From 0f532204aef4ee3ecc4c5fae2ac5cd2b67852037 Mon Sep 17 00:00:00 2001
From: Adrian Reber <adrian@fedoraproject.org>
Date: Mon, 24 Apr 2006 06:49:04 +0000
Subject: [PATCH] - security fix for #189721

---
 fbida.CVE-2006-1695.patch | 14 ++++++++++++++
 fbida.spec                |  7 ++++++-
 2 files changed, 20 insertions(+), 1 deletion(-)
 create mode 100644 fbida.CVE-2006-1695.patch

diff --git a/fbida.CVE-2006-1695.patch b/fbida.CVE-2006-1695.patch
new file mode 100644
index 0000000..dc43c0e
--- /dev/null
+++ b/fbida.CVE-2006-1695.patch
@@ -0,0 +1,14 @@
+diff -ru fbida-2.01.orig/fbgs fbida-2.01/fbgs
+--- fbida-2.01.orig/fbgs	2004-03-28 13:32:16.000000000 +0200
++++ fbida-2.01/fbgs	2006-04-08 02:49:37.000000000 +0200
+@@ -1,8 +1,8 @@
+ #!/bin/bash
+ 
+ # tmp dir
+-DIR="${TMPDIR-/var/tmp}/fbps-$$"
+-mkdir -p $DIR	|| exit 1
++DIR=`mktemp -dtp /tmp fbgs-XXXXXX`
++[ -d $DIR ]  || exit 1
+ trap "rm -rf $DIR" EXIT
+ 
+ # parse options
diff --git a/fbida.spec b/fbida.spec
index 26e5e10..eb85641 100644
--- a/fbida.spec
+++ b/fbida.spec
@@ -1,11 +1,12 @@
 Summary:        FrameBuffer Imageviewer
 Name:           fbida
 Version:        2.03
-Release:        10%{?dist}
+Release:        11%{?dist}
 License:        GPL
 Group:          Applications/Multimedia
 URL:            http://linux.bytesex.org/fbida/
 Source:         http://dl.bytesex.org/releases/fbida/fbida-2.03.tar.gz
+Patch:          fbida.CVE-2006-1695.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires:  libexif-devel fontconfig-devel libjpeg-devel
 BuildRequires:  libpng-devel libtiff-devel pkgconfig
@@ -38,6 +39,7 @@ A wrapper script for viewing ps/pdf files on the framebuffer console using fbi
 
 %prep
 %setup -q
+%patch -p1
 %{__sed} -i -e "s,(INSTALL) -s,(INSTALL) ," mk/Variables.mk
 %{__sed} -i -e "s,/X11R6,,g" GNUmakefile
 %{__sed} -i -e "s,/usr/X11R6/lib/X11,%{_datadir}/X11,g" mk/Autoconf.mk
@@ -80,6 +82,9 @@ lib=%{_lib} prefix=%{_prefix} %{__make} DESTDIR=%{buildroot} install
 %{_bindir}/fbgs
 
 %changelog
+* Mon Apr 24 2006 Adrian Reber <adrian@lisas.de> - 2.03-11
+- security fix for #189721
+
 * Mon Feb 13 2006 Adrian Reber <adrian@lisas.de> - 2.03-10
 - rebuilt