmp = new IO::File;

2.0.x/src/wml_backend/p3_eperl/eperl_sys.c

 {
     char ca[1024];
     char *cp, *tmpdir;
+    char tmpfile[]="eperl_sourceXXXXXX";
     int i;
+    int fd=-1;
 
     tmpdir = getenv ("TMPDIR");
     if (tmpdir == (char *) NULL)
         tmpdir="/tmp";
 
-    snprintf(ca, sizeof(ca), "%s/%s.%d.tmp%d", tmpdir, id, (int)getpid(), mytmpfilecnt++);
+    snprintf(ca, sizeof(ca), "%s/%s", tmpdir, tmpfile);
+    if((fd = mkstemp(ca)) == -1){
+        perror("can not create tmpfile");
+        return NULL;
+    }
+    close(fd);
     ca[sizeof(ca)-1] = NUL;
     cp = strdup(ca);
     for (i = 0; mytmpfiles[i] != NULL; i++)

2.0.x/src/wml_contrib/wmg.cgi

         ($w, $h, $t) = Image::Size::imgsize(\$contents);
         if ($w*$h == 1) {
             #   read image into GD
-            $tmpfile = "/tmp/pe.tmp.$$";
-            unlink($tmpfile);
-            open(TMP, ">$tmpfile");
-            print TMP $contents;
-            close(TMP);
-            open(TMP, "<$tmpfile");
-            $tmpimg = newFromGif GD::Image(TMP);
-            close(TMP);
+            $tmpimg = newFromGif GD::Image($contents);
             unlink($tmpfile);
             if ($tmpimg->transparent != -1) {
                 my $im = new GD::Image($w, $h);
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.