rpms/liferea/F-8 liferea-1.2.23-opml.patch, NONE, 1.1 liferea.spec, 1.94, 1.95
Brian Pepple (bpepple)
fedora-extras-commits at redhat.com
Wed Oct 31 18:50:04 UTC 2007
Author: bpepple
Update of /cvs/pkgs/rpms/liferea/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20920
Modified Files:
liferea.spec
Added Files:
liferea-1.2.23-opml.patch
Log Message:
* Wed Oct 31 2007 Brian Pepple <bpepple at fedoraproject.org> - 1.2.23-5
- Add patch to fix opml security bug: CVE-2007-5751. (#360641)
liferea-1.2.23-opml.patch:
--- NEW FILE liferea-1.2.23-opml.patch ---
diff -urp liferea-1.2.23.OLD/src/common.c liferea-1.2.23/src/common.c
--- liferea-1.2.23.OLD/src/common.c 2007-08-19 13:17:58.000000000 -0400
+++ liferea-1.2.23/src/common.c 2007-10-31 14:18:19.000000000 -0400
@@ -908,6 +908,9 @@ static void common_init_cache_path(void)
g_free(cachePath);
/* lifereaUserPath reused globally */
+
+ /* ensure reasonable default umask */
+ umask (077);
}
const gchar * common_get_cache_path(void) {
diff -urp liferea-1.2.23.OLD/src/export.c liferea-1.2.23/src/export.c
--- liferea-1.2.23.OLD/src/export.c 2007-06-20 18:22:10.000000000 -0400
+++ liferea-1.2.23/src/export.c 2007-10-31 14:19:05.000000000 -0400
@@ -126,15 +126,15 @@ gboolean export_OPML_feedlist(const gcha
error = TRUE;
}
- if(trusted)
- old_umask = umask(077);
+ if(!trusted)
+ old_umask = umask(022);
if(-1 == common_save_xml(doc, backupFilename)) {
g_warning("Could not export to OPML file!!");
error = TRUE;
}
- if(trusted)
+ if(!trusted)
umask(old_umask);
xmlFreeDoc(doc);
Index: liferea.spec
===================================================================
RCS file: /cvs/pkgs/rpms/liferea/F-8/liferea.spec,v
retrieving revision 1.94
retrieving revision 1.95
diff -u -r1.94 -r1.95
--- liferea.spec 24 Oct 2007 18:04:39 -0000 1.94
+++ liferea.spec 31 Oct 2007 18:49:31 -0000 1.95
@@ -2,7 +2,7 @@
Name: liferea
Version: 1.2.23
-Release: 4%{?dist}
+Release: 5%{?dist}
Summary: An RSS/RDF feed reader
Group: Applications/Internet
@@ -11,6 +11,7 @@
Source0: http://download.sourceforge.net/%{name}/%{name}-%{version}.tar.gz
Patch0: %{name}-1.2.10-fedorafeed.patch
Patch1: %{name}-nm-0.7.patch
+Patch2: %{name}-%{version}-opml.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: gtkhtml2-devel
@@ -44,6 +45,7 @@
%setup -q -n %{name}-%{version}
%patch0 -p1 -b .fedorafeed
%patch1 -p1 -b .nm
+%patch2 -p1 -b .opml
%build
@@ -116,6 +118,9 @@
%changelog
+* Wed Oct 31 2007 Brian Pepple <bpepple at fedoraproject.org> - 1.2.23-5
+- Add patch to fix opml security bug: CVE-2007-5751. (#360641)
+
* Wed Oct 24 2007 Jeremy Katz <katzj at redhat.com> - 1.2.23-4
- Fix build against new NetworkManager
More information about the scm-commits
mailing list