From 1d2efa093bc7fd2f9d7030c32380c715d4d8f4b2 Mon Sep 17 00:00:00 2001 From: drochner Date: Thu, 20 Mar 2008 15:58:47 +0000 Subject: fix unsafe tmp file creation (CVE-2007-6061), patch from Debian/Gentoo, bump PKGREVISION --- audio/audacity/Makefile | 3 ++- audio/audacity/distinfo | 3 ++- audio/audacity/patches/patch-am | 13 +++++++++++++ 3 files changed, 17 insertions(+), 2 deletions(-) create mode 100644 audio/audacity/patches/patch-am (limited to 'audio') diff --git a/audio/audacity/Makefile b/audio/audacity/Makefile index f1c009acd07..9f2c04106dc 100644 --- a/audio/audacity/Makefile +++ b/audio/audacity/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.56 2007/02/23 14:23:13 wiz Exp $ +# $NetBSD: Makefile,v 1.57 2008/03/20 15:58:47 drochner Exp $ DISTNAME= audacity-src-1.2.6 +PKGREVISION= 1 PKGNAME= ${DISTNAME:S/-src-/-/} CATEGORIES= audio MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=audacity/} diff --git a/audio/audacity/distinfo b/audio/audacity/distinfo index 87b6dfed4f1..6f67d923d91 100644 --- a/audio/audacity/distinfo +++ b/audio/audacity/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.16 2007/02/23 03:37:55 rillig Exp $ +$NetBSD: distinfo,v 1.17 2008/03/20 15:58:47 drochner Exp $ SHA1 (audacity-src-1.2.6.tar.gz) = 1bfdd119fdc09d1aa334aee21d4831ef6e939fce RMD160 (audacity-src-1.2.6.tar.gz) = f59ca075ae430a518b77ce2ed08441abe2b67a0c @@ -15,3 +15,4 @@ SHA1 (patch-ai) = 625cd6337d8a246d1a9c388279efa0ade34a2093 SHA1 (patch-aj) = 34b4cdd266345f04954983cc14e4b762f09f4df8 SHA1 (patch-ak) = 5f012eb47c832a8f11bcfbdcaf0ab2e876abd04e SHA1 (patch-al) = 224437cc76e1f25d600e859d278ad73bbf261efa +SHA1 (patch-am) = 3210d8632ee9f5361008277e2c887f24d87205a1 diff --git a/audio/audacity/patches/patch-am b/audio/audacity/patches/patch-am new file mode 100644 index 00000000000..19eb2d6d5c3 --- /dev/null +++ b/audio/audacity/patches/patch-am @@ -0,0 +1,13 @@ +$NetBSD: patch-am,v 1.5 2008/03/20 15:58:47 drochner Exp $ + +--- src/AudacityApp.cpp.orig 2006-11-15 05:12:11.000000000 +0100 ++++ src/AudacityApp.cpp +@@ -391,7 +391,7 @@ bool AudacityApp::OnInit() + // * The user's .audacity-files directory in their home directory + // * The "share" and "share/doc" directories in their install path + #ifdef __WXGTK__ +- defaultTempDir.Printf("/tmp/audacity1.2-%s", wxGetUserId().c_str()); ++ defaultTempDir.Printf("%s/.audacity1.2-%s", home.c_str(), wxGetUserId().c_str()); + wxString pathVar = wxGetenv("AUDACITY_PATH"); + if (pathVar != "") + AddMultiPathsToPathList(pathVar, audacityPathList); -- cgit v1.2.3