[Nautilus-list] Patch(s) needed.

[Joe Testa <jtesta rapid7 com>]

Hi.

    I discovered a vulnerability in the Nautilus package, and it was 
fixed in the main source tree by Darin Adler.
    I've been trying to get Linux vendors to update their packages. 
However, Slackware told me that they are unwilling to risk destabilizing 
their source by patching their version themselves.  Darin Adler 
suggested that I ask this list for someone willing to create a patch to 
Slackware's Nautilus package.
    Any takers?


    - Joe Testa


(here is a snippet from the ChangeLog):
293 2002-03-30  Darin Adler  <darin bentspoon com>
294
295 Fixed security problem where we would write the metafile without
296 protecting against potential symbolic links.
297 298 * libnautilus-private/nautilus-metafile.c: (finalize): Update to
299 use more text URIs, and fewer GnomeVFSURI objects.
300 (construct_private_metafile_uri): Make a text URI, not a GnomeVFSURI.
301 (nautilus_metafile_set_directory_uri): Use text URIs, not GnomeVFSURIs,
302 for the locations of the public and private metafiles.
303 (metafile_get_file_uri): Much simplified to use text URIs.
304 (metafile_read_restart): Simplified to use text URIs.
305 (metafile_write_succeeded): Broke out this common code needed for
306 both local and async. success cases.
307 (metafile_write_success_close_callback): Call metafile_write_succeeded.
308 (metafile_write_local): New, does a metafile write safely using mkstemp
309 and rename. All synchronous, which should be OK most of the time.
310 (metafile_write_start): Use metafile_write_local for "file:" URLs and
311 the existing code for other URLs.