Package: conky / 1.9.0-6

Metadata

Package Version Patches format
conky 1.9.0-6 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
fix CVE 2011 3616.patch | (download)

src/eve.c | 33 14 + 19 - 0 !
1 file changed, 14 insertions(+), 19 deletions(-)

 fix cve-2011-3616; avoid rewriting an arbitrary user file
 The getSkillname function in the eve module in Conky 1.8.1 and earlier allows
 local users to overwrite arbitrary files via a symlink attack on /tmp/.cesf.
 Although this has been patched in upstream git, the latest stable Conky
 releases (including 1.9.0) have not been patched upstream and thus still seem
 to be vulnerable.
fix kfreebsd ftbfs.patch | (download)

src/freebsd.c | 4 0 + 4 - 0 !
1 file changed, 4 deletions(-)

 fix ftbfs on kfreebsd
 freebsd.c:287:11: error: 'struct kinfo_proc' has no member named 'kp_proc'
fix apcupsd.patch | (download)

src/apcupsd.c | 57 30 + 27 - 0 !
src/apcupsd.h | 2 1 + 1 - 0 !
2 files changed, 31 insertions(+), 28 deletions(-)

 fix broken apcupsd support in conky 1.8.1
 Revert apcupsd-related code to Conky 1.8.0 in order to fix broken apcupsd
 support. This is a workaround until upstream properly addresses this issue.
fix curl related crashes.patch | (download)

src/ccurl_thread.c | 3 3 + 0 - 0 !
1 file changed, 3 insertions(+)

 fix curl related crashes
 curl implements some of the timeouts using alarm(), where the alarm handler
 longjmp()s back into the curl code. This is a bad idea in multi-threaded
 applications, since it is not guaranteed that SIGALARM will be recieved by the
 correct thread. Therefore, we instruct curl to avoid using signals.
fix uninitialized inotify_fd value.patch | (download)

src/conky.c | 6 3 + 3 - 0 !
1 file changed, 3 insertions(+), 3 deletions(-)

 set uninitialized inotify_fd to -1, not 0
 Currently we set inotify_fd to the value 0 when inotify_fd hasn't been
 created yet, or after we close it. But 0 is a valid fd, and we check
 for the value -1 to see if it's been initialized. So, if inotify
 support is compiled in, but we disable_auto_reload, we can end up
 closing fd 0. This can screw up various other things in weird ways,
 including that exec'd processes appear to have an invalid stdin.
 .
 So, set inotify_fd to -1 to clear all of this up.
fix font check.patch | (download)

src/specials.c | 15 15 + 0 - 0 !
1 file changed, 15 insertions(+)

 check if a font has been loaded before instead of adding it possibly multiple times