[banshee/f12/master] - Add a patch to fix CVE-2010-3998

Thu Oct 28 00:11:39 UTC 2010

commit bf30b7c3e06264baf525a92206ce7ebaf6bf7e4c
Author: Christian Krause <chkr at fedoraproject.org>
Date:   Thu Oct 28 02:11:38 2010 +0200

    - Add a patch to fix CVE-2010-3998

 banshee-1.6.1-CVE-2010-3998.patch |   14 ++++++++++++++
 banshee.spec                      |    9 ++++++++-
 2 files changed, 22 insertions(+), 1 deletions(-)
---

diff --git a/banshee-1.6.1-CVE-2010-3998.patch b/banshee-1.6.1-CVE-2010-3998.patch
new file mode 100644
index 0000000..71d7896
--- /dev/null
+++ b/banshee-1.6.1-CVE-2010-3998.patch
@@ -0,0 +1,14 @@
+diff -uNr banshee-1-1.6.1.old/src/Clients/Booter/banshee-1.linux.in banshee-1-1.6.1/src/Clients/Booter/banshee-1.linux.in
+--- banshee-1-1.6.1.old/src/Clients/Booter/banshee-1.linux.in	2010-10-25 22:16:59.000000000 +0200
++++ banshee-1-1.6.1/src/Clients/Booter/banshee-1.linux.in	2010-10-28 01:26:42.000000000 +0200
+@@ -7,8 +7,8 @@
+ BANSHEE_EXEC_NAME=$(basename $0)
+ BANSHEE_CONFIG_DIR="${XDG_CONFIG_HOME:-$HOME/.config}/banshee-1"
+ 
+-export LD_LIBRARY_PATH=@expanded_libdir@:@expanded_libdir@/@PACKAGE@:@expanded_libdir@/@PACKAGE@/Extensions:@expanded_libdir@/@PACKAGE@/Backends${LD_LIBRARY_PATH+:$LD_LIBRARY_PATH}
+-export GST_PLUGIN_PATH=@expanded_libdir@/@PACKAGE@/gstreamer-0.10${GST_PLUGIN_PATH+:$GST_PLUGIN_PATH}
++export LD_LIBRARY_PATH=@expanded_libdir@:@expanded_libdir@/@PACKAGE@:@expanded_libdir@/@PACKAGE@/Extensions:@expanded_libdir@/@PACKAGE@/Backends${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}
++export GST_PLUGIN_PATH=@expanded_libdir@/@PACKAGE@/gstreamer-0.10${GST_PLUGIN_PATH:+:$GST_PLUGIN_PATH}
+ if [ $BANSHEE_EXEC_NAME = "muinshee" ]; then
+     BANSHEE_CLIENT="Muinshee"
+     export MONO_PATH=@expanded_libdir@/@PACKAGE@/Extensions
diff --git a/banshee.spec b/banshee.spec
index 0dfa559..0304d52 100644
--- a/banshee.spec
+++ b/banshee.spec
@@ -7,7 +7,7 @@
 Name:    banshee
 Version: %{mainver}%{?patchver}
 #Release: 0.1.%{gitdate}git%{?dist}
-Release: 3%{?dist}
+Release: 4%{?dist}
 Summary: Easily import, manage, and play selections from your music collection
 
 Group:   Applications/Multimedia
@@ -32,6 +32,9 @@ Patch1: 0001-Add-usr-lib-banshee-1-Backends-to-library-path.patch
 # https://bugzilla.gnome.org/attachment.cgi?id=164158 (white spaces fixed)
 Patch2: banshee-1.6.1-transparent-icon.patch
 
+# backported upstream patch for CVE-2010-3998
+Patch3: banshee-1.6.1-CVE-2010-3998.patch
+
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 # We dont have mono on these arches:
@@ -148,6 +151,7 @@ developing applications that use %{name}-musicbrainz.
 %patch1 -p1 -b .ldlibdir_fix
 cp -p %{SOURCE1} .
 %patch2 -p1 -b .transparent_icon
+%patch3 -p1 -b .CVE-2010-3998
 
 %build
 export MONO_SHARED_DIR=%mono_shared
@@ -232,6 +236,9 @@ fi
 
 
 %changelog
+* Mon Oct 25 2010 Christian Krause <chkr at fedoraproject.org> - 1.6.1-4
+- Add a patch to fix CVE-2010-3998
+
 * Sat Jun 26 2010 Christian Krause <chkr at fedoraproject.org> - 1.6.1-3
 - Fix status icon transparency (BZ 533308)
 
