diff --git a/csound-sanitize-sys.patch b/csound-sanitize-sys.patch new file mode 100644 index 0000000..6ee1e98 --- /dev/null +++ b/csound-sanitize-sys.patch @@ -0,0 +1,22 @@ +--- a/frontends/CsoundVST/Shell.cpp ++++ b/frontends/CsoundVST/Shell.cpp +@@ -211,6 +211,8 @@ namespace csound + void Shell::main(int argc, char **argv) + { + PySys_SetArgv_(argc, argv); ++ /* Sanitize sys.path */ ++ PyRun_SimpleString_("import sys; sys.path = filter(None, sys.path)"); + } + + void Shell::initialize() +--- a/frontends/CsoundVST/ScoreGeneratorVst.cpp ++++ b/frontends/CsoundVST/ScoreGeneratorVst.cpp +@@ -427,6 +427,8 @@ + Shell::open(); + char *argv[] = {"",""}; + PySys_SetArgv(1, argv); ++ /* Sanitize sys.path */ ++ PyRun_SimpleString("import sys; sys.path = filter(None, sys.path)"); + PyObject *mainModule = PyImport_ImportModule("__main__"); + result = runScript("import sys\n"); + if(result) diff --git a/csound.changes b/csound.changes index 911377e..3b49df9 100644 --- a/csound.changes +++ b/csound.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Wed Jan 28 14:40:46 CET 2009 - tiwai@suse.de + +- Fix python module search path insecure issue (bnc#470095) + This package is unaffected; the patch is included just for any + possible cases in future. + ------------------------------------------------------------------- Wed Oct 1 15:28:52 CEST 2008 - tiwai@suse.de diff --git a/csound.spec b/csound.spec index 0355f1b..a368435 100644 --- a/csound.spec +++ b/csound.spec @@ -1,7 +1,7 @@ # # spec file for package csound (Version 5.06.0) # -# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -26,8 +26,8 @@ BuildRequires: fltk-devel libjpeg-devel libpng-devel xorg-x11-devel %endif Summary: Computer Sound Synthesis and Composition Program Version: 5.06.0 -Release: 128 -License: LGPL v2.1 or later +Release: 129 +License: GNU Free Documentation License, Version 1.2 (GFDL 1.2); LGPL v2.1 or later; X11/MIT Group: Productivity/Multimedia/Sound/Utilities Source: Csound%{version}.tar.bz2 Source1: README.SuSE @@ -35,6 +35,7 @@ Patch: csound-alsa-fix.diff Patch1: csound-tmpnam-fix.diff Patch2: csound-gcc-warning-fix.diff Patch3: csound-python-2.6-fix.diff +Patch4: csound-sanitize-sys.patch Url: http://www.csounds.com AutoReq: on Autoprov: off @@ -54,6 +55,7 @@ For detailed information, refer to http://www.csounds.com. %patch1 %patch2 %patch3 +%patch4 -p1 cp %{SOURCE1} . # fix encoding iconv -f latin1 -t utf8 readme-csound5.txt > readme-csound5.txt.utf8 @@ -104,6 +106,10 @@ rm -rf $RPM_BUILD_ROOT%{_includedir} # %{_libdir}/lib* %changelog +* Wed Jan 28 2009 tiwai@suse.de +- Fix python module search path insecure issue (bnc#470095) + This package is unaffected; the patch is included just for any + possible cases in future. * Wed Oct 01 2008 tiwai@suse.de - fix build with python-2.6 * Wed Jun 20 2007 tiwai@suse.de