rpms/audacity/devel audacity-1.3.2-CVE-2007-6061.patch, NONE, 1.1.2.1 audacity-1.3.2-libmp3lame-default.patch, NONE, 1.1.2.1 audacity-1.3.4-libmp3lame-default.patch, NONE, 1.1.2.1 .cvsignore, 1.8.2.1.2.3, 1.8.2.1.2.4 audacity-1.3.4-libdir.patch, 1.1.2.1, 1.1.2.2 audacity.spec, 1.35.2.5.2.11, 1.35.2.5.2.12 sources, 1.10.2.1.2.3, 1.10.2.1.2.4
Michael Schwendt (mschwendt)
fedora-extras-commits at redhat.com
Mon May 5 18:52:43 UTC 2008
Author: mschwendt
Update of /cvs/pkgs/rpms/audacity/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv31929
Modified Files:
Tag: audacity-1_3_4-test
.cvsignore audacity-1.3.4-libdir.patch audacity.spec sources
Added Files:
Tag: audacity-1_3_4-test
audacity-1.3.2-CVE-2007-6061.patch
audacity-1.3.2-libmp3lame-default.patch
audacity-1.3.4-libmp3lame-default.patch
Log Message:
update test-branch to 1.3.5-rc3 cvs 20080505 snapshot
audacity-1.3.2-CVE-2007-6061.patch:
--- NEW FILE audacity-1.3.2-CVE-2007-6061.patch ---
diff -Nur audacity-src-1.3.2-beta-orig/src/AudacityApp.cpp audacity-src-1.3.2-beta/src/AudacityApp.cpp
--- audacity-src-1.3.2-beta-orig/src/AudacityApp.cpp 2006-10-29 01:05:26.000000000 +0200
+++ audacity-src-1.3.2-beta/src/AudacityApp.cpp 2008-05-02 17:46:49.000000000 +0200
@@ -821,7 +821,7 @@
if (tempFromPrefs != wxT("")) {
if (wxDirExists(tempFromPrefs))
temp = tempFromPrefs;
- else if (wxMkdir(tempFromPrefs))
+ else if (wxMkdir(tempFromPrefs, 0755))
temp = tempFromPrefs;
}
@@ -830,10 +830,21 @@
if (temp==wxT("") && tempDefaultLoc != wxT("")) {
if (wxDirExists(tempDefaultLoc))
temp = tempDefaultLoc;
- else if (wxMkdir(tempDefaultLoc))
+ else if (wxMkdir(tempDefaultLoc, 0755))
temp = tempDefaultLoc;
}
+ // Check temp directory ownership.
+ struct stat tempStatBuf;
+ if ( lstat(temp.mb_str(), &tempStatBuf) != 0 ) {
+ temp.clear();
+ }
+ else {
+ if ( geteuid() != tempStatBuf.st_uid ) {
+ temp.clear();
+ }
+ }
+
if (temp == wxT("")) {
// Failed
wxMessageBox(_("Audacity could not find a place to store temporary files.\nPlease enter an appropriate directory in the preferences dialog."));
audacity-1.3.2-libmp3lame-default.patch:
--- NEW FILE audacity-1.3.2-libmp3lame-default.patch ---
diff -Nur audacity-src-1.3.2-beta-orig/src/AudacityApp.cpp audacity-src-1.3.2-beta/src/AudacityApp.cpp
--- audacity-src-1.3.2-beta-orig/src/AudacityApp.cpp 2006-10-29 01:05:26.000000000 +0200
+++ audacity-src-1.3.2-beta/src/AudacityApp.cpp 2007-02-20 01:02:49.000000000 +0100
@@ -509,6 +509,8 @@
return false;
}
+ gPrefs->Write(wxT("/MP3/MP3LibPath"),wxT("__RPM_LIBDIR__/libmp3lame.so.0"));
+
// More initialization
InitCleanSpeech();
audacity-1.3.4-libmp3lame-default.patch:
--- NEW FILE audacity-1.3.4-libmp3lame-default.patch ---
diff -Nur audacity-src-1.3.4-beta-orig/src/AudacityApp.cpp audacity-src-1.3.4-beta/src/AudacityApp.cpp
--- audacity-src-1.3.4-beta-orig/src/AudacityApp.cpp 2008-01-23 18:32:52.000000000 +0100
+++ audacity-src-1.3.4-beta/src/AudacityApp.cpp 2008-04-12 16:40:33.000000000 +0200
@@ -726,6 +726,8 @@
return false;
}
+ gPrefs->Write(wxT("/MP3/MP3LibPath"),wxT("__RPM_LIBDIR__/libmp3lame.so.0"));
+
// More initialization
InitCleanSpeech();
Index: .cvsignore
===================================================================
RCS file: /cvs/pkgs/rpms/audacity/devel/.cvsignore,v
retrieving revision 1.8.2.1.2.3
retrieving revision 1.8.2.1.2.4
diff -u -r1.8.2.1.2.3 -r1.8.2.1.2.4
--- .cvsignore 21 Mar 2008 23:13:47 -0000 1.8.2.1.2.3
+++ .cvsignore 5 May 2008 18:51:58 -0000 1.8.2.1.2.4
@@ -1,2 +1,2 @@
-audacity-1.3.4-20080123cvs.tar.bz2
audacity-src-1.3.2.tar.gz
+audacity-src-1.3.5-rc3.tar.bz2
audacity-1.3.4-libdir.patch:
Index: audacity-1.3.4-libdir.patch
===================================================================
RCS file: /cvs/pkgs/rpms/audacity/devel/Attic/audacity-1.3.4-libdir.patch,v
retrieving revision 1.1.2.1
retrieving revision 1.1.2.2
diff -u -r1.1.2.1 -r1.1.2.2
--- audacity-1.3.4-libdir.patch 21 Mar 2008 23:13:47 -0000 1.1.2.1
+++ audacity-1.3.4-libdir.patch 5 May 2008 18:51:58 -0000 1.1.2.2
@@ -12,15 +12,3 @@
#endif
#ifdef __WXMAC__
-diff -Nur audacity-src-1.3.4-beta-orig/src/export/ExportMP3.cpp audacity-src-1.3.4-beta/src/export/ExportMP3.cpp
---- audacity-src-1.3.4-beta-orig/src/export/ExportMP3.cpp 2008-01-23 18:32:52.000000000 +0100
-+++ audacity-src-1.3.4-beta/src/export/ExportMP3.cpp 2008-03-21 23:21:00.000000000 +0100
-@@ -1552,7 +1552,7 @@
-
- wxString GetLibraryPath()
- {
-- return wxT("/usr/lib");
-+ return wxT("__RPM_LIBDIR__");
- }
-
- wxString GetLibraryName()
Index: audacity.spec
===================================================================
RCS file: /cvs/pkgs/rpms/audacity/devel/audacity.spec,v
retrieving revision 1.35.2.5.2.11
retrieving revision 1.35.2.5.2.12
diff -u -r1.35.2.5.2.11 -r1.35.2.5.2.12
--- audacity.spec 22 Mar 2008 11:48:05 -0000 1.35.2.5.2.11
+++ audacity.spec 5 May 2008 18:51:58 -0000 1.35.2.5.2.12
@@ -1,17 +1,21 @@
+# TODO:
+# - check upstream multi-lib changes
+# - check upstream libmp3lame.so.0 rename
+
# Compile options:
# --with mp3 : enable mp3 support
Name: audacity
-Version: 1.3.4
-Release: 0.5.20080123cvs%{?dist}
+Version: 1.3.5
+Release: 0.1.rc3.20080505cvs%{?dist}
Summary: Multitrack audio editor
Group: Applications/Multimedia
License: GPLv2
URL: http://audacity.sourceforge.net
-# for post 1.3.4-beta snapshot
+# for cvs 1.3.5-rc3 snapshot
# cvs -d:pserver:anonymous at audacity.cvs.sourceforge.net:/cvsroot/audacity checkout audacity
-Source0: audacity-1.3.4-20080123cvs.tar.bz2
+Source0: audacity-src-1.3.5-rc3.tar.bz2
Source1: audacity.png
Source2: audacity.desktop
@@ -19,6 +23,7 @@
Patch2: audacity-1.3.4-expat2.patch
Patch3: audacity-1.3.4-libdir.patch
Patch4: audacity-1.3.4-gcc43.patch
+Patch5: audacity-1.3.4-libmp3lame-default.patch
# for 1.3.2-beta
Source100: http://downloads.sf.net/sourceforge/audacity/audacity-src-1.3.2.tar.gz
@@ -38,6 +43,8 @@
Patch110: audacity-1.3.2-jack-api-109.patch
Patch111: audacity-1.3.2-soundtouch-cxxflags.patch
Patch112: audacity-1.3.2-allegro-cflags.patch
+Patch113: audacity-1.3.2-libmp3lame-default.patch
+Patch114: audacity-1.3.2-CVE-2007-6061.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: alsa-lib-devel
@@ -82,12 +89,14 @@
### 1.3.4-beta
###
-cd audacity-src-1.3.4-beta
+cd audacity-src-1.3.5-rc3
%patch1 -p1 -b .languages
%patch2 -p1 -b .expat2
+
# Substitute hardcoded library paths.
%patch3 -p1
-for i in src/effects/ladspa/LoadLadspa.cpp src/export/ExportMP3.cpp
+%patch5 -p1
+for i in src/effects/ladspa/LoadLadspa.cpp src/export/ExportMP3.cpp src/AudacityApp.cpp
do
sed -i -e 's!__RPM_LIBDIR__!%{_libdir}!g' $i
sed -i -e 's!__RPM_LIB__!%{_lib}!g' $i
@@ -118,9 +127,11 @@
%patch106 -p1 -b .FLAC
%patch107 -p1 -b .expat2
%patch108 -p1 -b .gcc43
+
# Substitute hardcoded library paths.
%patch109 -p1
-for i in src/effects/ladspa/LoadLadspa.cpp src/export/ExportMP3.cpp
+%patch113 -p1
+for i in src/effects/ladspa/LoadLadspa.cpp src/export/ExportMP3.cpp src/AudacityApp.cpp
do
sed -i -e 's!__RPM_LIBDIR__!%{_libdir}!g' $i
sed -i -e 's!__RPM_LIB__!%{_lib}!g' $i
@@ -128,10 +139,13 @@
grep -q -s __RPM_LIB * -R && exit 1
# F9 devel only
+%if 0%{?fedora} > 8
%patch110 -p1 -b .jack-api
+%endif
%patch111 -p1 -b .soundtouch-cxxflags
%patch112 -p1 -b .allegro-cflags
+%patch114 -p1 -b .CVE-2007-6061
# Substitute occurences of "libmp3lame.so" with "libmp3lame.so.0".
for i in help/wxhelp/audacity.hhk help/wxhelp/exportmp3.htm locale/*.po src/export/ExportMP3.cpp
@@ -150,7 +164,7 @@
%build
-cd audacity-src-1.3.4-beta
+cd audacity-src-1.3.5-rc3
%configure \
--with-help \
--with-libsndfile=system \
@@ -191,7 +205,7 @@
mkdir -p $RPM_BUILD_ROOT%{_datadir}/pixmaps
cp %{SOURCE1} $RPM_BUILD_ROOT%{_datadir}/pixmaps
-cd audacity-src-1.3.4-beta
+cd audacity-src-1.3.5-rc3
make DESTDIR=${RPM_BUILD_ROOT} install
cd -
%{find_lang} %{name}
@@ -239,6 +253,16 @@
%changelog
+* Mon May 5 2008 Michael Schwendt <mschwendt at fedoraproject.org> - 1.3.5-0.1.rc3.20080505cvs
+- update to 1.3.5-rc3 cvs snapshot
+- ExportMP3.cpp libdir patch obsolete
+
+* Sat May 3 2008 Michael Schwendt <mschwendt at fedoraproject.org> - 1.3.4-0.7.20080123cvs
+- check ownership of temporary files directory (#436260) (CVE-2007-6061)
+
+* Sat Apr 12 2008 Michael Schwendt <mschwendt at fedoraproject.org> - 1.3.4-0.6.20080123cvs
+- set a default location for libmp3lame.so.0 again
+
* Fri Mar 21 2008 Michael Schwendt <mschwendt at fedoraproject.org> - 1.3.4-0.5.20080123cvs
- package the old 1.3.2-beta and a post 1.3.4-beta snapshot in the
same package -- users may stick to the older one, but please help
Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/audacity/devel/sources,v
retrieving revision 1.10.2.1.2.3
retrieving revision 1.10.2.1.2.4
diff -u -r1.10.2.1.2.3 -r1.10.2.1.2.4
--- sources 21 Mar 2008 23:13:47 -0000 1.10.2.1.2.3
+++ sources 5 May 2008 18:51:58 -0000 1.10.2.1.2.4
@@ -1,2 +1,2 @@
-65868316707d7229c8a03e7adf684bf5 audacity-1.3.4-20080123cvs.tar.bz2
bf63673140254f1283dfd55b61ff2422 audacity-src-1.3.2.tar.gz
+2526e8953fee56cf09f7c8cdf2262dde audacity-src-1.3.5-rc3.tar.bz2
More information about the fedora-extras-commits
mailing list