diff options
| author |   Arun Raghavan <ford_prefect@gentoo.org> | 2010-11-15 05:34:04 +0000 |
|---|---|---|
| committer | Arun Raghavan <ford_prefect@gentoo.org> | 2010-11-15 05:34:04 +0000 |
| commit | 607eac9822afffe05d45410fb58234a34baa10f0 (patch) | |
| tree | fcc8b900322163c06408b49be8eb614777ead5c9 /media-sound/banshee/files/banshee-1.8.0-fix-insecure-lib-path.patch | |
| parent | Version bump. (diff) | |
| download | gentoo-2-607eac9822afffe05d45410fb58234a34baa10f0.tar.gz gentoo-2-607eac9822afffe05d45410fb58234a34baa10f0.tar.bz2 gentoo-2-607eac9822afffe05d45410fb58234a34baa10f0.zip | |
Bump to -r1 to fix insecure LD_LIBRARY_PATH usage (bug #345567).
(Portage version: 2.2.0_alpha3/cvs/Linux x86_64)
Diffstat (limited to 'media-sound/banshee/files/banshee-1.8.0-fix-insecure-lib-path.patch')
| -rw-r--r-- | media-sound/banshee/files/banshee-1.8.0-fix-insecure-lib-path.patch | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/media-sound/banshee/files/banshee-1.8.0-fix-insecure-lib-path.patch b/media-sound/banshee/files/banshee-1.8.0-fix-insecure-lib-path.patch new file mode 100644 index 000000000000..5c400124098c --- /dev/null +++ b/media-sound/banshee/files/banshee-1.8.0-fix-insecure-lib-path.patch @@ -0,0 +1,31 @@ +From 835c37e99196303195c88932169b73e975115e52 Mon Sep 17 00:00:00 2001 +From: Aaron Bockover <abockover@novell.com> +Date: Wed, 20 Oct 2010 16:22:40 +0000 +Subject: Fix insecure LD_LIBRARY_PATH (bnc#642505) + +A vulnerability existed where if LD_LIBRARY_PATH were set but empty, a +trailing : as a path separator would still be appended to the path, +exposing an insecure/invalid search path. GST_PLUGINS_PATH was similarly +vulnerable. + +Using :+: instead of +: prevents this as ${X:+:$X} returns X iff X is +set and not empty whereas ${X+:$X} returns X iff X is set (it may be +empty). +--- +diff --git a/src/Clients/Booter/banshee-1.linux.in b/src/Clients/Booter/banshee-1.linux.in +index 9009797..11e8ccd 100644 +--- a/src/Clients/Booter/banshee-1.linux.in ++++ b/src/Clients/Booter/banshee-1.linux.in +@@ -7,8 +7,8 @@ MONO_EXE="@expanded_libdir@/@PACKAGE@/$exec_asm" + BANSHEE_EXEC_NAME=$(basename $0) + BANSHEE_CONFIG_DIR="${XDG_CONFIG_HOME:-$HOME/.config}/banshee-1" + +-export LD_LIBRARY_PATH=@expanded_libdir@/@PACKAGE@:@expanded_libdir@/@PACKAGE@/Extensions:@expanded_libdir@/@PACKAGE@/Backends:@expanded_libdir@${LD_LIBRARY_PATH+:$LD_LIBRARY_PATH} +-export GST_PLUGIN_PATH=@expanded_libdir@/@PACKAGE@/gstreamer-0.10${GST_PLUGIN_PATH+:$GST_PLUGIN_PATH} ++export LD_LIBRARY_PATH=@expanded_libdir@/@PACKAGE@:@expanded_libdir@/@PACKAGE@/Extensions:@expanded_libdir@/@PACKAGE@/Backends:@expanded_libdir@${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH} ++export GST_PLUGIN_PATH=@expanded_libdir@/@PACKAGE@/gstreamer-0.10${GST_PLUGIN_PATH:+:$GST_PLUGIN_PATH} + if [ $BANSHEE_EXEC_NAME = "muinshee" ]; then + BANSHEE_CLIENT="Muinshee" + export MONO_PATH=@expanded_libdir@/@PACKAGE@/Extensions +-- +cgit v0.8.3.1 |