First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 107344
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: SpanKY <vapier@gentoo.org>
Add CC:
CC:
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 107344 depends on: Show dependency tree
Bug 107344 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2005-09-26 17:37 0000 
i was cleaning up netpbm when i noticed that the mpeg-tools source code has a
ton of /tmp/ hardcodes

running `make test` for example will create these files everytime:
/tmp/ts.stat
/tmp/ts.mpg
/tmp/foobar
/tmp/blockbar

the mpeg_encode program will use files named:
/tmp/foobar%d (where %d is a number which increments over time starting at 0)

the convert utilities eyuvtojpeg, vidtoeyuv, vidtojpeg, vidtoppm, and eyuvtoppm
all use /tmp/foobar when converting images

------- Comment #1 From SpanKY 2005-09-26 17:49:57 0000 ------- 
ive added mpeg-tools-1.5b-r2 (KEYWORD-ed -* for now) with three patches:
mpeg-tools-1.5b-tempfile-convert.patch
mpeg-tools-1.5b-tempfile-mpeg-encode.patch
mpeg-tools-1.5b-tempfile-tests.patch

i was able to test the ppm convert utilities, but i have no idea how to test the
jmovie or vid ones ;)

i tested most of the rewritten tests and it produces same results as unpatched
mpeg_tools

the mpeg-encode patch i really have no idea how to test ...

------- Comment #2 From Sune Kloppenborg Jeppesen 2005-09-26 22:16:19 0000 ------- 
x86 please test and mark stable.

------- Comment #3 From Mark Loeser 2005-09-28 23:13:16 0000 ------- 
stable on x86

------- Comment #4 From Thierry Carrez (RETIRED) 2005-09-29 00:46:07 0000 ------- 
Amd64 arch team: could you add the ~amd64 keyword to benefit from the update ?

------- Comment #5 From Sune Kloppenborg Jeppesen 2005-09-29 13:57:12 0000 ------- 
Let's have a GLSA vote while waiting for amd64. 
 
I tend to vote YES.

------- Comment #6 From SpanKY 2005-09-29 15:24:43 0000 ------- 
i'd vote yes too since this can be triggered during by doing `emerge
mpeg-tools`
and user has 'FEATURES=test' in make.conf :/

------- Comment #7 From Thierry Carrez (RETIRED) 2005-09-30 00:41:06 0000 ------- 
I vote YES too.
Still waiting on amd64 to mark 1.5b-r2 ~amd64

------- Comment #8 From Thierry Carrez (RETIRED) 2005-09-30 02:20:07 0000 ------- 
Fwded to vendor-sec, CAN number asked.

------- Comment #9 From Simon Stelling (RETIRED) 2005-09-30 13:36:47 0000 ------- 
amd64 stable

------- Comment #10 From Thierry Carrez (RETIRED) 2005-09-30 13:59:20 0000 ------- 
This is CAN-2005-3115

------- Comment #11 From Thierry Carrez (RETIRED) 2005-10-03 09:15:29 0000 ------- 
GLSA 200510-02
First Last Prev Next    No search results available      Search page      Enter new bug