From 93bd0c4b66f38c501d047f87b6d389fe1ff86797 Mon Sep 17 00:00:00 2001
From: Peter Gordon <pgordon@fedoraproject.org>
Date: Nov 22 2007 20:17:50 +0000
Subject: Backport upstream fix for CVE-2005-4790.


---

diff --git a/blam-CVE-2005-4790.patch b/blam-CVE-2005-4790.patch
new file mode 100644
index 0000000..e48f580
--- /dev/null
+++ b/blam-CVE-2005-4790.patch
@@ -0,0 +1,18 @@
+--- blam-1.8.3/blam.in	2006-11-16 16:06:40.000000000 -0800
++++ blam-1.8.4/blam.in	2007-01-06 05:43:35.000000000 -0800
+@@ -1,12 +1,4 @@
+-#!/bin/sh
++#!/bin/bash
+ 
+-MOZILLA_HOME=@MOZILLA_HOME@
+-export MOZILLA_HOME
+-
+-MOZILLA_FIVE_HOME=@MOZILLA_HOME@
+-export MOZILLA_FIVE_HOME
+-
+-LD_LIBRARY_PATH="@prefix@/lib/blam:@MOZILLA_HOME@:$LD_LIBRARY_PATH"
+-export LD_LIBRARY_PATH
+-
+-exec mono @prefix@/lib/blam/blam.exe $@
++LD_LIBRARY_PATH="@prefix@/lib/blam:@MOZILLA_HOME@${LD_LIBRARY_PATH+:$LD_LIBRARY_PATH}" MOZILLA_FIVE_HOME=@MOZILLA_HOME@ \
++MOZILLA_HOME=@MOZILLA_HOME@ exec -a 'blam' mono @prefix@/lib/blam/blam.exe $@
diff --git a/blam.spec b/blam.spec
index 3f56d8e..12c4bfa 100644
--- a/blam.spec
+++ b/blam.spec
@@ -5,7 +5,7 @@
 
 Name:		blam
 Version:	1.8.3
-Release:	10%{?dist}
+Release:	11%{?dist}
 Summary:	An RSS/RDF feed reader
 
 Group:		Applications/Internet
@@ -13,9 +13,11 @@ License:	GPLv2+
 URL:		http://www.cmartin.tk/blam.html
 
 Source0:	http://www.cmartin.tk/blam/%{name}-%{version}.tar.bz2
+
 Patch0:		%{name}-fix-PrintJob-ambiguous-reference.patch
 Patch1:		%{name}-fedora-people-in-default-collection.patch
 Patch2:		%{name}-fix-THEME_DIR-path.patch
+Patch3:		%{name}-CVE-2005-4790.patch
 
 BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 ## Various Mono dependencies are not available for ppc64; see bug 241850.
@@ -63,6 +65,7 @@ use and clean interface to stay up to date
 %patch0 -p0 -b .fix-PrintJob-ambiguous-reference-compile-error
 %patch1 -p0 -b .add-fedora-people-feed-to-default-collection.xml
 %patch2 -p0 -b .fix-THEME_DIR-path
+%patch3 -p1 -b .CVE-2005-4790
 
 
 %build
@@ -126,6 +129,9 @@ update-desktop-database &> /dev/null ||:
 %{_mandir}/man?/%{name}.1*
 
 %changelog
+* Thu Nov 22 2007 Peter Gordon <peter@thecodergeek.com> - 1.8.3-11
+- Fix CVE-2005-4790 (bug 252294).
+
 * Tue Nov 06 2007 Peter Gordon <peter@thecodergeek.com> - 1.8.3-10
 - Rebuild for new Gecko (Firefox 2.0.0.9).
 - Bump Release to 10 to maintain upgrade path from F-8.