rpms/audacity/F-7 audacity-1.3.2-CVE-2007-6061.patch, NONE, 1.1 audacity-1.3.2-allegro-cflags.patch, NONE, 1.1 audacity-1.3.2-expat2.patch, NONE, 1.1 audacity-1.3.2-gcc43.patch, NONE, 1.1 audacity-1.3.2-jack-api-109.patch, NONE, 1.1 audacity-1.3.2-libdir.patch, NONE, 1.1 audacity-1.3.2-soundtouch-cxxflags.patch, NONE, 1.1 audacity.spec, 1.36, 1.37
Michael Schwendt (mschwendt)
fedora-extras-commits at redhat.com
Sat May 3 07:06:17 UTC 2008
Author: mschwendt
Update of /cvs/pkgs/rpms/audacity/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv15868
Modified Files:
audacity.spec
Added Files:
audacity-1.3.2-CVE-2007-6061.patch
audacity-1.3.2-allegro-cflags.patch
audacity-1.3.2-expat2.patch audacity-1.3.2-gcc43.patch
audacity-1.3.2-jack-api-109.patch audacity-1.3.2-libdir.patch
audacity-1.3.2-soundtouch-cxxflags.patch
Log Message:
sync with F-8
audacity-1.3.2-CVE-2007-6061.patch:
--- NEW FILE audacity-1.3.2-CVE-2007-6061.patch ---
diff -Nur audacity-src-1.3.2-beta-orig/src/AudacityApp.cpp audacity-src-1.3.2-beta/src/AudacityApp.cpp
--- audacity-src-1.3.2-beta-orig/src/AudacityApp.cpp 2006-10-29 01:05:26.000000000 +0200
+++ audacity-src-1.3.2-beta/src/AudacityApp.cpp 2008-05-02 17:46:49.000000000 +0200
@@ -821,7 +821,7 @@
if (tempFromPrefs != wxT("")) {
if (wxDirExists(tempFromPrefs))
temp = tempFromPrefs;
- else if (wxMkdir(tempFromPrefs))
+ else if (wxMkdir(tempFromPrefs, 0755))
temp = tempFromPrefs;
}
@@ -830,10 +830,21 @@
if (temp==wxT("") && tempDefaultLoc != wxT("")) {
if (wxDirExists(tempDefaultLoc))
temp = tempDefaultLoc;
- else if (wxMkdir(tempDefaultLoc))
+ else if (wxMkdir(tempDefaultLoc, 0755))
temp = tempDefaultLoc;
}
+ // Check temp directory ownership.
+ struct stat tempStatBuf;
+ if ( lstat(temp.mb_str(), &tempStatBuf) != 0 ) {
+ temp.clear();
+ }
+ else {
+ if ( geteuid() != tempStatBuf.st_uid ) {
+ temp.clear();
+ }
+ }
+
if (temp == wxT("")) {
// Failed
wxMessageBox(_("Audacity could not find a place to store temporary files.\nPlease enter an appropriate directory in the preferences dialog."));
audacity-1.3.2-allegro-cflags.patch:
--- NEW FILE audacity-1.3.2-allegro-cflags.patch ---
diff -Nur audacity-src-1.3.2-beta-orig/lib-src/allegro/Makefile.in audacity-src-1.3.2-beta/lib-src/allegro/Makefile.in
--- audacity-src-1.3.2-beta-orig/lib-src/allegro/Makefile.in 2006-10-29 01:05:59.000000000 +0200
+++ audacity-src-1.3.2-beta/lib-src/allegro/Makefile.in 2008-03-22 10:26:33.000000000 +0100
@@ -4,7 +4,7 @@
CCC = @CXX@
srcdir=@srcdir@
-CFLAGS = -g -O
+CFLAGS = @CFLAGS@
CPPOBJ = \
allegro.cpp.o \
allegrord.cpp.o \
audacity-1.3.2-expat2.patch:
--- NEW FILE audacity-1.3.2-expat2.patch ---
diff -Nur audacity-src-1.3.2-beta-orig/src/xml/XMLFileReader.cpp audacity-src-1.3.2-beta/src/xml/XMLFileReader.cpp
--- audacity-src-1.3.2-beta-orig/src/xml/XMLFileReader.cpp 2006-10-29 01:05:26.000000000 +0200
+++ audacity-src-1.3.2-beta/src/xml/XMLFileReader.cpp 2007-08-28 12:11:08.000000000 +0200
@@ -61,9 +61,9 @@
size_t len = fread(buffer, 1, bufferSize, theXMLFile.fp());
done = (len < bufferSize);
if (!XML_Parse(mParser, buffer, len, done)) {
- mErrorStr.Printf(_("Error: %hs at line %d"),
+ mErrorStr.Printf(_("Error: %hs at line %lu"),
XML_ErrorString(XML_GetErrorCode(mParser)),
- XML_GetCurrentLineNumber(mParser));
+ (long unsigned int)XML_GetCurrentLineNumber(mParser));
theXMLFile.Close();
return false;
}
audacity-1.3.2-gcc43.patch:
--- NEW FILE audacity-1.3.2-gcc43.patch ---
diff -Nur audacity-src-1.3.2-beta-orig/lib-src/soundtouch/include/soundtouch_config.h.in audacity-src-1.3.2-beta/lib-src/soundtouch/include/soundtouch_config.h.in
--- audacity-src-1.3.2-beta-orig/lib-src/soundtouch/include/soundtouch_config.h.in 2006-10-29 01:06:01.000000000 +0200
+++ audacity-src-1.3.2-beta/lib-src/soundtouch/include/soundtouch_config.h.in 2008-01-03 16:53:06.000000000 +0100
@@ -43,24 +43,6 @@
/* Use Integer as Sample type */
#undef INTEGER_SAMPLES
-/* Name of package */
-#undef PACKAGE
-
-/* Define to the address where bug reports for this package should be sent. */
-#undef PACKAGE_BUGREPORT
-
-/* Define to the full name of this package. */
-#undef PACKAGE_NAME
-
-/* Define to the full name and version of this package. */
-#undef PACKAGE_STRING
-
-/* Define to the one symbol short name of this package. */
-#undef PACKAGE_TARNAME
-
-/* Define to the version of this package. */
-#undef PACKAGE_VERSION
-
/* Define as the return type of signal handlers (`int' or `void'). */
#undef RETSIGTYPE
diff -Nur audacity-src-1.3.2-beta-orig/lib-src/soundtouch/source/example/SoundStretch/WavFile.cpp audacity-src-1.3.2-beta/lib-src/soundtouch/source/example/SoundStretch/WavFile.cpp
--- audacity-src-1.3.2-beta-orig/lib-src/soundtouch/source/example/SoundStretch/WavFile.cpp 2006-10-29 01:06:00.000000000 +0200
+++ audacity-src-1.3.2-beta/lib-src/soundtouch/source/example/SoundStretch/WavFile.cpp 2008-01-03 15:53:25.000000000 +0100
@@ -48,6 +48,7 @@
#include <stdio.h>
#include <stdexcept>
#include <string>
+#include <cstring>
#include <assert.h>
#include <limits.h>
audacity-1.3.2-jack-api-109.patch:
--- NEW FILE audacity-1.3.2-jack-api-109.patch ---
diff -Nur audacity-src-1.3.2-beta-orig/lib-src/portaudio-v19/src/hostapi/jack/pa_jack.c audacity-src-1.3.2-beta/lib-src/portaudio-v19/src/hostapi/jack/pa_jack.c
--- audacity-src-1.3.2-beta-orig/lib-src/portaudio-v19/src/hostapi/jack/pa_jack.c 2006-10-29 01:05:49.000000000 +0200
+++ audacity-src-1.3.2-beta/lib-src/portaudio-v19/src/hostapi/jack/pa_jack.c 2008-02-11 01:13:04.000000000 +0100
@@ -1669,27 +1669,19 @@
{
for( i = 0; i < stream->num_incoming_connections; i++ )
{
- UNLESS( !jack_port_lock( stream->jack_client, stream->local_input_ports[i] ),
- paUnanticipatedHostError );
if( jack_port_connected( stream->local_input_ports[i] ) )
{
UNLESS( !jack_port_disconnect( stream->jack_client, stream->local_input_ports[i] ),
paUnanticipatedHostError );
}
- UNLESS( !jack_port_unlock( stream->jack_client, stream->local_input_ports[i] ),
- paUnanticipatedHostError );
}
for( i = 0; i < stream->num_outgoing_connections; i++ )
{
- UNLESS( !jack_port_lock( stream->jack_client, stream->local_output_ports[i] ),
- paUnanticipatedHostError );
if( jack_port_connected( stream->local_output_ports[i] ) )
{
UNLESS( !jack_port_disconnect( stream->jack_client, stream->local_output_ports[i] ),
paUnanticipatedHostError );
}
- UNLESS( !jack_port_unlock( stream->jack_client, stream->local_output_ports[i] ),
- paUnanticipatedHostError );
}
}
audacity-1.3.2-libdir.patch:
--- NEW FILE audacity-1.3.2-libdir.patch ---
diff -Nur audacity-src-1.3.2-beta-orig/src/effects/ladspa/LoadLadspa.cpp audacity-src-1.3.2-beta/src/effects/ladspa/LoadLadspa.cpp
--- audacity-src-1.3.2-beta-orig/src/effects/ladspa/LoadLadspa.cpp 2006-10-29 01:05:27.000000000 +0200
+++ audacity-src-1.3.2-beta/src/effects/ladspa/LoadLadspa.cpp 2008-02-10 22:00:53.000000000 +0100
@@ -86,8 +86,8 @@
#ifdef __WXGTK__
wxGetApp().AddUniquePathToPathList(wxT(INSTALL_PREFIX) wxT("/ladspa"), pathList);
- wxGetApp().AddUniquePathToPathList(wxT("/usr/local/lib/ladspa"), pathList);
- wxGetApp().AddUniquePathToPathList(wxT("/usr/lib/ladspa"), pathList);
+ wxGetApp().AddUniquePathToPathList(wxT("/usr/local/__RPM_LIB__/ladspa"), pathList);
+ wxGetApp().AddUniquePathToPathList(wxT("__RPM_LIBDIR__/ladspa"), pathList);
#endif
#ifdef __WXMAC__
diff -Nur audacity-src-1.3.2-beta-orig/src/export/ExportMP3.cpp audacity-src-1.3.2-beta/src/export/ExportMP3.cpp
--- audacity-src-1.3.2-beta-orig/src/export/ExportMP3.cpp 2006-10-29 01:05:27.000000000 +0200
+++ audacity-src-1.3.2-beta/src/export/ExportMP3.cpp 2008-02-10 21:58:51.000000000 +0100
@@ -258,7 +258,7 @@
wxString GetLibraryPath()
{
- return wxT("/usr/lib");
+ return wxT("__RPM_LIBDIR__");
}
wxString GetLibraryName()
audacity-1.3.2-soundtouch-cxxflags.patch:
--- NEW FILE audacity-1.3.2-soundtouch-cxxflags.patch ---
diff -Nur audacity-src-1.3.2-beta-orig/lib-src/soundtouch/configure audacity-src-1.3.2-beta/lib-src/soundtouch/configure
--- audacity-src-1.3.2-beta-orig/lib-src/soundtouch/configure 2006-10-29 01:06:00.000000000 +0200
+++ audacity-src-1.3.2-beta/lib-src/soundtouch/configure 2008-03-22 10:15:28.000000000 +0100
@@ -2443,7 +2443,8 @@
#AC_MAINTAINER_MODE
-CXXFLAGS= ac_ext=cpp
+#CXXFLAGS=
+ac_ext=cpp
ac_cpp='$CXXCPP $CPPFLAGS'
ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
Index: audacity.spec
===================================================================
RCS file: /cvs/pkgs/rpms/audacity/F-7/audacity.spec,v
retrieving revision 1.36
retrieving revision 1.37
diff -u -r1.36 -r1.37
--- audacity.spec 16 Nov 2007 18:16:18 -0000 1.36
+++ audacity.spec 3 May 2008 07:05:38 -0000 1.37
@@ -1,6 +1,6 @@
Name: audacity
Version: 1.3.2
-Release: 14%{?dist}.1
+Release: 21%{?dist}
Summary: A multitrack audio editor
Group: Applications/Multimedia
@@ -16,6 +16,13 @@
Patch4: audacity-1.3.2-destdir.patch
Patch5: audacity-1.3.2-resample.patch
Patch6: audacity-1.3.2-FLAC.patch
+Patch7: audacity-1.3.2-expat2.patch
+Patch8: audacity-1.3.2-gcc43.patch
+Patch9: audacity-1.3.2-libdir.patch
+Patch10: audacity-1.3.2-jack-api-109.patch
+Patch11: audacity-1.3.2-soundtouch-cxxflags.patch
+Patch12: audacity-1.3.2-allegro-cflags.patch
+Patch13: audacity-1.3.2-CVE-2007-6061.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: alsa-lib-devel
BuildRequires: desktop-file-utils
@@ -57,17 +64,29 @@
%patch4 -p1 -b .destdir
%patch5 -p1 -b .resample
%patch6 -p1 -b .FLAC
+%patch7 -p1 -b .expat2
+%patch8 -p1 -b .gcc43
-# Substitute occurences of "libmp3lame.so" with "libmp3lame.so.0".
-for i in help/wxhelp/audacity.hhk help/wxhelp/exportmp3.htm locale/*.po src/export/ExportMP3.cpp
+# Substitute hardcoded library paths.
+%patch9 -p1
+for i in src/effects/ladspa/LoadLadspa.cpp src/export/ExportMP3.cpp
do
- sed -i -e 's!libmp3lame.so\([^.]\)!libmp3lame.so.0\1!g' $i
+ sed -i -e 's!__RPM_LIBDIR__!%{_libdir}!g' $i
+ sed -i -e 's!__RPM_LIB__!%{_lib}!g' $i
done
+grep -q -s __RPM_LIB * -R && exit 1
-# Substitute hardcoded /usr/lib paths.
-for i in src/AudacityApp.cpp src/export/ExportMP3.cpp
+%if 0%{?fedora} > 8
+%patch10 -p1 -b .jack-api
+%endif
+%patch11 -p1 -b .soundtouch-cxxflags
+%patch12 -p1 -b .allegro-cflags
+%patch13 -p1 -b .CVE-2007-6061
+
+# Substitute occurences of "libmp3lame.so" with "libmp3lame.so.0".
+for i in help/wxhelp/audacity.hhk help/wxhelp/exportmp3.htm locale/*.po src/export/ExportMP3.cpp
do
- sed -i -e 's!/usr/lib!%{_libdir}!g' $i
+ sed -i -e 's!libmp3lame.so\([^.]\)!libmp3lame.so.0\1!g' $i
done
%ifnarch %{ix86} x86_64
@@ -120,13 +139,13 @@
%post
umask 022
%{_bindir}/update-mime-database %{_datadir}/mime > /dev/null 2>&1 || :
-%{_bindir}/update-desktop-database /usr/share/applications > /dev/null 2>&1 || :
+%{_bindir}/update-desktop-database %{_datadir}/applications > /dev/null 2>&1 || :
%postun
umask 022
%{_bindir}/update-mime-database %{_datadir}/mime > /dev/null 2>&1 || :
-%{_bindir}/update-desktop-database /usr/share/applications > /dev/null 2>&1 || :
+%{_bindir}/update-desktop-database %{_datadir}/applications > /dev/null 2>&1 || :
%files -f %{name}.lang
@@ -141,16 +160,37 @@
%changelog
-* Fri Nov 16 2007 Michael Schwendt <mschwendt[AT]users.sf.net> - 1.3.2-14.1
+* Sat May 3 2008 Michael Schwendt <mschwendt at fedoraproject.org> - 1.3.2-21
+- check ownership of temporary files directory (#436260) (CVE-2007-6061)
+
+* Fri Mar 21 2008 Michael Schwendt <mschwendt at fedoraproject.org> - 1.3.2-20
+- make soundtouch and allegro build with RPM optflags
+
+* Sun Feb 10 2008 Michael Schwendt <mschwendt at fedoraproject.org> - 1.3.2-19
+- rawhide: patch for JACK 0.109.0 API changes (jack_port_lock/unlock removal).
+- rebuilt for GCC 4.3 as requested by Fedora Release Engineering
+- subst _libdir in ladspa plugin loader
+
+* Thu Jan 3 2008 Michael Schwendt <mschwendt at fedoraproject.org> - 1.3.2-18
+- Patch for GCC 4.3.0 C++.
+
+* Fri Nov 16 2007 Michael Schwendt <mschwendt at fedoraproject.org> - 1.3.2-17
- rebuilt for FLAC 1.1.4 -> 1.2.x upgrade, which broke FLAC import
-* Mon Mar 5 2007 Michael Schwendt <mschwendt[AT]users.sf.net>
+* Tue Aug 28 2007 Michael Schwendt <mschwendt at fedoraproject.org> - 1.3.2-16
+- rebuilt for new expat (#195888)
+
+* Tue Aug 21 2007 Michael Schwendt <mschwendt at fedoraproject.org> - 1.3.2-15
+- rebuild per request on fedora-devel-list
+- clarify licence (GPLv2)
+
+* Mon Mar 5 2007 Michael Schwendt <mschwendt at fedoraproject.org>
- add umask 022 to scriptlets
-* Sat Feb 24 2007 Michael Schwendt <mschwendt[AT]users.sf.net> - 1.3.2-14
+* Sat Feb 24 2007 Michael Schwendt <mschwendt at fedoraproject.org> - 1.3.2-14
- patch for FLAC 1.1.4 API compatibility
-* Sat Feb 24 2007 Michael Schwendt <mschwendt[AT]users.sf.net> - 1.3.2-13
+* Sat Feb 24 2007 Michael Schwendt <mschwendt at fedoraproject.org> - 1.3.2-13
- patch ExportMP3.cpp (MPEG-2 Layer III bitrates resulted in
broken/empty files)
- convert locale related perl substitutions into patches (safer)
@@ -206,7 +246,7 @@
* Mon Aug 28 2006 Gerard Milmeister <gemi at bluewin.ch> - 1.2.4-0.2.b
- Rebuild for FE6
-* Fri Mar 17 2006 Michael Schwendt <mschwendt[AT]users.sf.net> - 1.2.4-0.1.b
+* Fri Mar 17 2006 Michael Schwendt <mschwendt at fedoraproject.org> - 1.2.4-0.1.b
- Update to 1.2.4b (stable release).
- Follow upstream recommendation and use the GTK+ 1.x wxGTK.
This is because of various issues with fonts/layout/behaviour.
@@ -225,7 +265,7 @@
* Thu Apr 7 2005 Gerard Milmeister <gemi at bluewin.ch> - 1.2.3-3
- Build gtk2 version by default
-* Fri Apr 7 2005 Michael Schwendt <mschwendt[AT]users.sf.net>
+* Fri Apr 7 2005 Michael Schwendt <mschwendt at fedoraproject.org>
- rebuilt
* Tue Apr 5 2005 Gerard Milmeister <gemi at bluewin.ch> - 1.2.3-2
@@ -234,7 +274,7 @@
* Sat Nov 20 2004 Gerard Milmeister <gemi at bluewin.ch> - 0:1.2.3-1
- New Version 1.2.3
-* Sat Oct 30 2004 Michael Schwendt <mschwendt[AT]users.sf.net> - 0:1.2.2-0.fdr.1
+* Sat Oct 30 2004 Michael Schwendt <mschwendt at fedoraproject.org> - 0:1.2.2-0.fdr.1
- Update to 1.2.2, patch aboutdialog to be readable with wxGTK.
* Mon May 10 2004 Gerard Milmeister <gemi at bluewin.ch> - 0:1.2.1-0.fdr.1
More information about the fedora-extras-commits
mailing list