rpms/fbida/FC-4 fbida.CVE-2006-1695.patch, NONE, 1.1 fbida.spec, 1.8, 1.9

Adrian Reber (adrian) fedora-extras-commits at redhat.com
Mon Apr 24 06:30:07 UTC 2006


Author: adrian

Update of /cvs/extras/rpms/fbida/FC-4
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv11391

Modified Files:
	fbida.spec 
Added Files:
	fbida.CVE-2006-1695.patch 
Log Message:
* Mon Apr 24 2006 Adrian Reber <adrian at lisas.de> - 2.03-6
- security fix for #189721


fbida.CVE-2006-1695.patch:

--- NEW FILE fbida.CVE-2006-1695.patch ---
diff -ru fbida-2.01.orig/fbgs fbida-2.01/fbgs
--- fbida-2.01.orig/fbgs	2004-03-28 13:32:16.000000000 +0200
+++ fbida-2.01/fbgs	2006-04-08 02:49:37.000000000 +0200
@@ -1,8 +1,8 @@
 #!/bin/bash
 
 # tmp dir
-DIR="${TMPDIR-/var/tmp}/fbps-$$"
-mkdir -p $DIR	|| exit 1
+DIR=`mktemp -dtp /tmp fbgs-XXXXXX`
+[ -d $DIR ]  || exit 1
 trap "rm -rf $DIR" EXIT
 
 # parse options


Index: fbida.spec
===================================================================
RCS file: /cvs/extras/rpms/fbida/FC-4/fbida.spec,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- fbida.spec	10 May 2005 07:08:12 -0000	1.8
+++ fbida.spec	24 Apr 2006 06:30:07 -0000	1.9
@@ -1,11 +1,12 @@
 Summary:        FrameBuffer Imageviewer
 Name:           fbida
 Version:        2.03
-Release:        5%{?dist}
+Release:        6%{?dist}
 License:        GPL
 Group:          Applications/Multimedia
 URL:            http://linux.bytesex.org/fbida/
 Source:         http://dl.bytesex.org/releases/fbida/fbida-2.03.tar.gz
+Patch:          fbida.CVE-2006-1695.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires:  libexif-devel fontconfig-devel libjpeg-devel
 BuildRequires:  libpng-devel libtiff-devel pkgconfig
@@ -37,6 +38,7 @@
 
 %prep
 %setup -q
+%patch -p1
 %{__sed} -i -e "s,(INSTALL) -s,(INSTALL) ," mk/Variables.mk
 
 %build
@@ -77,6 +79,9 @@
 %{_bindir}/fbgs
 
 %changelog
+* Mon Apr 24 2006 Adrian Reber <adrian at lisas.de> - 2.03-6
+- security fix for #189721
+
 * Tue May 10 2005 Adrian Reber <adrian at lisas.de> - 2.03-5
 - fix debuginfo subpackage creation
 




More information about the scm-commits mailing list