Pullup ticket 3182 - requested by tron security patch Revisions pulled up: - pkgsrc/audio/pulseaudio/Makefile 1.38 - pkgsrc/audio/pulseaudio/distinfo 1.21 Files added: pkgsrc/audio/pulseaudio/patches/patch-ba pkgsrc/audio/pulseaudio/patches/patch-bb ------------------------------------------------------------------------- Module Name: pkgsrc Committed By: tron Date: Sat Jul 24 12:51:09 UTC 2010 Modified Files: pkgsrc/audio/pulseaudio: Makefile distinfo Added Files: pkgsrc/audio/pulseaudio/patches: patch-ba patch-bb Log Message: Add fix for symlink race reported in CVE-2009-1299 taken from Lennart Poettering's GIT repository. To generate a diff of this commit: cvs rdiff -u -r1.37 -r1.38 pkgsrc/audio/pulseaudio/Makefile cvs rdiff -u -r1.20 -r1.21 pkgsrc/audio/pulseaudio/distinfo cvs rdiff -u -r0 -r1.6 pkgsrc/audio/pulseaudio/patches/patch-ba cvs rdiff -u -r0 -r1.5 pkgsrc/audio/pulseaudio/patches/patch-bbdiff -r1.37 -r1.37.2.1 pkgsrc/audio/pulseaudio/Makefile
(spz)
@@ -1,20 +1,20 @@ | @@ -1,20 +1,20 @@ | |||
1 | # $NetBSD: Makefile,v 1.37 2010/06/15 16:25:42 obache Exp $ | 1 | # $NetBSD: Makefile,v 1.37.2.1 2010/07/25 13:16:12 spz Exp $ | |
2 | 2 | |||
3 | # NOTE: Please send a copy of any patches that are not pkgsrc-specific | 3 | # NOTE: Please send a copy of any patches that are not pkgsrc-specific | |
4 | # to <pulseaudio-discuss@mail.0pointer.de> | 4 | # to <pulseaudio-discuss@mail.0pointer.de> | |
5 | 5 | |||
6 | PULSEAUDIO_VER= 0.9.21 | 6 | PULSEAUDIO_VER= 0.9.21 | |
7 | PKGREVISION= 2 | 7 | PKGREVISION= 3 | |
8 | DISTNAME= pulseaudio-${PULSEAUDIO_VER} | 8 | DISTNAME= pulseaudio-${PULSEAUDIO_VER} | |
9 | CATEGORIES= audio | 9 | CATEGORIES= audio | |
10 | MASTER_SITES= http://0pointer.de/lennart/projects/pulseaudio/ | 10 | MASTER_SITES= http://0pointer.de/lennart/projects/pulseaudio/ | |
11 | 11 | |||
12 | MAINTAINER= pkgsrc-users@NetBSD.org | 12 | MAINTAINER= pkgsrc-users@NetBSD.org | |
13 | HOMEPAGE= http://www.pulseaudio.org/ | 13 | HOMEPAGE= http://www.pulseaudio.org/ | |
14 | COMMENT= Sound server for POSIX and Win32 systems | 14 | COMMENT= Sound server for POSIX and Win32 systems | |
15 | LICENSE= gnu-lgpl-v2.1 AND gnu-gpl-v2 | 15 | LICENSE= gnu-lgpl-v2.1 AND gnu-gpl-v2 | |
16 | 16 | |||
17 | PKG_DESTDIR_SUPPORT= user-destdir | 17 | PKG_DESTDIR_SUPPORT= user-destdir | |
18 | 18 | |||
19 | GNU_CONFIGURE= yes | 19 | GNU_CONFIGURE= yes | |
20 | USE_LIBTOOL= yes | 20 | USE_LIBTOOL= yes |
@@ -1,17 +1,19 @@ | @@ -1,17 +1,19 @@ | |||
1 | $NetBSD: distinfo,v 1.19 2010/02/02 12:39:14 jmcneill Exp $ | 1 | $NetBSD: distinfo,v 1.19.4.1 2010/07/25 13:16:12 spz Exp $ | |
2 | 2 | |||
3 | SHA1 (pulseaudio-0.9.21.tar.gz) = 0309c97f7e0812e243c1bb80a4b74dc26369ac22 | 3 | SHA1 (pulseaudio-0.9.21.tar.gz) = 0309c97f7e0812e243c1bb80a4b74dc26369ac22 | |
4 | RMD160 (pulseaudio-0.9.21.tar.gz) = 6db0725253228b673a78cbfae4824fadce2198ed | 4 | RMD160 (pulseaudio-0.9.21.tar.gz) = 6db0725253228b673a78cbfae4824fadce2198ed | |
5 | Size (pulseaudio-0.9.21.tar.gz) = 2056896 bytes | 5 | Size (pulseaudio-0.9.21.tar.gz) = 2056896 bytes | |
6 | SHA1 (patch-aa) = 078dd540b56f2db5d676835ab37cd4e8bbe33650 | 6 | SHA1 (patch-aa) = 078dd540b56f2db5d676835ab37cd4e8bbe33650 | |
7 | SHA1 (patch-ab) = 1cf47a55b1c794b315646379ae03d633dc1d348f | 7 | SHA1 (patch-ab) = 1cf47a55b1c794b315646379ae03d633dc1d348f | |
8 | SHA1 (patch-ac) = b42e6ef8ff2851ea78a6eae6cb6241c94d74b2d0 | 8 | SHA1 (patch-ac) = b42e6ef8ff2851ea78a6eae6cb6241c94d74b2d0 | |
9 | SHA1 (patch-ad) = 7340114467bc6d2fedb604e0b01ffbf1d319adc1 | 9 | SHA1 (patch-ad) = 7340114467bc6d2fedb604e0b01ffbf1d319adc1 | |
10 | SHA1 (patch-ae) = 5e6957e73ffd96d2e63e5ea4eb9b0ca9ea016b30 | 10 | SHA1 (patch-ae) = 5e6957e73ffd96d2e63e5ea4eb9b0ca9ea016b30 | |
11 | SHA1 (patch-af) = e11fb419787e3cd1f305b66c995915f11276770e | 11 | SHA1 (patch-af) = e11fb419787e3cd1f305b66c995915f11276770e | |
12 | SHA1 (patch-ag) = 523743b49476a219f76b108a605b2b57ea63098a | 12 | SHA1 (patch-ag) = 523743b49476a219f76b108a605b2b57ea63098a | |
13 | SHA1 (patch-ba) = d05d290d90120986654aa86f090b6c20c68e8594 | |||
14 | SHA1 (patch-bb) = e6f4095eb460c605b8dcc02980c5cff0cd0715a8 | |||
13 | SHA1 (patch-ca) = 3016b290943c006392bff01d6eae75a432a7e171 | 15 | SHA1 (patch-ca) = 3016b290943c006392bff01d6eae75a432a7e171 | |
14 | SHA1 (patch-da) = d56957d37bec15bd41d77b99ce60bcdea0ef4f20 | 16 | SHA1 (patch-da) = d56957d37bec15bd41d77b99ce60bcdea0ef4f20 | |
15 | SHA1 (patch-db) = e1e48577618b4eb2586d8b37953b2474e2dcc864 | 17 | SHA1 (patch-db) = e1e48577618b4eb2586d8b37953b2474e2dcc864 | |
16 | SHA1 (patch-dc) = d814e1a1d5aed3e3604d6df44621fe789c625982 | 18 | SHA1 (patch-dc) = d814e1a1d5aed3e3604d6df44621fe789c625982 | |
17 | SHA1 (patch-dd) = 83e51035ff871cef9c39bf670173e30705df8fe5 | 19 | SHA1 (patch-dd) = 83e51035ff871cef9c39bf670173e30705df8fe5 |
$NetBSD: patch-ba,v 1.6.2.2 2010/07/25 13:16:12 spz Exp $
Fix for security vulnerability reported in CVE-2009-1299, taken from here:
http://git.0pointer.de/?p=pulseaudio.git;a=patch;h=d3efa43d85ac132c6a5a416a2b6f2115f5d577ee
--- configure.ac.orig 2009-11-23 04:06:47.000000000 +0000
+++ configure.ac 2010-07-24 13:33:30.000000000 +0100
@@ -424,7 +424,7 @@
AC_FUNC_FORK
AC_FUNC_GETGROUPS
AC_FUNC_SELECT_ARGTYPES
-AC_CHECK_FUNCS_ONCE([chmod chown clock_gettime getaddrinfo getgrgid_r getgrnam_r \
+AC_CHECK_FUNCS_ONCE([chmod chown fstat fchown fchmod clock_gettime getaddrinfo getgrgid_r getgrnam_r \
getpwnam_r getpwuid_r gettimeofday getuid inet_ntop inet_pton mlock nanosleep \
pipe posix_fadvise posix_madvise posix_memalign setpgid setsid shm_open \
sigaction sleep sysconf pthread_setaffinity_np])
$NetBSD: patch-bb,v 1.5.2.2 2010/07/25 13:16:12 spz Exp $
Fix for security vulnerability reported in CVE-2009-1299, taken from here:
http://git.0pointer.de/?p=pulseaudio.git;a=patch;h=d3efa43d85ac132c6a5a416a2b6f2115f5d577ee
--- src/pulsecore/core-util.c.orig 2009-11-23 03:57:07.000000000 +0000
+++ src/pulsecore/core-util.c 2010-07-24 13:33:30.000000000 +0100
@@ -196,7 +196,7 @@
/** Creates a directory securely */
int pa_make_secure_dir(const char* dir, mode_t m, uid_t uid, gid_t gid) {
struct stat st;
- int r, saved_errno;
+ int r, saved_errno, fd;
pa_assert(dir);
@@ -214,16 +214,45 @@
if (r < 0 && errno != EEXIST)
return -1;
-#ifdef HAVE_CHOWN
+#ifdef HAVE_FSTAT
+ if ((fd = open(dir,
+#ifdef O_CLOEXEC
+ O_CLOEXEC|
+#endif
+#ifdef O_NOCTTY
+ O_NOCTTY|
+#endif
+#ifdef O_NOFOLLOW
+ O_NOFOLLOW|
+#endif
+ O_RDONLY)) < 0)
+ goto fail;
+
+ if (fstat(fd, &st) < 0) {
+ pa_assert_se(pa_close(fd) >= 0);
+ goto fail;
+ }
+
+ if (!S_ISDIR(st.st_mode)) {
+ pa_assert_se(pa_close(fd) >= 0);
+ errno = EEXIST;
+ goto fail;
+ }
+
+#ifdef HAVE_FCHOWN
if (uid == (uid_t)-1)
uid = getuid();
if (gid == (gid_t)-1)
gid = getgid();
- (void) chown(dir, uid, gid);
+ (void) fchown(fd, uid, gid);
+#endif
+
+#ifdef HAVE_FCHMOD
+ (void) fchmod(fd, m);
#endif
-#ifdef HAVE_CHMOD
- chmod(dir, m);
+ pa_assert_se(pa_close(fd) >= 0);
+
#endif
#ifdef HAVE_LSTAT