rpms/amarok/FC-5 amarok-1.4.5-CVE-2006-6979.patch, NONE, 1.1 amarok.spec, 1.66, 1.67

Wed Feb 14 19:13:52 UTC 2007

Author: abompard

Update of /cvs/extras/rpms/amarok/FC-5
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14600/FC-5

Modified Files:
	amarok.spec 
Added Files:
	amarok-1.4.5-CVE-2006-6979.patch 
Log Message:
add patch to fix CVE-2006-6979 (bug 228138)

amarok-1.4.5-CVE-2006-6979.patch:

--- NEW FILE amarok-1.4.5-CVE-2006-6979.patch ---
Index: src/magnatunebrowser/magnatunealbumdownloader.cpp
===================================================================
--- amarok/src/magnatunebrowser/magnatunealbumdownloader.cpp	(revision 633106)
+++ amarok/src/magnatunebrowser/magnatunealbumdownloader.cpp	(working copy)
@@ -89,7 +89,7 @@
 
     //ok, now we have the .zip file downloaded. All we need is to unpack it to the desired location and add it to the collection.
 
-    QString unzipString = "unzip \""+m_tempDir.name() + m_currentAlbumFileName + "\" -d \"" + m_currentAlbumUnpackLocation + "\" &";
+    QString unzipString = KProcess::quote( "unzip \""+m_tempDir.name() + m_currentAlbumFileName + "\" -d \"" + m_currentAlbumUnpackLocation + "\" &" );
 
     debug() << "unpacking: " << unzipString << endl;
 


Index: amarok.spec
===================================================================
RCS file: /cvs/extras/rpms/amarok/FC-5/amarok.spec,v
retrieving revision 1.66
retrieving revision 1.67
diff -u -r1.66 -r1.67
--- amarok.spec	7 Feb 2007 22:25:05 -0000	1.66
+++ amarok.spec	14 Feb 2007 19:13:19 -0000	1.67
@@ -4,13 +4,14 @@
 Name:       amarok
 Summary:    Media player for KDE
 Version:    1.4.5
-Release:    1%{?dist}.1
+Release:    2%{?dist}
 
 Group: 	    Applications/Multimedia
 License:    GPL
 Url:        http://amarok.kde.org
 # http://download.kde.org/download.php?url=stable/amarok/1.4.3/src
 Source0:    http://mirrors.isc.org/pub/kde/stable/amarok/%{version}/src/amarok-%{version}.tar.bz2
+Patch0:     amarok-1.4.5-CVE-2006-6979.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 BuildRequires:  kdemultimedia-devel >= 6:3.2
@@ -80,6 +81,7 @@
 
 %prep
 %setup -q
+%patch0 -p0 -b .CVE-2006-6979
 
 
 
@@ -193,11 +195,9 @@
 # SMB
 %{_datadir}/services/amarok_smb-device.desktop
 %{_libdir}/kde3/libamarok_smb-device.*
-%if "%fedora" >= "6"
 # IPod
 %{_datadir}/services/amarok_ipod-mediadevice.desktop
 %{_libdir}/kde3/libamarok_ipod-mediadevice.*
-%endif
 # VFAT
 %{_datadir}/services/amarok_generic-mediadevice.desktop
 %{_libdir}/kde3/libamarok_generic-mediadevice.*
@@ -235,8 +235,8 @@
 
 
 %changelog
-* Wed Feb 07 2007 Aurelien Bompard <abompard at fedoraproject.org> 1.4.5-1.1
-- libgpod is not recent enough in FC5
+* Wed Feb 14 2007 Aurelien Bompard <abompard at fedoraproject.org> 1.4.5-2
+- add patch to fix CVE-2006-6979 (bug 228138)
 
 * Sat Feb 03 2007 Aurelien Bompard <abompard at fedoraproject.org> 1.4.5-1
 - version 1.4.5


