rpms/liferea/F-7 liferea-1.2.23-opml.patch, NONE, 1.1 liferea.spec, 1.86, 1.87

Wed Oct 31 18:59:27 UTC 2007

Author: bpepple

Update of /cvs/pkgs/rpms/liferea/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv21592

Modified Files:
	liferea.spec 
Added Files:
	liferea-1.2.23-opml.patch 
Log Message:
* Wed Oct 31 2007 Brian Pepple <bpepple at fedoraproject.org> - 1.2.23-4
- Add patch to fix opml security bug: CVE-2007-5751. (#360641)


liferea-1.2.23-opml.patch:

--- NEW FILE liferea-1.2.23-opml.patch ---
diff -urp liferea-1.2.23.OLD/src/common.c liferea-1.2.23/src/common.c
--- liferea-1.2.23.OLD/src/common.c	2007-08-19 13:17:58.000000000 -0400
+++ liferea-1.2.23/src/common.c	2007-10-31 14:18:19.000000000 -0400
@@ -908,6 +908,9 @@ static void common_init_cache_path(void)
 
 	g_free(cachePath);
 	/* lifereaUserPath reused globally */
+
+	 /* ensure reasonable default umask */
+	umask (077);
 }
 
 const gchar * common_get_cache_path(void) {
diff -urp liferea-1.2.23.OLD/src/export.c liferea-1.2.23/src/export.c
--- liferea-1.2.23.OLD/src/export.c	2007-06-20 18:22:10.000000000 -0400
+++ liferea-1.2.23/src/export.c	2007-10-31 14:19:05.000000000 -0400
@@ -126,15 +126,15 @@ gboolean export_OPML_feedlist(const gcha
 			error = TRUE;
 		}
 		
-		if(trusted)
-			old_umask = umask(077);
+		if(!trusted)
+			old_umask = umask(022);
 			
 		if(-1 == common_save_xml(doc, backupFilename)) {
 			g_warning("Could not export to OPML file!!");
 			error = TRUE;
 		}
 		
-		if(trusted)
+		if(!trusted)
 			umask(old_umask);
 			
 		xmlFreeDoc(doc);


Index: liferea.spec
===================================================================
RCS file: /cvs/pkgs/rpms/liferea/F-7/liferea.spec,v
retrieving revision 1.86
retrieving revision 1.87
diff -u -r1.86 -r1.87
--- liferea.spec	24 Oct 2007 19:04:57 -0000	1.86
+++ liferea.spec	31 Oct 2007 18:58:54 -0000	1.87
@@ -2,7 +2,7 @@
 
 Name:           liferea
 Version:        1.2.23
-Release:        3%{?dist}
+Release:        4%{?dist}
 Summary:        An RSS/RDF feed reader
 
 Group:          Applications/Internet
@@ -10,6 +10,7 @@
 URL:            http://liferea.sourceforge.net/
 Source0:        http://download.sourceforge.net/%{name}/%{name}-%{version}.tar.gz
 Patch0:		%{name}-1.2.10-fedorafeed.patch
+Patch1:		%{name}-%{version}-opml.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 BuildRequires:  gtkhtml2-devel
@@ -42,6 +43,7 @@
 %prep
 %setup -q -n %{name}-%{version}
 %patch0 -p1 -b .fedorafeed
+%patch1 -p1 -b .opml
 
 
 %build
@@ -114,6 +116,9 @@
 
 
 %changelog
+* Wed Oct 31 2007 Brian Pepple <bpepple at fedoraproject.org> - 1.2.23-4
+- Add patch to fix opml security bug: CVE-2007-5751. (#360641)
+
 * Wed Oct 24 2007 Brian Pepple <bpepple at fedoraproject.org> - 1.2.23-3
 - Acutually use the correct version of gecko-libs.
 


