[tuxguitar] - Fix CVE-2010-3385 insecure library loading vulnerability - RHBZ#638396

Orcan Ogetbil oget at fedoraproject.org
Sat Oct 2 01:55:21 UTC 2010 

commit 5c0b833e8bf2452f2603ceedd4addbbd3edf8137
Author: Orcan Ogetbil <oget.fedora at gmail.com>
Date:   Fri Oct 1 21:55:16 2010 -0400

    - Fix CVE-2010-3385 insecure library loading vulnerability - RHBZ#638396

 tuxguitar-build-fedora.xml |    2 +-
 tuxguitar.spec             |    5 ++++-
 2 files changed, 5 insertions(+), 2 deletions(-)
---
diff --git a/tuxguitar-build-fedora.xml b/tuxguitar-build-fedora.xml
index 50adcf2..d869edb 100644
--- a/tuxguitar-build-fedora.xml
+++ b/tuxguitar-build-fedora.xml
@@ -116,7 +116,7 @@
 		<echo file="${file.script}" append="true">	[ ! -d ${MOZILLA_FIVE_HOME} ] &amp;&amp; MOZILLA_FIVE_HOME=/usr/lib${os.lib.suffix}/iceweasel${line.separator}</echo>
 		<echo file="${file.script}" append="true">fi${line.separator}</echo>
 		<echo file="${file.script}" append="true">##LIBRARY_PATH${line.separator}</echo>
-		<echo file="${file.script}" append="true">LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:${dist.lib.path}${line.separator}</echo>
+		<echo file="${file.script}" append="true">LD_LIBRARY_PATH=${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}${dist.lib.path}${line.separator}</echo>
 		<echo file="${file.script}" append="true">LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/lib${os.lib.suffix}${line.separator}</echo>
 		<echo file="${file.script}" append="true">LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/lib${os.lib.suffix}${line.separator}</echo>
 		<echo file="${file.script}" append="true">LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/lib${os.lib.suffix}/jni${line.separator}</echo>
diff --git a/tuxguitar.spec b/tuxguitar.spec
index db94cd3..2a00082 100644
--- a/tuxguitar.spec
+++ b/tuxguitar.spec
@@ -3,7 +3,7 @@
 Summary:          A multitrack tablature editor and player written in Java-SWT
 Name:             tuxguitar
 Version:          1.2
-Release:          2%{?dist}
+Release:          3%{?dist}
 URL:              http://www.tuxguitar.com.ar
 Source0:          http://downloads.sourceforge.net/%{name}/%{name}-src-%{version}.tar.gz
 # Fedora specific build script. Accepted by upstream:
@@ -179,6 +179,9 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
 %{_bindir}/%{name}
 
 %changelog
+* Fri Oct 01 2010 Orcan Ogetbil <oget[DOT]fedora[AT]gmail[DOT]com>> - 1.2-3
+- Fix CVE-2010-3385 insecure library loading vulnerability - RHBZ#638396
+
 * Sat Nov 28 2009 Orcan Ogetbil <oget[DOT]fedora[AT]gmail[DOT]com>> - 1.2-2
 - Change build system (we'll use our build-fedora.xml rather than patching Debian's
   Makefile).

More information about the scm-commits mailing list