rpms/liferea/F-8 liferea-1.2.23-opml.patch, NONE, 1.1 liferea.spec, 1.94, 1.95

Brian Pepple (bpepple) fedora-extras-commits at redhat.com
Wed Oct 31 18:50:04 UTC 2007 

Author: bpepple

Update of /cvs/pkgs/rpms/liferea/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20920

Modified Files:
	liferea.spec 
Added Files:
	liferea-1.2.23-opml.patch 
Log Message:
* Wed Oct 31 2007 Brian Pepple <bpepple at fedoraproject.org> - 1.2.23-5
- Add patch to fix opml security bug: CVE-2007-5751. (#360641)


liferea-1.2.23-opml.patch:

--- NEW FILE liferea-1.2.23-opml.patch ---
diff -urp liferea-1.2.23.OLD/src/common.c liferea-1.2.23/src/common.c
--- liferea-1.2.23.OLD/src/common.c	2007-08-19 13:17:58.000000000 -0400
+++ liferea-1.2.23/src/common.c	2007-10-31 14:18:19.000000000 -0400
@@ -908,6 +908,9 @@ static void common_init_cache_path(void)
 
 	g_free(cachePath);
 	/* lifereaUserPath reused globally */
+
+	 /* ensure reasonable default umask */
+	umask (077);
 }
 
 const gchar * common_get_cache_path(void) {
diff -urp liferea-1.2.23.OLD/src/export.c liferea-1.2.23/src/export.c
--- liferea-1.2.23.OLD/src/export.c	2007-06-20 18:22:10.000000000 -0400
+++ liferea-1.2.23/src/export.c	2007-10-31 14:19:05.000000000 -0400
@@ -126,15 +126,15 @@ gboolean export_OPML_feedlist(const gcha
 			error = TRUE;
 		}
 		
-		if(trusted)
-			old_umask = umask(077);
+		if(!trusted)
+			old_umask = umask(022);
 			
 		if(-1 == common_save_xml(doc, backupFilename)) {
 			g_warning("Could not export to OPML file!!");
 			error = TRUE;
 		}
 		
-		if(trusted)
+		if(!trusted)
 			umask(old_umask);
 			
 		xmlFreeDoc(doc);


Index: liferea.spec
===================================================================
RCS file: /cvs/pkgs/rpms/liferea/F-8/liferea.spec,v
retrieving revision 1.94
retrieving revision 1.95
diff -u -r1.94 -r1.95
--- liferea.spec	24 Oct 2007 18:04:39 -0000	1.94
+++ liferea.spec	31 Oct 2007 18:49:31 -0000	1.95
@@ -2,7 +2,7 @@
 
 Name:           liferea
 Version:        1.2.23
-Release: 4%{?dist}
+Release: 	5%{?dist}
 Summary:        An RSS/RDF feed reader
 
 Group:          Applications/Internet
@@ -11,6 +11,7 @@
 Source0:        http://download.sourceforge.net/%{name}/%{name}-%{version}.tar.gz
 Patch0:		%{name}-1.2.10-fedorafeed.patch
 Patch1:         %{name}-nm-0.7.patch
+Patch2:		%{name}-%{version}-opml.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 BuildRequires:  gtkhtml2-devel
@@ -44,6 +45,7 @@
 %setup -q -n %{name}-%{version}
 %patch0 -p1 -b .fedorafeed
 %patch1 -p1 -b .nm
+%patch2 -p1 -b .opml
 
 
 %build
@@ -116,6 +118,9 @@
 
 
 %changelog
+* Wed Oct 31 2007 Brian Pepple <bpepple at fedoraproject.org> - 1.2.23-5
+- Add patch to fix opml security bug: CVE-2007-5751. (#360641)
+
 * Wed Oct 24 2007 Jeremy Katz <katzj at redhat.com> - 1.2.23-4
 - Fix build against new NetworkManager

More information about the scm-commits mailing list