commit gnash for openSUSE:12.1:Update:Test
Hello community, here is the log from the commit of package gnash for openSUSE:12.1:Update:Test checked in at 2012-03-06 16:00:11 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.1:Update:Test/gnash (Old) and /work/SRC/openSUSE:12.1:Update:Test/.gnash.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "gnash", Maintainer is "tiwai@suse.com" Changes: -------- --- /work/SRC/openSUSE:12.1:Update:Test/gnash/gnash.changes 2012-03-06 16:00:11.000000000 +0100 +++ /work/SRC/openSUSE:12.1:Update:Test/.gnash.new/gnash.changes 2012-03-06 16:00:11.000000000 +0100 @@ -1,0 +2,6 @@ +Mon Mar 5 18:08:08 CET 2012 - tiwai@suse.de + +- VUL-1: CVE-2011-4328: gnash: Unsafe management of HTTP cookies + (bnc#732324) + +------------------------------------------------------------------- New: ---- gnash-CVE-2011-4328.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gnash.spec ++++++ --- /var/tmp/diff_new_pack.H2jd0i/_old 2012-03-06 16:00:11.000000000 +0100 +++ /var/tmp/diff_new_pack.H2jd0i/_new 2012-03-06 16:00:11.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package gnash # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -38,9 +38,9 @@ BuildRequires: ffmpeg-devel %endif Version: 0.8.8 -Release: 2 -License: GPLv2+ +Release: 0 Summary: Free Flash movie player +License: GPL-2.0+ Group: Productivity/Networking/Web/Browsers %if %{cvs_date} %define package_version %{version}.cvs%{cvs_date} @@ -53,6 +53,7 @@ # PATCH-FIX-UPSTREAM gnash-0.8.5-build-fixes.diff Patch: gnash-0.8.5-build-fixes.diff Patch1: gnash-fix-insecure-temp-files.diff +Patch2: gnash-CVE-2011-4328.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -66,7 +67,6 @@ of the areas to work on to achieve full version 7 compliance. %package devel -License: GPLv2+ Summary: Gnash include files Group: Development/Libraries/C and C++ Requires: %{name} = %{version} @@ -87,6 +87,7 @@ %endif %patch -p1 %patch1 -p1 +%patch2 -p1 %build autoreconf -fi ++++++ gnash-CVE-2011-4328.diff ++++++
From 8fc19a890ee787d26200dc1b8b5546e3bb15ac7b Mon Sep 17 00:00:00 2001 From: Gabriele Giacone <1o5g4r8o@gmail.com> Date: Thu, 01 Dec 2011 00:59:15 +0000 Subject: CVE-2011-4328 fix. mkstemps and boost::iostreams. See bug #34903
---
---
plugin/npapi/Makefile.am | 1
plugin/npapi/plugin.cpp | 48 +++++++++++++++++++++++++++++++++--------------
2 files changed, 35 insertions(+), 14 deletions(-)
--- a/plugin/npapi/Makefile.am
+++ b/plugin/npapi/Makefile.am
@@ -70,6 +70,7 @@ libgnashplugin_la_SOURCES = plugin.cpp
libgnashplugin_la_LIBADD = \
$(GLIB_LIBS) \
+ -lboost_iostreams \
$(NULL)
# Scriptable plugin support
--- a/plugin/npapi/plugin.cpp
+++ b/plugin/npapi/plugin.cpp
@@ -75,6 +75,8 @@
#include
participants (1)
-
root@hilbert.suse.de