rpms
/
hugin
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

FC-6, F-7, F-8 and devel fixes for CVE-2007-5200 bug #332401

This commit is contained in:
bpostle 2007-11-05 22:07:10 +00:00
parent d6e2056da0
commit f322cf1c2a
2 changed files with 60 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
hugin-0.6.1-CVE-2007-5200.patch Normal file
View File

@ -0,0 +1,53 @@
Modified: hugin/branches/stable/src/Panorama/PTOptimise.cpp
===================================================================
--- hugin/tags/hugin-0-6-1/src/Panorama/PTOptimise.cpp 2007-10-24 19:30:32 UTC (rev 2491)
+++ hugin/branches/stable/src/Panorama/PTOptimise.cpp 2007-10-24 19:42:36 UTC (rev 2492)
@@ -36,9 +36,6 @@
#include <boost/property_map.hpp>
#include <boost/graph/graph_utility.hpp>
-#define DEBUG_WRITE_OPTIM_OUTPUT
-#define DEBUG_WRITE_OPTIM_OUTPUT_FILE "hugin_debug_optim_results.txt"
-
using namespace std;
using namespace PT;
using namespace PTools;
@@ -132,13 +129,6 @@
RunLMOptimizer( &opt );
ainf.data = opt.message;
// get results from align info.
-#ifdef DEBUG_WRITE_OPTIM_OUTPUT
- fullPath path;
- StringtoFullPath(&path, DEBUG_WRITE_OPTIM_OUTPUT_FILE );
-
- ainf.data = opt.message;
- WriteResults( script, &path, &ainf, distSquared, 0);
-#endif
pano.updateVariables(GetAlignInfoVariables(ainf) );
pano.updateCtrlPointErrors( GetAlignInfoCtrlPoints(ainf) );
}
Modified: hugin/branches/stable/src/hugin/AutoCtrlPointCreator.cpp
===================================================================
--- hugin/tags/hugin-0-6-1/src/hugin/AutoCtrlPointCreator.cpp 2007-10-24 19:30:32 UTC (rev 2491)
+++ hugin/branches/stable/src/hugin/AutoCtrlPointCreator.cpp 2007-10-24 19:42:36 UTC (rev 2492)
@@ -225,7 +225,7 @@
}
#endif
- wxString ptofile(wxT("autopano_result_tempfile.pto"));
+ wxString ptofile = wxFileName::CreateTempFileName(wxT("ap_res"));
autopanoArgs.Replace(wxT("%o"), ptofile);
wxString tmp;
tmp.Printf(wxT("%d"), nFeatures);
@@ -415,7 +415,7 @@
imgNr++;
}
- wxString ptofile(wxT("autopano_result_tempfile"));
+ wxString ptofile = wxFileName::CreateTempFileName(wxT("ap_res"));
autopanoArgs.Replace(wxT("%o"), ptofile);
wxString tmp;
tmp.Printf(wxT("%d"), nFeatures);

8
hugin.spec
View File

@ -1,7 +1,7 @@
Summary: Frontend for Panorama Tools, similar to PTAssembler, PTGui or Open for Windows
Name: hugin
Version: 0.6.1
Release: 9%{?dist}
Release: 10%{?dist}
License: GPLv2+
Group: Applications/Multimedia
Source: http://downloads.sourceforge.net/hugin/%{name}-%{version}.tar.bz2
@ -12,6 +12,7 @@ Requires: shared-mime-info
BuildRequires: libpano12-devel >= 2.8.6 zlib-devel libtiff-devel libjpeg-devel
BuildRequires: libpng-devel gettext-devel wxGTK-devel >= 2.6.0 boost-devel
BuildRequires: desktop-file-utils
Patch0: hugin-0.6.1-CVE-2007-5200.patch
%description
hugin can be used to stitch multiple images together. The resulting image can
@ -21,6 +22,7 @@ to create high quality images
%prep
%setup -q
%patch0 -p3
# autopanog.exe is a mono app
sed -i 's/"autopanog.exe"/"mono `which autopanog.exe`"/' \
src/include/hugin/config_defaults.h
@ -74,6 +76,10 @@ touch --no-create %{_datadir}/icons/gnome || :
%doc ABOUT-NLS AUTHORS BUGS ChangeLog COPYING INSTALL LICENCE NEWS README TODO src/hugin/xrc/data/*.htm src/hugin/xrc/data/*.html src/hugin/xrc/data/help_en_EN src/hugin/xrc/data/help_fr_FR HACKING LICENCE_JHEAD LICENCE_VIGRA doc/nona.txt
%changelog
* Mon Nov 05 2007 Bruno Postle <bruno@postle.net> 0.6.1-10
- fix for CVE-2007-5200 hugin unsafe temporary file usage
- bug #332401; bug #362851; bug #362861; bug #362871
* Wed Aug 22 2007 Bruno Postle <bruno@postle.net> 0.6.1-9
- bumping for rebuild against new libpano12-2.8.6 abi
- fix Source tag