Add fix for symlink race reported in CVE-2009-1299 taken from

Lennart Poettering's GIT repository.
author: tron <tron> 2010-07-24 12:51:09 +0000
committer: tron <tron> 2010-07-24 12:51:09 +0000
commit: 1f05372143e8eb5107e3b4d6b463719bfc3c987f (patch)
tree: 5443c0031b8227ad921de98a0f0a55c673a6c522 /audio
parent: b843c8d7f9f3312cdef4a81950a3d590298db3d5 (diff)
download: pkgsrc-1f05372143e8eb5107e3b4d6b463719bfc3c987f.tar.gz
4 files changed, 89 insertions, 3 deletions
diff --git a/audio/pulseaudio/Makefile b/audio/pulseaudio/Makefile
index 6aeb13a914a..32614cd6a3c 100644
--- a/audio/pulseaudio/Makefile
+++ b/audio/pulseaudio/Makefile
@@ -1,10 +1,10 @@
-# $NetBSD: Makefile,v 1.37 2010/06/15 16:25:42 obache Exp $
+# $NetBSD: Makefile,v 1.38 2010/07/24 12:51:09 tron Exp $
 
 # NOTE: Please send a copy of any patches that are not pkgsrc-specific
 # to <pulseaudio-discuss@mail.0pointer.de>
 
 PULSEAUDIO_VER=	0.9.21
-PKGREVISION=	2
+PKGREVISION=	3
 DISTNAME=	pulseaudio-${PULSEAUDIO_VER}
 CATEGORIES=	audio
 MASTER_SITES=	http://0pointer.de/lennart/projects/pulseaudio/
diff --git a/audio/pulseaudio/distinfo b/audio/pulseaudio/distinfo
index f3af439bc47..c1f72533d43 100644
--- a/audio/pulseaudio/distinfo
+++ b/audio/pulseaudio/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.20 2010/07/04 17:41:58 tron Exp $
+$NetBSD: distinfo,v 1.21 2010/07/24 12:51:09 tron Exp $
 
 SHA1 (pulseaudio-0.9.21.tar.gz) = 0309c97f7e0812e243c1bb80a4b74dc26369ac22
 RMD160 (pulseaudio-0.9.21.tar.gz) = 6db0725253228b673a78cbfae4824fadce2198ed
@@ -10,6 +10,8 @@ SHA1 (patch-ad) = ae06ccadef3f7a0e685a2b8d0235ea3629f3680f
 SHA1 (patch-ae) = 5e6957e73ffd96d2e63e5ea4eb9b0ca9ea016b30
 SHA1 (patch-af) = e11fb419787e3cd1f305b66c995915f11276770e
 SHA1 (patch-ag) = 523743b49476a219f76b108a605b2b57ea63098a
+SHA1 (patch-ba) = d05d290d90120986654aa86f090b6c20c68e8594
+SHA1 (patch-bb) = e6f4095eb460c605b8dcc02980c5cff0cd0715a8
 SHA1 (patch-ca) = 3016b290943c006392bff01d6eae75a432a7e171
 SHA1 (patch-da) = d56957d37bec15bd41d77b99ce60bcdea0ef4f20
 SHA1 (patch-db) = e1e48577618b4eb2586d8b37953b2474e2dcc864
diff --git a/audio/pulseaudio/patches/patch-ba b/audio/pulseaudio/patches/patch-ba
new file mode 100644
index 00000000000..d5f82f315e2
--- /dev/null
+++ b/audio/pulseaudio/patches/patch-ba
@@ -0,0 +1,17 @@
+$NetBSD: patch-ba,v 1.6 2010/07/24 12:51:09 tron Exp $
+
+Fix for security vulnerability reported in CVE-2009-1299, taken from here:
+
+http://git.0pointer.de/?p=pulseaudio.git;a=patch;h=d3efa43d85ac132c6a5a416a2b6f2115f5d577ee
+
+--- configure.ac.orig	2009-11-23 04:06:47.000000000 +0000
++++ configure.ac	2010-07-24 13:33:30.000000000 +0100
+@@ -424,7 +424,7 @@
+ AC_FUNC_FORK
+ AC_FUNC_GETGROUPS
+ AC_FUNC_SELECT_ARGTYPES
+-AC_CHECK_FUNCS_ONCE([chmod chown clock_gettime getaddrinfo getgrgid_r getgrnam_r \
++AC_CHECK_FUNCS_ONCE([chmod chown fstat fchown fchmod clock_gettime getaddrinfo getgrgid_r getgrnam_r \
+     getpwnam_r getpwuid_r gettimeofday getuid inet_ntop inet_pton mlock nanosleep \
+     pipe posix_fadvise posix_madvise posix_memalign setpgid setsid shm_open \
+     sigaction sleep sysconf pthread_setaffinity_np])
diff --git a/audio/pulseaudio/patches/patch-bb b/audio/pulseaudio/patches/patch-bb
new file mode 100644
index 00000000000..1705ec3c6bc
--- /dev/null
+++ b/audio/pulseaudio/patches/patch-bb
@@ -0,0 +1,67 @@
+$NetBSD: patch-bb,v 1.5 2010/07/24 12:51:09 tron Exp $
+
+Fix for security vulnerability reported in CVE-2009-1299, taken from here:
+
+http://git.0pointer.de/?p=pulseaudio.git;a=patch;h=d3efa43d85ac132c6a5a416a2b6f2115f5d577ee
+
+--- src/pulsecore/core-util.c.orig	2009-11-23 03:57:07.000000000 +0000
++++ src/pulsecore/core-util.c	2010-07-24 13:33:30.000000000 +0100
+@@ -196,7 +196,7 @@
+ /** Creates a directory securely */
+ int pa_make_secure_dir(const char* dir, mode_t m, uid_t uid, gid_t gid) {
+     struct stat st;
+-    int r, saved_errno;
++    int r, saved_errno, fd;
+ 
+     pa_assert(dir);
+ 
+@@ -214,16 +214,45 @@
+     if (r < 0 && errno != EEXIST)
+         return -1;
+ 
+-#ifdef HAVE_CHOWN
++#ifdef HAVE_FSTAT
++    if ((fd = open(dir,
++#ifdef O_CLOEXEC
++                   O_CLOEXEC|
++#endif
++#ifdef O_NOCTTY
++                   O_NOCTTY|
++#endif
++#ifdef O_NOFOLLOW
++                   O_NOFOLLOW|
++#endif
++                   O_RDONLY)) < 0)
++        goto fail;
++
++    if (fstat(fd, &st) < 0) {
++        pa_assert_se(pa_close(fd) >= 0);
++        goto fail;
++    }
++
++    if (!S_ISDIR(st.st_mode)) {
++        pa_assert_se(pa_close(fd) >= 0);
++        errno = EEXIST;
++        goto fail;
++    }
++
++#ifdef HAVE_FCHOWN
+     if (uid == (uid_t)-1)
+         uid = getuid();
+     if (gid == (gid_t)-1)
+         gid = getgid();
+-    (void) chown(dir, uid, gid);
++    (void) fchown(fd, uid, gid);
++#endif
++
++#ifdef HAVE_FCHMOD
++    (void) fchmod(fd, m);
+ #endif
+ 
+-#ifdef HAVE_CHMOD
+-    chmod(dir, m);
++    pa_assert_se(pa_close(fd) >= 0);
++
+ #endif
+ 
+ #ifdef HAVE_LSTAT
author	tron <tron>	2010-07-24 12:51:09 +0000
committer	tron <tron>	2010-07-24 12:51:09 +0000
commit	1f05372143e8eb5107e3b4d6b463719bfc3c987f (patch)
tree	5443c0031b8227ad921de98a0f0a55c673a6c522 /audio
parent	b843c8d7f9f3312cdef4a81950a3d590298db3d5 (diff)
download	pkgsrc-1f05372143e8eb5107e3b4d6b463719bfc3c987f.tar.gz