* [gentoo-commits] gentoo-x86 commit in media-sound/banshee/files: banshee-1.8.0-fix-insecure-lib-path.patch
@ 2010-11-15 5:34 Arun Raghavan (ford_prefect)
0 siblings, 0 replies; 2+ messages in thread
From: Arun Raghavan (ford_prefect) @ 2010-11-15 5:34 UTC (permalink / raw
To: gentoo-commits
ford_prefect 10/11/15 05:34:04
Added: banshee-1.8.0-fix-insecure-lib-path.patch
Log:
Bump to -r1 to fix insecure LD_LIBRARY_PATH usage (bug #345567).
(Portage version: 2.2.0_alpha3/cvs/Linux x86_64)
Revision Changes Path
1.1 media-sound/banshee/files/banshee-1.8.0-fix-insecure-lib-path.patch
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/media-sound/banshee/files/banshee-1.8.0-fix-insecure-lib-path.patch?rev=1.1&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/media-sound/banshee/files/banshee-1.8.0-fix-insecure-lib-path.patch?rev=1.1&content-type=text/plain
Index: banshee-1.8.0-fix-insecure-lib-path.patch
===================================================================
From 835c37e99196303195c88932169b73e975115e52 Mon Sep 17 00:00:00 2001
From: Aaron Bockover <abockover@novell.com>
Date: Wed, 20 Oct 2010 16:22:40 +0000
Subject: Fix insecure LD_LIBRARY_PATH (bnc#642505)
A vulnerability existed where if LD_LIBRARY_PATH were set but empty, a
trailing : as a path separator would still be appended to the path,
exposing an insecure/invalid search path. GST_PLUGINS_PATH was similarly
vulnerable.
Using :+: instead of +: prevents this as ${X:+:$X} returns X iff X is
set and not empty whereas ${X+:$X} returns X iff X is set (it may be
empty).
---
diff --git a/src/Clients/Booter/banshee-1.linux.in b/src/Clients/Booter/banshee-1.linux.in
index 9009797..11e8ccd 100644
--- a/src/Clients/Booter/banshee-1.linux.in
+++ b/src/Clients/Booter/banshee-1.linux.in
@@ -7,8 +7,8 @@ MONO_EXE="@expanded_libdir@/@PACKAGE@/$exec_asm"
BANSHEE_EXEC_NAME=$(basename $0)
BANSHEE_CONFIG_DIR="${XDG_CONFIG_HOME:-$HOME/.config}/banshee-1"
-export LD_LIBRARY_PATH=@expanded_libdir@/@PACKAGE@:@expanded_libdir@/@PACKAGE@/Extensions:@expanded_libdir@/@PACKAGE@/Backends:@expanded_libdir@${LD_LIBRARY_PATH+:$LD_LIBRARY_PATH}
-export GST_PLUGIN_PATH=@expanded_libdir@/@PACKAGE@/gstreamer-0.10${GST_PLUGIN_PATH+:$GST_PLUGIN_PATH}
+export LD_LIBRARY_PATH=@expanded_libdir@/@PACKAGE@:@expanded_libdir@/@PACKAGE@/Extensions:@expanded_libdir@/@PACKAGE@/Backends:@expanded_libdir@${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}
+export GST_PLUGIN_PATH=@expanded_libdir@/@PACKAGE@/gstreamer-0.10${GST_PLUGIN_PATH:+:$GST_PLUGIN_PATH}
if [ $BANSHEE_EXEC_NAME = "muinshee" ]; then
BANSHEE_CLIENT="Muinshee"
export MONO_PATH=@expanded_libdir@/@PACKAGE@/Extensions
--
cgit v0.8.3.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [gentoo-commits] gentoo-x86 commit in media-sound/banshee/files: banshee-1.8.0-fix-insecure-lib-path.patch
@ 2011-03-27 14:38 Samuli Suominen (ssuominen)
0 siblings, 0 replies; 2+ messages in thread
From: Samuli Suominen (ssuominen) @ 2011-03-27 14:38 UTC (permalink / raw
To: gentoo-commits
ssuominen 11/03/27 14:38:07
Removed: banshee-1.8.0-fix-insecure-lib-path.patch
Log:
x86 stable wrt #360119
(Portage version: 2.2.0_alpha28/cvs/Linux x86_64)
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2011-03-27 14:38 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-03-27 14:38 [gentoo-commits] gentoo-x86 commit in media-sound/banshee/files: banshee-1.8.0-fix-insecure-lib-path.patch Samuli Suominen (ssuominen)
-- strict thread matches above, loose matches on Subject: below --
2010-11-15 5:34 Arun Raghavan (ford_prefect)
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox