rpms/kdemultimedia/FC-3 post-3.4.2-kdemultimedia-kaudiocreator.diff, NONE, 1.1 kdemultimedia.spec, 1.34, 1.35
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Tue Aug 23 12:36:38 UTC 2005
Author: than
Update of /cvs/dist/rpms/kdemultimedia/FC-3
In directory cvs.devel.redhat.com:/tmp/cvs-serv23067
Modified Files:
kdemultimedia.spec
Added Files:
post-3.4.2-kdemultimedia-kaudiocreator.diff
Log Message:
apply patch to fix security issue in kaudiocreator
post-3.4.2-kdemultimedia-kaudiocreator.diff:
encoder.cpp | 11 ++++++-----
job.cpp | 13 +++++++++++++
job.h | 2 ++
3 files changed, 21 insertions(+), 5 deletions(-)
--- NEW FILE post-3.4.2-kdemultimedia-kaudiocreator.diff ---
Index: job.cpp
===================================================================
--- job.cpp (revision 450276)
+++ job.cpp (working copy)
@@ -18,6 +18,7 @@
#include "job.h"
#include <kmacroexpander.h>
+#include <qregexp.h>
/**
* A helper function to replace %X with the stuff in the album.
@@ -43,3 +44,15 @@
return (KMacroExpander::expandMacros(string, map));
}
+void Job::fix(const QString &in, const QString &out){
+ track_title.replace( QRegExp(in), out );
+ track_artist.replace( QRegExp(in), out );
+ track_comment.replace( QRegExp(in), out );
+ // year
+ // track
+ genre.replace( QRegExp(in), out );
+ album.replace( QRegExp(in), out );
+ comment.replace( QRegExp(in), out );
+ group.replace( QRegExp(in), out );
+}
+
Index: encoder.cpp
===================================================================
--- encoder.cpp (revision 450276)
+++ encoder.cpp (working copy)
@@ -162,13 +162,14 @@
{
QMap <QString,QString> map;
map.insert("extension", prefs->extension());
- desiredFile = job->replaceSpecialChars(desiredFile, false, map);
+ Job jobx = *job;
+ jobx.fix(Prefs::replaceInput(), Prefs::replaceOutput());
+ jobx.fix("/", "%2f");
+ // If the user wants anything regexp replaced do it now...
+ desiredFile = jobx.replaceSpecialChars(desiredFile, false, map);
+ desiredFile.replace( QRegExp("~"), QDir::homeDirPath() );
}
- desiredFile.replace( QRegExp("~"), QDir::homeDirPath() );
- // If the user wants anything regexp replaced do it now...
- desiredFile.replace( QRegExp(Prefs::replaceInput()), Prefs::replaceOutput() );
-
while ( QFile::exists( desiredFile ) ) {
bool ok;
QString text = KInputDialog::getText(
Index: job.h
===================================================================
--- job.h (revision 450276)
+++ job.h (working copy)
@@ -35,6 +35,8 @@
QString replaceSpecialChars(const QString &string, bool quote, QMap<QString,QString> map);
+ void fix( const QString &in, const QString &out );
+
// The device to obtain the file such as /dev/cdrom/ (Used when ripping and ejecting)
QString device;
int id;
Index: kdemultimedia.spec
===================================================================
RCS file: /cvs/dist/rpms/kdemultimedia/FC-3/kdemultimedia.spec,v
retrieving revision 1.34
retrieving revision 1.35
diff -u -r1.34 -r1.35
--- kdemultimedia.spec 4 Aug 2005 20:33:11 -0000 1.34
+++ kdemultimedia.spec 23 Aug 2005 12:36:35 -0000 1.35
@@ -43,6 +43,9 @@
Patch2: kdemultimedia-3.4.0-config.patch
Patch4: kdemultimedia-3.4.0-xdg.patch
+# security fixes
+Patch100: post-3.4.2-kdemultimedia-kaudiocreator.diff
+
Prereq: /sbin/ldconfig
Requires: kdelibs >= 6:%{version}
@@ -107,6 +110,10 @@
%patch2 -p1 -b .config
%patch4 -p1 -b .xdg
+pushd kaudiocreator
+%patch100 -p0 -b .kaudiocreator-security
+popd
+
# remove aktion, we don't ship xanim (license problems)
%if %{redhatify}
rm -rf doc/aktion aktion
@@ -247,6 +254,9 @@
%{_includedir}/kde/*
%changelog
+* Tue Aug 23 2005 Than Ngo <than at redhat.com> 6:3.4.2-0.fc3.2
+- apply patch to fix security issue in kaudiocreator
+
* Thu Aug 04 2005 Than Ngo <than at redhat.com> 6:3.4.2-0.fc3.1
- update to 3.4.2
More information about the fedora-cvs-commits
mailing list