rpms/amarok/FC-6 amarok-1.4.5-CVE-2006-6979.patch, NONE, 1.1 amarok.spec, 1.71, 1.72

Aurelien Bompard (abompard) fedora-extras-commits at redhat.com
Wed Feb 14 19:13:54 UTC 2007 

Author: abompard

Update of /cvs/extras/rpms/amarok/FC-6
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14600/FC-6

Modified Files:
	amarok.spec 
Added Files:
	amarok-1.4.5-CVE-2006-6979.patch 
Log Message:
add patch to fix CVE-2006-6979 (bug 228138)

amarok-1.4.5-CVE-2006-6979.patch:

--- NEW FILE amarok-1.4.5-CVE-2006-6979.patch ---
Index: src/magnatunebrowser/magnatunealbumdownloader.cpp
===================================================================
--- amarok/src/magnatunebrowser/magnatunealbumdownloader.cpp	(revision 633106)
+++ amarok/src/magnatunebrowser/magnatunealbumdownloader.cpp	(working copy)
@@ -89,7 +89,7 @@
 
     //ok, now we have the .zip file downloaded. All we need is to unpack it to the desired location and add it to the collection.
 
-    QString unzipString = "unzip \""+m_tempDir.name() + m_currentAlbumFileName + "\" -d \"" + m_currentAlbumUnpackLocation + "\" &";
+    QString unzipString = KProcess::quote( "unzip \""+m_tempDir.name() + m_currentAlbumFileName + "\" -d \"" + m_currentAlbumUnpackLocation + "\" &" );
 
     debug() << "unpacking: " << unzipString << endl;
 


Index: amarok.spec
===================================================================
RCS file: /cvs/extras/rpms/amarok/FC-6/amarok.spec,v
retrieving revision 1.71
retrieving revision 1.72
diff -u -r1.71 -r1.72
--- amarok.spec	7 Feb 2007 18:27:50 -0000	1.71
+++ amarok.spec	14 Feb 2007 19:13:22 -0000	1.72
@@ -4,13 +4,14 @@
 Name:       amarok
 Summary:    Media player for KDE
 Version:    1.4.5
-Release:    1%{?dist}
+Release:    2%{?dist}
 
 Group: 	    Applications/Multimedia
 License:    GPL
 Url:        http://amarok.kde.org
 # http://download.kde.org/download.php?url=stable/amarok/1.4.3/src
 Source0:    http://mirrors.isc.org/pub/kde/stable/amarok/%{version}/src/amarok-%{version}.tar.bz2
+Patch0:     amarok-1.4.5-CVE-2006-6979.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 BuildRequires:  kdemultimedia-devel >= 6:3.2
@@ -80,6 +81,7 @@
 
 %prep
 %setup -q
+%patch0 -p0 -b .CVE-2006-6979
 
 
 
@@ -233,6 +235,9 @@
 
 
 %changelog
+* Wed Feb 14 2007 Aurelien Bompard <abompard at fedoraproject.org> 1.4.5-2
+- add patch to fix CVE-2006-6979 (bug 228138)
+
 * Sat Feb 03 2007 Aurelien Bompard <abompard at fedoraproject.org> 1.4.5-1
 - version 1.4.5
 - drop patch0 and patch1 (merged upstream)

More information about the scm-commits mailing list