From 28b0f721f5e7b695c4c76cb7049f067686b7dd78 Mon Sep 17 00:00:00 2001 From: Michael Landin Date: Sun, 18 Feb 2007 11:20:25 +0000 Subject: - Add patch to fix security issue in magnatunebrowser More info here: http://bugs.kde.org/show_bug.cgi?id=138499 --- audio/amarok-kde4/Makefile | 2 +- ...c_magnatunebrowser_magnatunealbumdownloader.cpp | 29 ++++++++++++++++++++++ 2 files changed, 30 insertions(+), 1 deletion(-) create mode 100644 audio/amarok-kde4/files/patch-amarok_src_magnatunebrowser_magnatunealbumdownloader.cpp (limited to 'audio/amarok-kde4') diff --git a/audio/amarok-kde4/Makefile b/audio/amarok-kde4/Makefile index 1887fd8ad7f8..9194ba769f71 100644 --- a/audio/amarok-kde4/Makefile +++ b/audio/amarok-kde4/Makefile @@ -6,7 +6,7 @@ PORTNAME= amarok PORTVERSION= 1.4.5 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= audio kde MASTER_SITES= ${MASTER_SITE_KDE} MASTER_SITE_SUBDIR= stable/${PORTNAME}/${PORTVERSION}/src diff --git a/audio/amarok-kde4/files/patch-amarok_src_magnatunebrowser_magnatunealbumdownloader.cpp b/audio/amarok-kde4/files/patch-amarok_src_magnatunebrowser_magnatunealbumdownloader.cpp new file mode 100644 index 000000000000..e63530991f61 --- /dev/null +++ b/audio/amarok-kde4/files/patch-amarok_src_magnatunebrowser_magnatunealbumdownloader.cpp @@ -0,0 +1,29 @@ + +$FreeBSD$ + +--- amarok/src/magnatunebrowser/magnatunealbumdownloader.cpp.orig ++++ amarok/src/magnatunebrowser/magnatunealbumdownloader.cpp +@@ -89,19 +89,19 @@ + + //ok, now we have the .zip file downloaded. All we need is to unpack it to the desired location and add it to the collection. + +- QString unzipString = "unzip \""+m_tempDir.name() + m_currentAlbumFileName + "\" -d \"" + m_currentAlbumUnpackLocation + "\" &"; ++ QString unzipString = "unzip "+ KProcess::quote( m_tempDir.name() + m_currentAlbumFileName) + " -d " +KProcess::quote( m_currentAlbumUnpackLocation ) + " &"; + + debug() << "unpacking: " << unzipString << endl; + + system( unzipString.ascii() ); + +- ++ + + if (m_currentAlbumId != -1 ) { + +- //now I really want to add the album cover to the same folder where I just unzipped the album... The ++ //now I really want to add the album cover to the same folder where I just unzipped the album... The + //only way of getting the actual location where the album was unpacked is using the artist and album names +- ++ + MagnatuneAlbum album = MagnatuneDatabaseHandler::instance()->getAlbumById( m_currentAlbumId ); + MagnatuneArtist artist = MagnatuneDatabaseHandler::instance()->getArtistById( album.getArtistId() ); + -- cgit v1.2.3