From aa141cfa779698f2fca434d333a43b5236db9ead Mon Sep 17 00:00:00 2001
From: Aurelien Bompard <abompard@fedoraproject.org>
Date: Feb 14 2007 19:13:24 +0000
Subject: add patch to fix CVE-2006-6979 (bug 228138)


---

diff --git a/amarok-1.4.5-CVE-2006-6979.patch b/amarok-1.4.5-CVE-2006-6979.patch
new file mode 100644
index 0000000..5a67536
--- /dev/null
+++ b/amarok-1.4.5-CVE-2006-6979.patch
@@ -0,0 +1,13 @@
+Index: src/magnatunebrowser/magnatunealbumdownloader.cpp
+===================================================================
+--- amarok/src/magnatunebrowser/magnatunealbumdownloader.cpp	(revision 633106)
++++ amarok/src/magnatunebrowser/magnatunealbumdownloader.cpp	(working copy)
+@@ -89,7 +89,7 @@
+ 
+     //ok, now we have the .zip file downloaded. All we need is to unpack it to the desired location and add it to the collection.
+ 
+-    QString unzipString = "unzip \""+m_tempDir.name() + m_currentAlbumFileName + "\" -d \"" + m_currentAlbumUnpackLocation + "\" &";
++    QString unzipString = KProcess::quote( "unzip \""+m_tempDir.name() + m_currentAlbumFileName + "\" -d \"" + m_currentAlbumUnpackLocation + "\" &" );
+ 
+     debug() << "unpacking: " << unzipString << endl;
+ 
diff --git a/amarok.spec b/amarok.spec
index b7bcd43..9beaa26 100644
--- a/amarok.spec
+++ b/amarok.spec
@@ -4,13 +4,14 @@
 Name:       amarok
 Summary:    Media player for KDE
 Version:    1.4.5
-Release:    1%{?dist}
+Release:    2%{?dist}
 
 Group: 	    Applications/Multimedia
 License:    GPL
 Url:        http://amarok.kde.org
 # http://download.kde.org/download.php?url=stable/amarok/1.4.3/src
 Source0:    http://mirrors.isc.org/pub/kde/stable/amarok/%{version}/src/amarok-%{version}.tar.bz2
+Patch0:     amarok-1.4.5-CVE-2006-6979.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 BuildRequires:  kdemultimedia-devel >= 6:3.2
@@ -80,6 +81,7 @@ use any of xmms' visualisation plugins with Amarok.
 
 %prep
 %setup -q
+%patch0 -p0 -b .CVE-2006-6979
 
 
 
@@ -233,6 +235,9 @@ rm -fr $RPM_BUILD_ROOT
 
 
 %changelog
+* Wed Feb 14 2007 Aurelien Bompard <abompard@fedoraproject.org> 1.4.5-2
+- add patch to fix CVE-2006-6979 (bug 228138)
+
 * Sat Feb 03 2007 Aurelien Bompard <abompard@fedoraproject.org> 1.4.5-1
 - version 1.4.5
 - drop patch0 and patch1 (merged upstream)