[catfish/f19] Fix insecure loading of script at startup (CVE-2014-2093 through

[Mamoru TASAKA]

commit 099b9861a412f1fdbadd17a876645e267dcadee8
Author: Mamoru TASAKA <mtasaka at fedoraproject.org>
Date:   Sun Mar 2 17:51:34 2014 +0900

    Fix insecure loading of script at startup (CVE-2014-2093 through
    
      CVE-2014-2096, bug 1069398)

 catfish.spec |   15 ++++++++++++++-
 1 files changed, 14 insertions(+), 1 deletions(-)
---
diff --git a/catfish.spec b/catfish.spec
index bb314e9..8ca6821 100644
--- a/catfish.spec
+++ b/catfish.spec
@@ -2,7 +2,7 @@
 %define		mainver		0.4.0.2
 %undefine		betaver		
 
-%define		fedoraver	3
+%define		fedoraver	4
 
 
 Name:		catfish
@@ -126,6 +126,15 @@ desktop-file-install \
 %{__ln_s} -f ../locale/ \
 	  $RPM_BUILD_ROOT%{_datadir}/%{name}/
 
+# Just use simple wrapper script to fix CVE-2014-2093 through 
+# CVE-2014-2096, bug 1069398
+cat > $RPM_BUILD_ROOT%{_bindir}/%{name} <<EOF
+#!/bin/bash
+
+exec python2 %{_datadir}/%{name}/%{name}.py "\$@"
+EOF
+chmod 0755 $RPM_BUILD_ROOT%{_bindir}/%{name}
+
 %{find_lang} %{name}
 
 %clean
@@ -156,6 +165,10 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
 %defattr(-,root,root,-)
 
 %changelog
+* Sun Mar 02 2014 Mamoru TASAKA <mtasaka at fedoraproject.org> - 0.4.0.2-4
+- Fix insecure loading of script at startup (CVE-2014-2093 through 
+  CVE-2014-2096, bug 1069398)
+
 * Mon Jul  1 2013 Mamoru TASAKA <mtasaka at fedoraproject.org> - 0.4.0.2-3
 - Fix GError module error on launch (bug 964356)
 - Fix infinite loop when searching words with asterisk (bug 964356)