Hello community, here is the log from the commit of package audacity checked in at Thu Apr 3 10:36:33 CEST 2008. -------- --- audacity/audacity.changes 2008-01-25 15:38:01.000000000 +0100 +++ /mounts/work_src_done/STABLE/audacity/audacity.changes 2008-04-02 14:14:18.000000000 +0200 @@ -1,0 +2,6 @@ +Wed Apr 2 14:11:45 CEST 2008 - anosek@suse.cz + +- fixed Insecure symlink handling (bnc#344588) (CVE-2007-6061.patch) + - temp file is now created in users home directory + +------------------------------------------------------------------- New: ---- audacity-1.3.4-CVE-2007-6061.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ audacity.spec ++++++ --- /var/tmp/diff_new_pack.n30313/_old 2008-04-03 10:35:16.000000000 +0200 +++ /var/tmp/diff_new_pack.n30313/_new 2008-04-03 10:35:16.000000000 +0200 @@ -10,6 +10,7 @@ # norootforbuild + Name: audacity BuildRequires: SDL-devel flac-devel gcc-c++ glib-devel id3lib-devel jack-devel libid3tag-devel libmspack-devel libsamplerate-devel libsndfile-devel libtiff-devel libvorbis-devel soundtouch-devel unixODBC-devel update-desktop-files wxGTK-devel zip # build with local portaudio for now @@ -17,7 +18,7 @@ %define DISTRIBUTABLE 1 Summary: A Free, Cross-Platform Digital Audio Editor Version: 1.3.4 -Release: 5 +Release: 34 License: GPL v2 or later Group: Productivity/Multimedia/Sound/Editors and Convertors BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -33,6 +34,7 @@ Patch6: %{name}-%{version}-strict-aliasing.patch Patch7: %{name}-%{version}-nosse.patch Patch8: %{name}-%{version}-compile.patch +Patch9: %{name}-%{version}-CVE-2007-6061.patch %description Audacity is a program that manipulates digital audio wave forms. In @@ -73,6 +75,7 @@ %patch7 %endif %patch8 +%patch9 %build %{?suse_update_config:%{suse_update_config -f . lib-src/*/.}} @@ -121,6 +124,9 @@ %{_datadir}/mime/packages/audacity.xml %changelog +* Wed Apr 02 2008 anosek@suse.cz +- fixed Insecure symlink handling (bnc#344588) (CVE-2007-6061.patch) + - temp file is now created in users home directory * Fri Jan 25 2008 adrian@suse.de - remove mad-devel in BuildRequires to keep the package as part of Factory @@ -269,7 +275,7 @@ - build as user * Mon Sep 15 2003 tiwai@suse.de - added desktop icon. -* Sun Sep 14 2003 adrian@suse.de +* Mon Sep 15 2003 adrian@suse.de - add AudioVideoEditing Category * Fri Aug 29 2003 tiwai@suse.de - fixed the bug of WAVE display. ++++++ audacity-1.3.4-CVE-2007-6061.patch ++++++ --- src/AudacityApp.cpp +++ src/AudacityApp.cpp @@ -573,8 +573,8 @@ // * The user's .audacity-files directory in their home directory // * The "share" and "share/doc" directories in their install path #ifdef __WXGTK__ - defaultTempDir.Printf(wxT("/tmp/audacity%d.%d-%s"), - AUDACITY_VERSION, AUDACITY_RELEASE, wxGetUserId().c_str()); + defaultTempDir.Printf(wxT("/%s/audacity%d.%d-%s"), + home.c_str(), AUDACITY_VERSION, AUDACITY_RELEASE, wxGetUserId().c_str()); wxString pathVar = wxGetenv(wxT("AUDACITY_PATH")); if (pathVar != wxT("")) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org