[SCM] ardour/master: Fix insecure library loading (Closes: #598282)

adiknoth-guest at users.alioth.debian.org adiknoth-guest at users.alioth.debian.org
Tue Sep 28 19:25:57 UTC 2010


The following commit has been merged in the master branch:
commit 4699ef7640bca7f042306c9138305d433f05f808
Author: Adrian Knoth <adi at drcomp.erfurt.thur.de>
Date:   Tue Sep 28 16:33:53 2010 +0200

    Fix insecure library loading (Closes: #598282)

diff --git a/debian/patches/130_ldpath.patch b/debian/patches/130_ldpath.patch
new file mode 100644
index 0000000..51d0e8d
--- /dev/null
+++ b/debian/patches/130_ldpath.patch
@@ -0,0 +1,17 @@
+From: Adrian Knoth <adi at drcomp.erfurt.thur.de>
+Description: Fix unsecure loading of libraries
+ When LD_LIBRARY_PATH is unset, the ardour executable would
+ load malicious libraries from CWD/$PWD.
+Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598282
+Forwarded: yes
+--- a/gtk2_ardour/ardour.sh.in
++++ b/gtk2_ardour/ardour.sh.in
+@@ -2,7 +2,7 @@
+ 
+ export GTK_PATH=%INSTALL_PREFIX%/%LIBDIR%/ardour2:$GTK_PATH
+ 
+-export LD_LIBRARY_PATH=%INSTALL_PREFIX%/%LIBDIR%/ardour2:$LD_LIBRARY_PATH 
++export LD_LIBRARY_PATH="%INSTALL_PREFIX%/%LIBDIR%/ardour2${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}"
+ # DYLD_LIBRARY_PATH is for Darwin
+ export DYLD_LIBRARY_PATH=$LD_LIBRARY_PATH
+ 
diff --git a/debian/patches/series b/debian/patches/series
index 4e27a49..70d074b 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -3,3 +3,4 @@
 90_ardour-x-change.patch
 100_syslibs.patch
 111_libardourvampplugins.patch
+130_ldpath.patch

-- 
ardour Debian packaging



More information about the pkg-multimedia-commits mailing list