rpms/audacity/devel audacity-1.3.2-CVE-2007-6061.patch, NONE, 1.1.2.1 audacity-1.3.2-libmp3lame-default.patch, NONE, 1.1.2.1 audacity-1.3.4-libmp3lame-default.patch, NONE, 1.1.2.1 .cvsignore, 1.8.2.1.2.3, 1.8.2.1.2.4 audacity-1.3.4-libdir.patch, 1.1.2.1, 1.1.2.2 audacity.spec, 1.35.2.5.2.11, 1.35.2.5.2.12 sources, 1.10.2.1.2.3, 1.10.2.1.2.4

Michael Schwendt (mschwendt) fedora-extras-commits at redhat.com
Mon May 5 18:52:43 UTC 2008 

Author: mschwendt

Update of /cvs/pkgs/rpms/audacity/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv31929

Modified Files:
      Tag: audacity-1_3_4-test
	.cvsignore audacity-1.3.4-libdir.patch audacity.spec sources 
Added Files:
      Tag: audacity-1_3_4-test
	audacity-1.3.2-CVE-2007-6061.patch 
	audacity-1.3.2-libmp3lame-default.patch 
	audacity-1.3.4-libmp3lame-default.patch 
Log Message:
update test-branch to 1.3.5-rc3 cvs 20080505 snapshot

audacity-1.3.2-CVE-2007-6061.patch:

--- NEW FILE audacity-1.3.2-CVE-2007-6061.patch ---
diff -Nur audacity-src-1.3.2-beta-orig/src/AudacityApp.cpp audacity-src-1.3.2-beta/src/AudacityApp.cpp
--- audacity-src-1.3.2-beta-orig/src/AudacityApp.cpp	2006-10-29 01:05:26.000000000 +0200
+++ audacity-src-1.3.2-beta/src/AudacityApp.cpp	2008-05-02 17:46:49.000000000 +0200
@@ -821,7 +821,7 @@
    if (tempFromPrefs != wxT("")) {
       if (wxDirExists(tempFromPrefs))
          temp = tempFromPrefs;
-      else if (wxMkdir(tempFromPrefs))
+      else if (wxMkdir(tempFromPrefs, 0755))
          temp = tempFromPrefs;
    }
 
@@ -830,10 +830,21 @@
    if (temp==wxT("") && tempDefaultLoc != wxT("")) {
       if (wxDirExists(tempDefaultLoc))
          temp = tempDefaultLoc;
-      else if (wxMkdir(tempDefaultLoc))
+      else if (wxMkdir(tempDefaultLoc, 0755))
          temp = tempDefaultLoc;
    }
 
+   // Check temp directory ownership.
+   struct stat tempStatBuf;
+   if ( lstat(temp.mb_str(), &tempStatBuf) != 0 ) {
+      temp.clear();
+   }
+   else {
+      if ( geteuid() != tempStatBuf.st_uid ) {
+         temp.clear();
+      }
+   }
+
    if (temp == wxT("")) {
       // Failed
       wxMessageBox(_("Audacity could not find a place to store temporary files.\nPlease enter an appropriate directory in the preferences dialog."));

audacity-1.3.2-libmp3lame-default.patch:

--- NEW FILE audacity-1.3.2-libmp3lame-default.patch ---
diff -Nur audacity-src-1.3.2-beta-orig/src/AudacityApp.cpp audacity-src-1.3.2-beta/src/AudacityApp.cpp
--- audacity-src-1.3.2-beta-orig/src/AudacityApp.cpp	2006-10-29 01:05:26.000000000 +0200
+++ audacity-src-1.3.2-beta/src/AudacityApp.cpp	2007-02-20 01:02:49.000000000 +0100
@@ -509,6 +509,8 @@
       return false;
    }
 
+   gPrefs->Write(wxT("/MP3/MP3LibPath"),wxT("__RPM_LIBDIR__/libmp3lame.so.0"));
+
    // More initialization
    InitCleanSpeech();
 

audacity-1.3.4-libmp3lame-default.patch:

--- NEW FILE audacity-1.3.4-libmp3lame-default.patch ---
diff -Nur audacity-src-1.3.4-beta-orig/src/AudacityApp.cpp audacity-src-1.3.4-beta/src/AudacityApp.cpp
--- audacity-src-1.3.4-beta-orig/src/AudacityApp.cpp	2008-01-23 18:32:52.000000000 +0100
+++ audacity-src-1.3.4-beta/src/AudacityApp.cpp	2008-04-12 16:40:33.000000000 +0200
@@ -726,6 +726,8 @@
       return false;
    }
 
+   gPrefs->Write(wxT("/MP3/MP3LibPath"),wxT("__RPM_LIBDIR__/libmp3lame.so.0"));
+
    // More initialization
    InitCleanSpeech();
 


Index: .cvsignore
===================================================================
RCS file: /cvs/pkgs/rpms/audacity/devel/.cvsignore,v
retrieving revision 1.8.2.1.2.3
retrieving revision 1.8.2.1.2.4
diff -u -r1.8.2.1.2.3 -r1.8.2.1.2.4
--- .cvsignore	21 Mar 2008 23:13:47 -0000	1.8.2.1.2.3
+++ .cvsignore	5 May 2008 18:51:58 -0000	1.8.2.1.2.4
@@ -1,2 +1,2 @@
-audacity-1.3.4-20080123cvs.tar.bz2
 audacity-src-1.3.2.tar.gz
+audacity-src-1.3.5-rc3.tar.bz2

audacity-1.3.4-libdir.patch:

Index: audacity-1.3.4-libdir.patch
===================================================================
RCS file: /cvs/pkgs/rpms/audacity/devel/Attic/audacity-1.3.4-libdir.patch,v
retrieving revision 1.1.2.1
retrieving revision 1.1.2.2
diff -u -r1.1.2.1 -r1.1.2.2
--- audacity-1.3.4-libdir.patch	21 Mar 2008 23:13:47 -0000	1.1.2.1
+++ audacity-1.3.4-libdir.patch	5 May 2008 18:51:58 -0000	1.1.2.2
@@ -12,15 +12,3 @@
     #endif
  
     #ifdef __WXMAC__
-diff -Nur audacity-src-1.3.4-beta-orig/src/export/ExportMP3.cpp audacity-src-1.3.4-beta/src/export/ExportMP3.cpp
---- audacity-src-1.3.4-beta-orig/src/export/ExportMP3.cpp	2008-01-23 18:32:52.000000000 +0100
-+++ audacity-src-1.3.4-beta/src/export/ExportMP3.cpp	2008-03-21 23:21:00.000000000 +0100
-@@ -1552,7 +1552,7 @@
- 
-    wxString GetLibraryPath()
-    {
--      return wxT("/usr/lib");
-+      return wxT("__RPM_LIBDIR__");
-    }
- 
-    wxString GetLibraryName()


Index: audacity.spec
===================================================================
RCS file: /cvs/pkgs/rpms/audacity/devel/audacity.spec,v
retrieving revision 1.35.2.5.2.11
retrieving revision 1.35.2.5.2.12
diff -u -r1.35.2.5.2.11 -r1.35.2.5.2.12
--- audacity.spec	22 Mar 2008 11:48:05 -0000	1.35.2.5.2.11
+++ audacity.spec	5 May 2008 18:51:58 -0000	1.35.2.5.2.12
@@ -1,17 +1,21 @@
+# TODO:
+# - check upstream multi-lib changes
+# - check upstream libmp3lame.so.0 rename
+
 # Compile options:
 # --with mp3          : enable mp3 support
 
 Name: audacity
-Version: 1.3.4
-Release: 0.5.20080123cvs%{?dist}
+Version: 1.3.5
+Release: 0.1.rc3.20080505cvs%{?dist}
 Summary: Multitrack audio editor
 Group: Applications/Multimedia
 License: GPLv2
 URL: http://audacity.sourceforge.net
 
-# for post 1.3.4-beta snapshot
+# for cvs 1.3.5-rc3 snapshot
 # cvs -d:pserver:anonymous at audacity.cvs.sourceforge.net:/cvsroot/audacity checkout audacity
-Source0: audacity-1.3.4-20080123cvs.tar.bz2
+Source0: audacity-src-1.3.5-rc3.tar.bz2
 Source1: audacity.png
 Source2: audacity.desktop
 
@@ -19,6 +23,7 @@
 Patch2: audacity-1.3.4-expat2.patch
 Patch3: audacity-1.3.4-libdir.patch
 Patch4: audacity-1.3.4-gcc43.patch
+Patch5: audacity-1.3.4-libmp3lame-default.patch
 
 # for 1.3.2-beta
 Source100: http://downloads.sf.net/sourceforge/audacity/audacity-src-1.3.2.tar.gz
@@ -38,6 +43,8 @@
 Patch110: audacity-1.3.2-jack-api-109.patch
 Patch111: audacity-1.3.2-soundtouch-cxxflags.patch
 Patch112: audacity-1.3.2-allegro-cflags.patch
+Patch113: audacity-1.3.2-libmp3lame-default.patch
+Patch114: audacity-1.3.2-CVE-2007-6061.patch
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires: alsa-lib-devel
@@ -82,12 +89,14 @@
 ### 1.3.4-beta
 ###
 
-cd audacity-src-1.3.4-beta
+cd audacity-src-1.3.5-rc3
 %patch1 -p1 -b .languages
 %patch2 -p1 -b .expat2
+
 # Substitute hardcoded library paths.
 %patch3 -p1
-for i in src/effects/ladspa/LoadLadspa.cpp src/export/ExportMP3.cpp
+%patch5 -p1
+for i in src/effects/ladspa/LoadLadspa.cpp src/export/ExportMP3.cpp src/AudacityApp.cpp
 do
     sed -i -e 's!__RPM_LIBDIR__!%{_libdir}!g' $i
     sed -i -e 's!__RPM_LIB__!%{_lib}!g' $i
@@ -118,9 +127,11 @@
 %patch106 -p1 -b .FLAC
 %patch107 -p1 -b .expat2
 %patch108 -p1 -b .gcc43
+
 # Substitute hardcoded library paths.
 %patch109 -p1
-for i in src/effects/ladspa/LoadLadspa.cpp src/export/ExportMP3.cpp
+%patch113 -p1
+for i in src/effects/ladspa/LoadLadspa.cpp src/export/ExportMP3.cpp src/AudacityApp.cpp
 do
     sed -i -e 's!__RPM_LIBDIR__!%{_libdir}!g' $i
     sed -i -e 's!__RPM_LIB__!%{_lib}!g' $i
@@ -128,10 +139,13 @@
 grep -q -s __RPM_LIB * -R && exit 1
 
 # F9 devel only
+%if 0%{?fedora} > 8
 %patch110 -p1 -b .jack-api
+%endif
 
 %patch111 -p1 -b .soundtouch-cxxflags
 %patch112 -p1 -b .allegro-cflags
+%patch114 -p1 -b .CVE-2007-6061
 
 # Substitute occurences of "libmp3lame.so" with "libmp3lame.so.0".
 for i in help/wxhelp/audacity.hhk help/wxhelp/exportmp3.htm locale/*.po src/export/ExportMP3.cpp
@@ -150,7 +164,7 @@
 
 
 %build
-cd audacity-src-1.3.4-beta
+cd audacity-src-1.3.5-rc3
 %configure \
     --with-help \
     --with-libsndfile=system \
@@ -191,7 +205,7 @@
 mkdir -p $RPM_BUILD_ROOT%{_datadir}/pixmaps
 cp %{SOURCE1} $RPM_BUILD_ROOT%{_datadir}/pixmaps
 
-cd audacity-src-1.3.4-beta
+cd audacity-src-1.3.5-rc3
 make DESTDIR=${RPM_BUILD_ROOT} install
 cd -
 %{find_lang} %{name}
@@ -239,6 +253,16 @@
 
 
 %changelog
+* Mon May  5 2008 Michael Schwendt <mschwendt at fedoraproject.org> - 1.3.5-0.1.rc3.20080505cvs
+- update to 1.3.5-rc3 cvs snapshot
+- ExportMP3.cpp libdir patch obsolete
+
+* Sat May  3 2008 Michael Schwendt <mschwendt at fedoraproject.org> - 1.3.4-0.7.20080123cvs
+- check ownership of temporary files directory (#436260) (CVE-2007-6061)
+
+* Sat Apr 12 2008 Michael Schwendt <mschwendt at fedoraproject.org> - 1.3.4-0.6.20080123cvs
+- set a default location for libmp3lame.so.0 again
+
 * Fri Mar 21 2008 Michael Schwendt <mschwendt at fedoraproject.org> - 1.3.4-0.5.20080123cvs
 - package the old 1.3.2-beta and a post 1.3.4-beta snapshot in the
   same package -- users may stick to the older one, but please help


Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/audacity/devel/sources,v
retrieving revision 1.10.2.1.2.3
retrieving revision 1.10.2.1.2.4
diff -u -r1.10.2.1.2.3 -r1.10.2.1.2.4
--- sources	21 Mar 2008 23:13:47 -0000	1.10.2.1.2.3
+++ sources	5 May 2008 18:51:58 -0000	1.10.2.1.2.4
@@ -1,2 +1,2 @@
-65868316707d7229c8a03e7adf684bf5  audacity-1.3.4-20080123cvs.tar.bz2
 bf63673140254f1283dfd55b61ff2422  audacity-src-1.3.2.tar.gz
+2526e8953fee56cf09f7c8cdf2262dde  audacity-src-1.3.5-rc3.tar.bz2

More information about the fedora-extras-commits mailing list