[ardour/f14/master] - Fix CVE-2010-3349 RHBZ#638365
Orcan Ogetbil
oget at fedoraproject.org
Wed Sep 29 19:50:50 UTC 2010
commit 5a18d11acfb67edb3c781787ecb2ff6d456b4db7
Author: Orcan Ogetbil <oget.fedora at gmail.com>
Date: Wed Sep 29 15:48:39 2010 -0400
- Fix CVE-2010-3349 RHBZ#638365
ardour-safe-env-vars.patch | 14 ++++++++++++++
ardour.spec | 9 ++++++++-
2 files changed, 22 insertions(+), 1 deletions(-)
---
diff --git a/ardour-safe-env-vars.patch b/ardour-safe-env-vars.patch
new file mode 100644
index 0000000..2d04406
--- /dev/null
+++ b/ardour-safe-env-vars.patch
@@ -0,0 +1,14 @@
+diff -rupN ardour-2.8.11.old/gtk2_ardour/ardour.sh.in ardour-2.8.11/gtk2_ardour/ardour.sh.in
+--- ardour-2.8.11.old/gtk2_ardour/ardour.sh.in 2009-02-24 07:37:42.000000000 -0500
++++ ardour-2.8.11/gtk2_ardour/ardour.sh.in 2010-09-29 15:23:27.000000000 -0400
+@@ -1,8 +1,8 @@
+ #!/bin/sh
+
+-export GTK_PATH=%INSTALL_PREFIX%/%LIBDIR%/ardour2:$GTK_PATH
++export GTK_PATH=%INSTALL_PREFIX%/%LIBDIR%/ardour2${GTK_PATH:+:$GTK_PATH}
+
+-export LD_LIBRARY_PATH=%INSTALL_PREFIX%/%LIBDIR%/ardour2:$LD_LIBRARY_PATH
++export LD_LIBRARY_PATH=%INSTALL_PREFIX%/%LIBDIR%/ardour2${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}
+ # DYLD_LIBRARY_PATH is for Darwin
+ export DYLD_LIBRARY_PATH=$LD_LIBRARY_PATH
+
diff --git a/ardour.spec b/ardour.spec
index aa49619..e404a66 100644
--- a/ardour.spec
+++ b/ardour.spec
@@ -1,7 +1,7 @@
Summary: Multichannel Digital Audio Workstation
Name: ardour
Version: 2.8.11
-Release: 3%{?dist}
+Release: 4%{?dist}
# No more direct links. Download from
# http://ardour.org/download
Source: ardour-%{version}.tar.bz2
@@ -9,6 +9,9 @@ Source2: ardour.script
Patch0: ardour-SConscript.patch
Patch1: ardour-2.8-session.cc-no_stomp.patch
Patch3: ardour-2.5-HOST_NOT_FOUND.patch
+# Fix CVE-2010-3349 RHBZ#638365
+# From upstream CVS 2.0 branch
+Patch4: ardour-safe-env-vars.patch
URL: http://ardour.org
License: GPLv2+
Group: Applications/Multimedia
@@ -64,6 +67,7 @@ digital mixers.
%patch0 -p1 -b .SConscript
%patch1 -p1 -b .no_stomp
%patch3 -p0 -b .host.not.found
+%patch4 -p1 -b .safe.env
# Fix encodings:
iconv -f ISO-8859-1 -t UTF8 ardour.1.fr > ardour.1.fr.tmp
@@ -177,6 +181,9 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
%{_mandir}/ru/man1/ardour.1*
%changelog
+* Wed Sep 29 2010 Orcan Ogetbil <oget [DOT] fedora [AT] gmail [DOT] com> 2.8.11-4
+- Fix CVE-2010-3349 RHBZ#638365
+
* Tue Jul 27 2010 Orcan Ogetbil <oget[DOT]fedora[AT]gmail[DOT]com> - 2.8.11-3
- Rebuild on F-14 against new boost
More information about the scm-commits
mailing list