From d3a29410109b3d8c7e7884d459334a744fbf97bf Mon Sep 17 00:00:00 2001 From: Holger Hans Peter Freyther Date: Wed, 17 Mar 2010 15:01:42 +0800 Subject: pulseaudio-0.9.15: Fix a flaw in the tmp directory handling * Address CVE-2009-1299, compare with http://www.debian.org/security/2010/dsa-2017 --- recipes/pulseaudio/files/CVE-2009-1299.patch | 86 ++++++++++++++++++++++++++++ recipes/pulseaudio/pulseaudio_0.9.15.bb | 3 +- 2 files changed, 88 insertions(+), 1 deletion(-) create mode 100644 recipes/pulseaudio/files/CVE-2009-1299.patch (limited to 'recipes/pulseaudio') diff --git a/recipes/pulseaudio/files/CVE-2009-1299.patch b/recipes/pulseaudio/files/CVE-2009-1299.patch new file mode 100644 index 0000000000..63314b8280 --- /dev/null +++ b/recipes/pulseaudio/files/CVE-2009-1299.patch @@ -0,0 +1,86 @@ +From d3efa43d85ac132c6a5a416a2b6f2115f5d577ee Mon Sep 17 00:00:00 2001 +From: Kees Cook +Date: Tue, 2 Mar 2010 21:33:34 -0800 +Subject: [PATCH] core-util: ensure that we chmod only the dir we ourselves created + +--- + configure.ac | 2 +- + src/pulsecore/core-util.c | 39 ++++++++++++++++++++++++++++++++++----- + 2 files changed, 35 insertions(+), 6 deletions(-) + +Index: pulseaudio-0.9.15/configure.ac +=================================================================== +--- pulseaudio-0.9.15.orig/configure.ac 2010-03-17 14:50:02.000000000 +0800 ++++ pulseaudio-0.9.15/configure.ac 2010-03-17 14:52:27.250075828 +0800 +@@ -403,7 +403,7 @@ + AC_FUNC_FORK + AC_FUNC_GETGROUPS + AC_FUNC_SELECT_ARGTYPES +-AC_CHECK_FUNCS([chmod chown clock_gettime getaddrinfo getgrgid_r getgrnam_r \ ++AC_CHECK_FUNCS([chmod chown fstat fchown fchmod clock_gettime getaddrinfo getgrgid_r getgrnam_r \ + getpwnam_r getpwuid_r gettimeofday getuid inet_ntop inet_pton mlock nanosleep \ + pipe posix_fadvise posix_madvise posix_memalign setpgid setsid shm_open \ + sigaction sleep sysconf pthread_setaffinity_np]) +Index: pulseaudio-0.9.15/src/pulsecore/core-util.c +=================================================================== +--- pulseaudio-0.9.15.orig/src/pulsecore/core-util.c 2010-03-17 14:49:59.000000000 +0800 ++++ pulseaudio-0.9.15/src/pulsecore/core-util.c 2010-03-17 14:51:37.680079062 +0800 +@@ -178,7 +178,7 @@ + /** Creates a directory securely */ + int pa_make_secure_dir(const char* dir, mode_t m, uid_t uid, gid_t gid) { + struct stat st; +- int r, saved_errno; ++ int r, saved_errno, fd; + + pa_assert(dir); + +@@ -196,16 +196,45 @@ + if (r < 0 && errno != EEXIST) + return -1; + +-#ifdef HAVE_CHOWN ++#ifdef HAVE_FSTAT ++ if ((fd = open(dir, ++#ifdef O_CLOEXEC ++ O_CLOEXEC| ++#endif ++#ifdef O_NOCTTY ++ O_NOCTTY| ++#endif ++#ifdef O_NOFOLLOW ++ O_NOFOLLOW| ++#endif ++ O_RDONLY)) < 0) ++ goto fail; ++ ++ if (fstat(fd, &st) < 0) { ++ pa_assert_se(pa_close(fd) >= 0); ++ goto fail; ++ } ++ ++ if (!S_ISDIR(st.st_mode)) { ++ pa_assert_se(pa_close(fd) >= 0); ++ errno = EEXIST; ++ goto fail; ++ } ++ ++#ifdef HAVE_FCHOWN + if (uid == (uid_t)-1) + uid = getuid(); + if (gid == (gid_t)-1) + gid = getgid(); +- (void) chown(dir, uid, gid); ++ (void) fchown(fd, uid, gid); ++#endif ++ ++#ifdef HAVE_FCHMOD ++ (void) fchmod(fd, m); + #endif + +-#ifdef HAVE_CHMOD +- chmod(dir, m); ++ pa_assert_se(pa_close(fd) >= 0); ++ + #endif + + #ifdef HAVE_LSTAT diff --git a/recipes/pulseaudio/pulseaudio_0.9.15.bb b/recipes/pulseaudio/pulseaudio_0.9.15.bb index 64ca916659..760e408333 100644 --- a/recipes/pulseaudio/pulseaudio_0.9.15.bb +++ b/recipes/pulseaudio/pulseaudio_0.9.15.bb @@ -1,7 +1,7 @@ require pulseaudio.inc DEPENDS += "gdbm speex" -PR = "${INC_PR}.4" +PR = "${INC_PR}.5" inherit gettext @@ -15,6 +15,7 @@ SRC_URI += "\ file://fixbluezbuild.patch;patch=1 \ file://tls_m4.patch;patch=1 \ file://sbc-thumb.patch;patch=1 \ + file://CVE-2009-1299.patch;patch=1 \ " do_compile_prepend() { -- cgit 1.2.3-korg