summaryrefslogtreecommitdiff
path: root/audio
diff options
context:
space:
mode:
authortron <tron>2010-07-24 12:51:09 +0000
committertron <tron>2010-07-24 12:51:09 +0000
commit1f05372143e8eb5107e3b4d6b463719bfc3c987f (patch)
tree5443c0031b8227ad921de98a0f0a55c673a6c522 /audio
parentb843c8d7f9f3312cdef4a81950a3d590298db3d5 (diff)
downloadpkgsrc-1f05372143e8eb5107e3b4d6b463719bfc3c987f.tar.gz
Add fix for symlink race reported in CVE-2009-1299 taken from
Lennart Poettering's GIT repository.
Diffstat (limited to 'audio')
-rw-r--r--audio/pulseaudio/Makefile4
-rw-r--r--audio/pulseaudio/distinfo4
-rw-r--r--audio/pulseaudio/patches/patch-ba17
-rw-r--r--audio/pulseaudio/patches/patch-bb67
4 files changed, 89 insertions, 3 deletions
diff --git a/audio/pulseaudio/Makefile b/audio/pulseaudio/Makefile
index 6aeb13a914a..32614cd6a3c 100644
--- a/audio/pulseaudio/Makefile
+++ b/audio/pulseaudio/Makefile
@@ -1,10 +1,10 @@
-# $NetBSD: Makefile,v 1.37 2010/06/15 16:25:42 obache Exp $
+# $NetBSD: Makefile,v 1.38 2010/07/24 12:51:09 tron Exp $
# NOTE: Please send a copy of any patches that are not pkgsrc-specific
# to <pulseaudio-discuss@mail.0pointer.de>
PULSEAUDIO_VER= 0.9.21
-PKGREVISION= 2
+PKGREVISION= 3
DISTNAME= pulseaudio-${PULSEAUDIO_VER}
CATEGORIES= audio
MASTER_SITES= http://0pointer.de/lennart/projects/pulseaudio/
diff --git a/audio/pulseaudio/distinfo b/audio/pulseaudio/distinfo
index f3af439bc47..c1f72533d43 100644
--- a/audio/pulseaudio/distinfo
+++ b/audio/pulseaudio/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.20 2010/07/04 17:41:58 tron Exp $
+$NetBSD: distinfo,v 1.21 2010/07/24 12:51:09 tron Exp $
SHA1 (pulseaudio-0.9.21.tar.gz) = 0309c97f7e0812e243c1bb80a4b74dc26369ac22
RMD160 (pulseaudio-0.9.21.tar.gz) = 6db0725253228b673a78cbfae4824fadce2198ed
@@ -10,6 +10,8 @@ SHA1 (patch-ad) = ae06ccadef3f7a0e685a2b8d0235ea3629f3680f
SHA1 (patch-ae) = 5e6957e73ffd96d2e63e5ea4eb9b0ca9ea016b30
SHA1 (patch-af) = e11fb419787e3cd1f305b66c995915f11276770e
SHA1 (patch-ag) = 523743b49476a219f76b108a605b2b57ea63098a
+SHA1 (patch-ba) = d05d290d90120986654aa86f090b6c20c68e8594
+SHA1 (patch-bb) = e6f4095eb460c605b8dcc02980c5cff0cd0715a8
SHA1 (patch-ca) = 3016b290943c006392bff01d6eae75a432a7e171
SHA1 (patch-da) = d56957d37bec15bd41d77b99ce60bcdea0ef4f20
SHA1 (patch-db) = e1e48577618b4eb2586d8b37953b2474e2dcc864
diff --git a/audio/pulseaudio/patches/patch-ba b/audio/pulseaudio/patches/patch-ba
new file mode 100644
index 00000000000..d5f82f315e2
--- /dev/null
+++ b/audio/pulseaudio/patches/patch-ba
@@ -0,0 +1,17 @@
+$NetBSD: patch-ba,v 1.6 2010/07/24 12:51:09 tron Exp $
+
+Fix for security vulnerability reported in CVE-2009-1299, taken from here:
+
+http://git.0pointer.de/?p=pulseaudio.git;a=patch;h=d3efa43d85ac132c6a5a416a2b6f2115f5d577ee
+
+--- configure.ac.orig 2009-11-23 04:06:47.000000000 +0000
++++ configure.ac 2010-07-24 13:33:30.000000000 +0100
+@@ -424,7 +424,7 @@
+ AC_FUNC_FORK
+ AC_FUNC_GETGROUPS
+ AC_FUNC_SELECT_ARGTYPES
+-AC_CHECK_FUNCS_ONCE([chmod chown clock_gettime getaddrinfo getgrgid_r getgrnam_r \
++AC_CHECK_FUNCS_ONCE([chmod chown fstat fchown fchmod clock_gettime getaddrinfo getgrgid_r getgrnam_r \
+ getpwnam_r getpwuid_r gettimeofday getuid inet_ntop inet_pton mlock nanosleep \
+ pipe posix_fadvise posix_madvise posix_memalign setpgid setsid shm_open \
+ sigaction sleep sysconf pthread_setaffinity_np])
diff --git a/audio/pulseaudio/patches/patch-bb b/audio/pulseaudio/patches/patch-bb
new file mode 100644
index 00000000000..1705ec3c6bc
--- /dev/null
+++ b/audio/pulseaudio/patches/patch-bb
@@ -0,0 +1,67 @@
+$NetBSD: patch-bb,v 1.5 2010/07/24 12:51:09 tron Exp $
+
+Fix for security vulnerability reported in CVE-2009-1299, taken from here:
+
+http://git.0pointer.de/?p=pulseaudio.git;a=patch;h=d3efa43d85ac132c6a5a416a2b6f2115f5d577ee
+
+--- src/pulsecore/core-util.c.orig 2009-11-23 03:57:07.000000000 +0000
++++ src/pulsecore/core-util.c 2010-07-24 13:33:30.000000000 +0100
+@@ -196,7 +196,7 @@
+ /** Creates a directory securely */
+ int pa_make_secure_dir(const char* dir, mode_t m, uid_t uid, gid_t gid) {
+ struct stat st;
+- int r, saved_errno;
++ int r, saved_errno, fd;
+
+ pa_assert(dir);
+
+@@ -214,16 +214,45 @@
+ if (r < 0 && errno != EEXIST)
+ return -1;
+
+-#ifdef HAVE_CHOWN
++#ifdef HAVE_FSTAT
++ if ((fd = open(dir,
++#ifdef O_CLOEXEC
++ O_CLOEXEC|
++#endif
++#ifdef O_NOCTTY
++ O_NOCTTY|
++#endif
++#ifdef O_NOFOLLOW
++ O_NOFOLLOW|
++#endif
++ O_RDONLY)) < 0)
++ goto fail;
++
++ if (fstat(fd, &st) < 0) {
++ pa_assert_se(pa_close(fd) >= 0);
++ goto fail;
++ }
++
++ if (!S_ISDIR(st.st_mode)) {
++ pa_assert_se(pa_close(fd) >= 0);
++ errno = EEXIST;
++ goto fail;
++ }
++
++#ifdef HAVE_FCHOWN
+ if (uid == (uid_t)-1)
+ uid = getuid();
+ if (gid == (gid_t)-1)
+ gid = getgid();
+- (void) chown(dir, uid, gid);
++ (void) fchown(fd, uid, gid);
++#endif
++
++#ifdef HAVE_FCHMOD
++ (void) fchmod(fd, m);
+ #endif
+
+-#ifdef HAVE_CHMOD
+- chmod(dir, m);
++ pa_assert_se(pa_close(fd) >= 0);
++
+ #endif
+
+ #ifdef HAVE_LSTAT