[pkgsrc/trunk]: pkgsrc/audio/audacity fix unsafe tmp file creation (CVE-2007-...

[drochner <drochner%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/aae3c7b080d1
branches:  trunk
changeset: 539997:aae3c7b080d1
user:      drochner <drochner%pkgsrc.org@localhost>
date:      Thu Mar 20 15:58:47 2008 +0000

description:
fix unsafe tmp file creation (CVE-2007-6061), patch from Debian/Gentoo,
bump PKGREVISION

diffstat:

 audio/audacity/Makefile         |   3 ++-
 audio/audacity/distinfo         |   3 ++-
 audio/audacity/patches/patch-am |  13 +++++++++++++
 3 files changed, 17 insertions(+), 2 deletions(-)

diffs (43 lines):

diff -r bbb1606df5de -r aae3c7b080d1 audio/audacity/Makefile
--- a/audio/audacity/Makefile   Thu Mar 20 03:30:32 2008 +0000
+++ b/audio/audacity/Makefile   Thu Mar 20 15:58:47 2008 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.56 2007/02/23 14:23:13 wiz Exp $
+# $NetBSD: Makefile,v 1.57 2008/03/20 15:58:47 drochner Exp $
 
 DISTNAME=              audacity-src-1.2.6
+PKGREVISION=           1
 PKGNAME=               ${DISTNAME:S/-src-/-/}
 CATEGORIES=            audio
 MASTER_SITES=          ${MASTER_SITE_SOURCEFORGE:=audacity/}
diff -r bbb1606df5de -r aae3c7b080d1 audio/audacity/distinfo
--- a/audio/audacity/distinfo   Thu Mar 20 03:30:32 2008 +0000
+++ b/audio/audacity/distinfo   Thu Mar 20 15:58:47 2008 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.16 2007/02/23 03:37:55 rillig Exp $
+$NetBSD: distinfo,v 1.17 2008/03/20 15:58:47 drochner Exp $
 
 SHA1 (audacity-src-1.2.6.tar.gz) = 1bfdd119fdc09d1aa334aee21d4831ef6e939fce
 RMD160 (audacity-src-1.2.6.tar.gz) = f59ca075ae430a518b77ce2ed08441abe2b67a0c
@@ -15,3 +15,4 @@
 SHA1 (patch-aj) = 34b4cdd266345f04954983cc14e4b762f09f4df8
 SHA1 (patch-ak) = 5f012eb47c832a8f11bcfbdcaf0ab2e876abd04e
 SHA1 (patch-al) = 224437cc76e1f25d600e859d278ad73bbf261efa
+SHA1 (patch-am) = 3210d8632ee9f5361008277e2c887f24d87205a1
diff -r bbb1606df5de -r aae3c7b080d1 audio/audacity/patches/patch-am
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/audio/audacity/patches/patch-am   Thu Mar 20 15:58:47 2008 +0000
@@ -0,0 +1,13 @@
+$NetBSD: patch-am,v 1.5 2008/03/20 15:58:47 drochner Exp $
+
+--- src/AudacityApp.cpp.orig   2006-11-15 05:12:11.000000000 +0100
++++ src/AudacityApp.cpp
+@@ -391,7 +391,7 @@ bool AudacityApp::OnInit()
+    // * The user's .audacity-files directory in their home directory
+    // * The "share" and "share/doc" directories in their install path
+    #ifdef __WXGTK__
+-   defaultTempDir.Printf("/tmp/audacity1.2-%s", wxGetUserId().c_str());
++   defaultTempDir.Printf("%s/.audacity1.2-%s", home.c_str(), wxGetUserId().c_str());
+    wxString pathVar = wxGetenv("AUDACITY_PATH");
+    if (pathVar != "")
+       AddMultiPathsToPathList(pathVar, audacityPathList);