[TeXmacs] fix CVE-2010-3394 (#638428)

Sat Feb 12 10:14:17 UTC 2011

commit 93df6e448f1cf78eba256e2bf4f3c64c82556049
Author: Jindrich Novy <jnovy at redhat.com>
Date:   Sat Feb 12 11:14:08 2011 +0100

    fix CVE-2010-3394 (#638428)

 TeXmacs-CVE-2010-3394.patch |   30 ++++++++++++++++++++++++++++++
 TeXmacs.spec                |    7 ++++++-
 2 files changed, 36 insertions(+), 1 deletions(-)
---

diff --git a/TeXmacs-CVE-2010-3394.patch b/TeXmacs-CVE-2010-3394.patch
new file mode 100644
index 0000000..1d20d4e
--- /dev/null
+++ b/TeXmacs-CVE-2010-3394.patch
@@ -0,0 +1,30 @@
+diff -up TeXmacs-1.0.7.9-src/misc/bundle/TeXmacs.CVE-2010-3394 TeXmacs-1.0.7.9-src/misc/bundle/TeXmacs
+--- TeXmacs-1.0.7.9-src/misc/bundle/TeXmacs.CVE-2010-3394	2010-12-17 20:13:31.000000000 +0100
++++ TeXmacs-1.0.7.9-src/misc/bundle/TeXmacs	2011-02-11 06:42:08.237433283 +0100
+@@ -7,12 +7,12 @@ export LAUNCH_SCRIPT LAUNCH_DIR
+ RESOURCES_DIR="$LAUNCH_DIR/../Resources"
+ #PATH=/opt/local/bin:$PATH
+ PATH="$RESOURCES_DIR/bin:$PATH"
+-DYLD_LIBRARY_PATH="$RESOURCES_DIR/lib${DYLD_LIBRARY_PATH+":$DYLD_LIBRARY_PATH"}"
++DYLD_LIBRARY_PATH="$RESOURCES_DIR/lib"${DYLD_LIBRARY_PATH:+":$DYLD_LIBRARY_PATH"}
+ export RESOURCES_DIR PATH DYLD_LIBRARY_PATH
+ 
+ TEXMACS_PATH="$RESOURCES_DIR/share/TeXmacs"
+ PATH="$TEXMACS_PATH/bin:$PATH"
+-DYLD_LIBRARY_PATH="$TEXMACS_PATH/lib${DYLD_LIBRARY_PATH+":$DYLD_LIBRARY_PATH"}"
++DYLD_LIBRARY_PATH="$TEXMACS_PATH/lib"${DYLD_LIBRARY_PATH:+":$DYLD_LIBRARY_PATH"}
+ export TEXMACS_PATH PATH DYLD_LIBRARY_PATH
+ 
+ #GS_LIB=".:$RESOURCES_DIR/ghostscript/8.61/lib:$RESOURCES_DIR/ghostscript/8.61/Resource:$RESOURCES_DIR/ghostscript/fonts:$RESOURCES_DIR/fonts/default/ghostscript:$RESOURCES_DIR/fonts/default/Type1:$RESOURCES_DIR/fonts/default/TrueType:/usr/lib/DPS/outline/base:/usr/openwin/lib/X11/fonts/Type1:/usr/openwin/lib/X11/fonts/TrueType:/usr/share/cups/fonts"
+diff -up TeXmacs-1.0.7.9-src/plugins/mupad/bin/tm_mupad_help.CVE-2010-3394 TeXmacs-1.0.7.9-src/plugins/mupad/bin/tm_mupad_help
+--- TeXmacs-1.0.7.9-src/plugins/mupad/bin/tm_mupad_help.CVE-2010-3394	2010-12-17 20:13:17.000000000 +0100
++++ TeXmacs-1.0.7.9-src/plugins/mupad/bin/tm_mupad_help	2011-02-11 06:45:01.507533316 +0100
+@@ -26,7 +26,7 @@ export MuPAD_ROOT_PATH
+ 
+ SYSINFO=`$MuPAD_ROOT_PATH/share/bin/sysinfo`
+ export SYSINFO
+-LD_LIBRARY_PATH=$LD_LIBRARY_PATH:${MuPAD_ROOT_PATH}/${SYSINFO}/lib:/usr/local/X11R6/motif-2.0/lib:/usr/local/X11R6/lib:$MuPAD_ROOT_PATH/$SYSINFO/bin
++LD_LIBRARY_PATH=${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}${MuPAD_ROOT_PATH}/${SYSINFO}/lib:/usr/local/X11R6/motif-2.0/lib:/usr/local/X11R6/lib:$MuPAD_ROOT_PATH/$SYSINFO/bin
+ export LD_LIBRARY_PATH
+ 
+ XKEYSYMDB=$MuPAD_ROOT_PATH/share/unix/XKeysymDB
diff --git a/TeXmacs.spec b/TeXmacs.spec
index 527f272..e5023c3 100644
--- a/TeXmacs.spec
+++ b/TeXmacs.spec
@@ -1,6 +1,6 @@
 Name:		TeXmacs
 Version:	1.0.7.9
-Release:	1%{?dist}
+Release:	2%{?dist}
 Summary:	Structured WYSIWYG scientific text editor
 
 Group:		Applications/Editors
@@ -10,6 +10,7 @@ Source:		ftp://ftp.texmacs.org/pub/TeXmacs/targz/TeXmacs-%{version}-src.tar.gz
 Patch1:         TeXmacs-1.6.0.7-rdelim.patch
 Patch2:         TeXmacs-psfix.patch
 Patch3:         TeXmacs-util_h.patch
+Patch4:		TeXmacs-CVE-2010-3394.patch
 Requires:	tex(tex)
 Requires:	ghostscript
 BuildRequires:	guile-devel
@@ -64,6 +65,7 @@ Development files required to create TeXmacs plugins.
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
+%patch4 -p1
 sed -i "s|LDPATH = \@CONFIG_BPATH\@|LDPATH =|" src/makefile.in
 sed -i "s|5\.14\.\*|5.15.*|" plugins/maxima/bin/tm_maxima
 
@@ -173,6 +175,9 @@ rm -rf $RPM_BUILD_ROOT
 
 
 %changelog
+* Fri Feb 11 2011 Jindrich Novy <jnovy at redhat.com> - 1.0.7.9-2
+- fix CVE-2010-3394 (#638428)
+
 * Thu Feb 10 2011 Jindrich Novy <jnovy at redhat.com> - 1.0.7.9-1
 - update to 1.0.7.9 (#593625)
 - fix Requires
