[bristol/f14/master] Security fix.

Jon Ciesla limb at fedoraproject.org
Mon Oct 25 21:45:25 UTC 2010 

commit 04bb657bab3b8f6383c7f07a4b71d1863269b686
Author: Jon Ciesla <limb at jcomserv.net>
Date:   Mon Oct 25 16:45:16 2010 -0500

    Security fix.

 bristol-0.40.7-CVE-2010-3351.patch |   11 +++++++++++
 bristol.spec                       |    8 +++++++-
 2 files changed, 18 insertions(+), 1 deletions(-)
---
diff --git a/bristol-0.40.7-CVE-2010-3351.patch b/bristol-0.40.7-CVE-2010-3351.patch
new file mode 100644
index 0000000..a3853d3
--- /dev/null
+++ b/bristol-0.40.7-CVE-2010-3351.patch
@@ -0,0 +1,11 @@
+--- bin/startBristol.in~	2009-07-28 07:50:20.000000000 -0500
++++ bin/startBristol.in	2010-10-25 16:35:49.821127708 -0500
+@@ -266,7 +266,7 @@
+ declare -x SLAB_HOME=$BRISTOL
+ declare -x BRIGHTON=$BRISTOL
+ 
+-declare -x LD_LIBRARY_PATH=/usr/lib:/usr/local/lib:${LD_LIBRARY_PATH}:${BRISTOL}/lib
++#declare -x LD_LIBRARY_PATH=/usr/lib:/usr/local/lib:${LD_LIBRARY_PATH}:${BRISTOL}/lib
+ 
+ declare PATH=${PATH}:$BRISTOL/bin:/usr/local/bin
+ 
diff --git a/bristol.spec b/bristol.spec
index 4818e6a..2e4c0ad 100644
--- a/bristol.spec
+++ b/bristol.spec
@@ -1,6 +1,6 @@
 Name:		bristol
 Version:	0.40.7
-Release:	6%{dist}
+Release:	7%{dist}
 Summary:	Synthesizer emulator
 
 Group:		Applications/Multimedia
@@ -8,6 +8,7 @@ License:	GPLv2+
 URL:		http://bristol.sourceforge.net
 Source0:	http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz
 Source1:	%{name}.desktop
+Patch0:		bristol-0.40.7-CVE-2010-3351.patch
 BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 BuildRequires:	libX11-devel alsa-lib-devel jack-audio-connection-kit-devel desktop-file-utils
@@ -29,6 +30,8 @@ This package contains the development libraries for Bristol.
 %prep
 %setup -q
 
+%patch0 -p0 -b .libpath
+
 find ./bitmaps/ -name '*.gz' | xargs chmod -x 
 chmod -x ./memory/profiles/*
 find . -name '*.c' | xargs chmod -x
@@ -79,6 +82,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_libdir}/lib*.so
 
 %changelog
+* Mon Oct 25 2010 Jon Ciesla <limb at jcomserv.net> - 0.40.7-7
+- Fix for CVE-2010-3351, BZ 638376.
+
 * Tue Jan 26 2010 Jon Ciesla <limb at jcomserv.net> - 0.40.7-6
 - Removed INSTALL.

More information about the scm-commits mailing list