rpms/blam/F-8 blam-CVE-2005-4790.patch, NONE, 1.1 blam.spec, 1.19, 1.20

Peter Gordon (pgordon) fedora-extras-commits at redhat.com
Thu Nov 22 20:20:18 UTC 2007 

Author: pgordon

Update of /cvs/pkgs/rpms/blam/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv8779/F-8

Modified Files:
	blam.spec 
Added Files:
	blam-CVE-2005-4790.patch 
Log Message:
Backport upstream fix for CVE-2005-4790.

blam-CVE-2005-4790.patch:

--- NEW FILE blam-CVE-2005-4790.patch ---
--- blam-1.8.3/blam.in	2006-11-16 16:06:40.000000000 -0800
+++ blam-1.8.4/blam.in	2007-01-06 05:43:35.000000000 -0800
@@ -1,12 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 
-MOZILLA_HOME=@MOZILLA_HOME@
-export MOZILLA_HOME
-
-MOZILLA_FIVE_HOME=@MOZILLA_HOME@
-export MOZILLA_FIVE_HOME
-
-LD_LIBRARY_PATH="@prefix@/lib/blam:@MOZILLA_HOME@:$LD_LIBRARY_PATH"
-export LD_LIBRARY_PATH
-
-exec mono @prefix@/lib/blam/blam.exe $@
+LD_LIBRARY_PATH="@prefix@/lib/blam:@MOZILLA_HOME@${LD_LIBRARY_PATH+:$LD_LIBRARY_PATH}" MOZILLA_FIVE_HOME=@MOZILLA_HOME@ \
+MOZILLA_HOME=@MOZILLA_HOME@ exec -a 'blam' mono @prefix@/lib/blam/blam.exe $@


Index: blam.spec
===================================================================
RCS file: /cvs/pkgs/rpms/blam/F-8/blam.spec,v
retrieving revision 1.19
retrieving revision 1.20
diff -u -r1.19 -r1.20
--- blam.spec	13 Nov 2007 23:36:47 -0000	1.19
+++ blam.spec	22 Nov 2007 20:19:45 -0000	1.20
@@ -5,7 +5,7 @@
 
 Name:		blam
 Version:	1.8.3
-Release:	10%{?dist}
+Release:	11%{?dist}
 Summary:	An RSS/RDF feed reader
 
 Group:		Applications/Internet
@@ -13,9 +13,11 @@
 URL:		http://www.cmartin.tk/blam.html
 
 Source0:	http://www.cmartin.tk/blam/%{name}-%{version}.tar.bz2
+
 Patch0:		%{name}-fix-PrintJob-ambiguous-reference.patch
 Patch1:		%{name}-fedora-people-in-default-collection.patch
 Patch2:		%{name}-fix-THEME_DIR-path.patch
+Patch3:		%{name}-CVE-2005-4790.patch
 
 BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 ## Various Mono dependencies are not available for ppc64; see bug 241850.
@@ -63,6 +65,7 @@
 %patch0 -p0 -b .fix-PrintJob-ambiguous-reference-compile-error
 %patch1 -p0 -b .add-fedora-people-feed-to-default-collection.xml
 %patch2 -p0 -b .fix-THEME_DIR-path
+%patch3 -p1 -b .CVE-2005-4790
 
 
 %build
@@ -126,6 +129,9 @@
 %{_mandir}/man?/%{name}.1*
 
 %changelog
+* Thu Nov 22 2007 Peter Gordon <peter at thecodergeek.com> - 1.8.3-11
+- Fix CVE-2005-4790 (bug 252294).
+
 * Tue Nov 13 2007 Peter Gordon <peter at thecodergeek.com> - 1.8.3-10
 - Rebuild for new Gecko (Firefox 2.0.0.9).

More information about the fedora-extras-commits mailing list