From dda64b4435620e4b9b840e7ccf164860b1789231 Mon Sep 17 00:00:00 2001 From: Julian Sikorski Date: Oct 03 2010 18:42:11 +0000 Subject: - Switched to upstreams approach for the security fix - Use the new macros properly --- diff --git a/0001-Fixed-RedHat-bug-638384-CVE-2010-3357-CVE-2010-3357-.patch b/0001-Fixed-RedHat-bug-638384-CVE-2010-3357-CVE-2010-3357-.patch new file mode 100644 index 0000000..0dd389b --- /dev/null +++ b/0001-Fixed-RedHat-bug-638384-CVE-2010-3357-CVE-2010-3357-.patch @@ -0,0 +1,25 @@ +From 44370dc2a87f7fa0d6c9730979514bd407a37c65 Mon Sep 17 00:00:00 2001 +From: Pedro Castro +Date: Sat, 2 Oct 2010 00:32:13 +0100 +Subject: [PATCH] Fixed RedHat bug #638384 - (CVE-2010-3357) CVE-2010-3357 gnome-subtitles: insecure library loading vulnerability + +--- + src/GnomeSubtitles/Execution/gnome-subtitles.in | 2 +- + 1 files changed, 1 insertions(+), 1 deletions(-) + +diff --git a/src/GnomeSubtitles/Execution/gnome-subtitles.in b/src/GnomeSubtitles/Execution/gnome-subtitles.in +index 698fe4a..6689357 100644 +--- a/src/GnomeSubtitles/Execution/gnome-subtitles.in ++++ b/src/GnomeSubtitles/Execution/gnome-subtitles.in +@@ -6,7 +6,7 @@ libdir=@libdir@ + + sublibdir=@SUBLIB_DLL_DIR@ + +-export LD_LIBRARY_PATH="$libdir/gnome-subtitles:$LD_LIBRARY_PATH" ++export LD_LIBRARY_PATH=$libdir/gnome-subtitles${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH} + export MONO_PATH=$sublibdir:$MONO_PATH + exec -a gnome-subtitles @MONO@ $libdir/gnome-subtitles/gnome-subtitles.exe "$@" + +-- +1.7.2.3 + diff --git a/gnome-subtitles-ldlibpath.patch b/gnome-subtitles-ldlibpath.patch deleted file mode 100644 index 7cc6da2..0000000 --- a/gnome-subtitles-ldlibpath.patch +++ /dev/null @@ -1,16 +0,0 @@ -diff -up gnome-subtitles-1.0/src/GnomeSubtitles/Execution/gnome-subtitles.in.ldlibpath gnome-subtitles-1.0/src/GnomeSubtitles/Execution/gnome-subtitles.in ---- gnome-subtitles-1.0/src/GnomeSubtitles/Execution/gnome-subtitles.in.ldlibpath 2009-09-09 00:16:36.000000000 +0200 -+++ gnome-subtitles-1.0/src/GnomeSubtitles/Execution/gnome-subtitles.in 2010-09-30 22:21:54.000000000 +0200 -@@ -6,7 +6,11 @@ libdir=@libdir@ - - sublibdir=@SUBLIB_DLL_DIR@ - --export LD_LIBRARY_PATH="$libdir/gnome-subtitles:$LD_LIBRARY_PATH" -+if [ -z ${LD_LIBRARY_PATH} ]; then -+ export LD_LIBRARY_PATH=$libdir/gnome-subtitles -+else -+ export LD_LIBRARY_PATH=$libdir/gnome-subtitles:${LD_LIBRARY_PATH} -+fi - export MONO_PATH=$sublibdir:$MONO_PATH - exec -a gnome-subtitles @MONO@ $libdir/gnome-subtitles/gnome-subtitles.exe "$@" - diff --git a/gnome-subtitles.spec b/gnome-subtitles.spec index d465611..69106be 100644 --- a/gnome-subtitles.spec +++ b/gnome-subtitles.spec @@ -1,6 +1,6 @@ Name: gnome-subtitles Version: 1.0 -Release: 2%{?dist} +Release: 3%{?dist} Summary: Subtitle editor for Gnome Group: Applications/Multimedia @@ -8,7 +8,7 @@ Group: Applications/Multimedia License: GPLv2+ and (MPLv1.1 or GPLv2+ or LGPLv2+) URL: http://gnome-subtitles.sourceforge.net Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz -Patch0: %{name}-ldlibpath.patch +Patch0: 0001-Fixed-RedHat-bug-638384-CVE-2010-3357-CVE-2010-3357-.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: desktop-file-utils @@ -42,7 +42,7 @@ translation and synchronization. %prep %setup -q -%patch0 -p1 -b .ldlibpath +%patch0 -p1 -b .cve20103357 %build @@ -65,16 +65,16 @@ desktop-file-install --vendor=fedora \ %pre -%gconf_schema_prepare %{name}.schemas +%gconf_schema_prepare %{name} %post -%gconf_schema_upgrade %{name}.schemas +%gconf_schema_upgrade %{name} update-desktop-database &> /dev/null || : %preun -%gconf_schema_remove %{name}.schemas +%gconf_schema_remove %{name} %postun @@ -96,6 +96,10 @@ update-desktop-database &> /dev/null || : %changelog +* Sun Oct 03 2010 Julian Sikorski - 1.0-3 +- Switched to upstreams approach for the security fix +- Use the new macros properly + * Thu Sep 30 2010 Julian Sikorski - 1.0-2 - Fixed security vulnrerability CVE-2010-3357 - Updated scriptlets to the latest spec