From c4b9173f478c413336afa869df2c7e431621e13fc00993f94d57f0b5a5ab3247 Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Thu, 3 Apr 2008 08:36:39 +0000 Subject: [PATCH] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/audacity?expand=0&rev=8 --- audacity-1.3.4-CVE-2007-6061.patch | 13 +++++++++++++ audacity.changes | 6 ++++++ audacity.spec | 10 ++++++++-- 3 files changed, 27 insertions(+), 2 deletions(-) create mode 100644 audacity-1.3.4-CVE-2007-6061.patch diff --git a/audacity-1.3.4-CVE-2007-6061.patch b/audacity-1.3.4-CVE-2007-6061.patch new file mode 100644 index 0000000..d564642 --- /dev/null +++ b/audacity-1.3.4-CVE-2007-6061.patch @@ -0,0 +1,13 @@ +--- src/AudacityApp.cpp ++++ src/AudacityApp.cpp +@@ -573,8 +573,8 @@ + // * The user's .audacity-files directory in their home directory + // * The "share" and "share/doc" directories in their install path + #ifdef __WXGTK__ +- defaultTempDir.Printf(wxT("/tmp/audacity%d.%d-%s"), +- AUDACITY_VERSION, AUDACITY_RELEASE, wxGetUserId().c_str()); ++ defaultTempDir.Printf(wxT("/%s/audacity%d.%d-%s"), ++ home.c_str(), AUDACITY_VERSION, AUDACITY_RELEASE, wxGetUserId().c_str()); + + wxString pathVar = wxGetenv(wxT("AUDACITY_PATH")); + if (pathVar != wxT("")) diff --git a/audacity.changes b/audacity.changes index f405210..84c29de 100644 --- a/audacity.changes +++ b/audacity.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Apr 2 14:11:45 CEST 2008 - anosek@suse.cz + +- fixed Insecure symlink handling (bnc#344588) (CVE-2007-6061.patch) + - temp file is now created in users home directory + ------------------------------------------------------------------- Fri Jan 25 15:37:39 CET 2008 - adrian@suse.de diff --git a/audacity.spec b/audacity.spec index d4fa119..235c0cb 100644 --- a/audacity.spec +++ b/audacity.spec @@ -10,6 +10,7 @@ # norootforbuild + Name: audacity BuildRequires: SDL-devel flac-devel gcc-c++ glib-devel id3lib-devel jack-devel libid3tag-devel libmspack-devel libsamplerate-devel libsndfile-devel libtiff-devel libvorbis-devel soundtouch-devel unixODBC-devel update-desktop-files wxGTK-devel zip # build with local portaudio for now @@ -17,7 +18,7 @@ BuildRequires: SDL-devel flac-devel gcc-c++ glib-devel id3lib-devel jack-devel %define DISTRIBUTABLE 1 Summary: A Free, Cross-Platform Digital Audio Editor Version: 1.3.4 -Release: 5 +Release: 34 License: GPL v2 or later Group: Productivity/Multimedia/Sound/Editors and Convertors BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -33,6 +34,7 @@ Patch5: %{name}-%{version}-retval.patch Patch6: %{name}-%{version}-strict-aliasing.patch Patch7: %{name}-%{version}-nosse.patch Patch8: %{name}-%{version}-compile.patch +Patch9: %{name}-%{version}-CVE-2007-6061.patch %description Audacity is a program that manipulates digital audio wave forms. In @@ -73,6 +75,7 @@ Authors: %patch7 %endif %patch8 +%patch9 %build %{?suse_update_config:%{suse_update_config -f . lib-src/*/.}} @@ -121,6 +124,9 @@ rm -rf $RPM_BUILD_ROOT %{_datadir}/mime/packages/audacity.xml %changelog +* Wed Apr 02 2008 anosek@suse.cz +- fixed Insecure symlink handling (bnc#344588) (CVE-2007-6061.patch) + - temp file is now created in users home directory * Fri Jan 25 2008 adrian@suse.de - remove mad-devel in BuildRequires to keep the package as part of Factory @@ -269,7 +275,7 @@ rm -rf $RPM_BUILD_ROOT - build as user * Mon Sep 15 2003 tiwai@suse.de - added desktop icon. -* Sun Sep 14 2003 adrian@suse.de +* Mon Sep 15 2003 adrian@suse.de - add AudioVideoEditing Category * Fri Aug 29 2003 tiwai@suse.de - fixed the bug of WAVE display.