main/conky: security fix CVE-2011-3616

fixes #767
(cherry picked from commit 88e633357b740fd805059e7902277ef67ec39ebc)

Conflicts:

	main/conky/APKBUILD

main/conky/APKBUILD

@@ -1,7 +1,7 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=conky
 pkgver=1.8.1
-pkgrel=0
+pkgrel=1
 pkgdesc="An advanced, highly configurable system monitor for X based on torsmo"
 url="http://conky.sourceforge.net/"
 license="custom"
@@ -11,12 +11,23 @@ makedepends="pkgconfig alsa-lib-dev libxml2-dev curl-dev wireless-tools-dev
 	cairo-dev tolua++ ncurses-dev
 	"
 subpackages="$pkgname-doc $pkgname-dev"
-source="http://downloads.sourceforge.net/project/conky/conky/$pkgver/conky-$pkgver.tar.bz2"
+source="http://downloads.sourceforge.net/project/conky/conky/$pkgver/conky-$pkgver.tar.bz2
+	conky-1.8.1-curl-headers.patch
+	conky-1.8.1-secunia-SA43225.patch"
 
 _builddir="$srcdir"/$pkgname-$pkgver
-build () 
-{ 
-	cd "$srcdir/$pkgname-$pkgver"
+prepare() {
+	cd "$_builddir"
+	local i
+	for i in $source; do
+		case $i in
+		*.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
+		esac
+	done
+}
+
+build() {
+	cd "$_builddir"
 	./configure --prefix=/usr \
 		--sysconfdir=/etc \
 		--enable-wlan \
@@ -34,6 +45,9 @@ package() {
 	cd "$_builddir"
 	make DESTDIR="$pkgdir" install || return 1
 	install -D -m644 COPYING $pkgdir/usr/share/licenses/$pkgname/LICENSE
+	rm "$pkgdir"/usr/lib/conky/*.la
 }
 
-md5sums="366dc6a5c2ebebfbe6f53da25061b5d6  conky-1.8.1.tar.bz2"
+md5sums="366dc6a5c2ebebfbe6f53da25061b5d6  conky-1.8.1.tar.bz2
+94e415b1189be5fb6d6ff5117c8df06e  conky-1.8.1-curl-headers.patch
+e00e00b1e4dd77536f8caed7a2b851c1  conky-1.8.1-secunia-SA43225.patch"

main/conky/conky-1.8.1-curl-headers.patch

@@ -0,0 +1,24 @@
+diff --git a/src/ccurl_thread.c b/src/ccurl_thread.c
+index 10e73a6..9bea299 100644
+--- a/src/ccurl_thread.c
++++ b/src/ccurl_thread.c
+@@ -33,7 +33,6 @@
+ #endif /* DEBUG */
+ 
+ #include <curl/curl.h>
+-#include <curl/types.h>
+ #include <curl/easy.h>
+ 
+ /*
+diff --git a/src/eve.c b/src/eve.c
+index dc07264..f62a5f6 100644
+--- a/src/eve.c
++++ b/src/eve.c
+@@ -37,7 +37,6 @@
+ #include <libxml/xmlwriter.h>
+ 
+ #include <curl/curl.h>
+-#include <curl/types.h>
+ #include <curl/easy.h>
+ 
+ #include <time.h>

main/conky/conky-1.8.1-secunia-SA43225.patch

@@ -0,0 +1,72 @@
+--- ./src/eve.c	2011-02-12 13:26:34.636269667 +0100
++++ ./src/eve.c	2011-02-12 13:26:48.242936334 +0100
+@@ -254,19 +254,6 @@
+ 	}
+ }
+ 
+-static int file_exists(const char *filename)
+-{
+-	struct stat fi;
+-
+-	if ((stat(filename, &fi)) == 0) {
+-		if (fi.st_size > 0)
+-			return 1;
+-		else
+-			return 0;
+-	} else
+-		return 0;
+-}
+-
+ static void writeSkilltree(char *content, const char *filename)
+ {
+ 	FILE *fp = fopen(filename, "w");
+@@ -283,13 +270,12 @@
+ 	xmlDocPtr doc = 0;
+ 	xmlNodePtr root = 0;
+ 
+-	if (!file_exists(file)) {
+-		skilltree = getXmlFromAPI(NULL, NULL, NULL, EVEURL_SKILLTREE);
+-		writeSkilltree(skilltree, file);
+-		free(skilltree);
+-	}
++	skilltree = getXmlFromAPI(NULL, NULL, NULL, EVEURL_SKILLTREE);
++	writeSkilltree(skilltree, file);
++	free(skilltree);
+ 
+ 	doc = xmlReadFile(file, NULL, 0);
++	unlink(file);
+ 	if (!doc)
+ 		return NULL;
+ 
+@@ -340,7 +326,7 @@
+ static char *eve(char *userid, char *apikey, char *charid)
+ {
+ 	Character *chr = NULL;
+-	const char *skillfile = "/tmp/.cesf";
++	char skillfile[] = "/tmp/.cesfXXXXXX";
+ 	int i = 0;
+ 	char *output = 0;
+ 	char *timel = 0;
+@@ -348,6 +334,7 @@
+ 	char *content = 0;
+ 	time_t now = 0;
+ 	char *error = 0;
++	int tmp_fd, old_umask;
+ 
+ 
+ 	for (i = 0; i < MAXCHARS; i++) {
+@@ -400,6 +387,14 @@
+ 
+ 		output = (char *)malloc(200 * sizeof(char));
+ 		timel = formatTime(&chr->ends);
++		old_umask = umask(0066);
++		tmp_fd = mkstemp(skillfile);
++		umask(old_umask);
++		if (tmp_fd == -1) {
++			error = strdup("Cannot create temporary file");
++			return error;
++		}
++		close(tmp_fd);
+ 		skill = getSkillname(skillfile, chr->skill);
+ 
+ 		chr->skillname = strdup(skill);