From bcd74e9a6d513bd92b1ea133d6a241bd95550a54d44861f0836ce58b996c7ea6 Mon Sep 17 00:00:00 2001
From: Scott Reeves <sreeves@suse.com>
Date: Thu, 11 Mar 2010 01:11:35 +0000
Subject: [PATCH] Accepting request 34582 from
 home:sreeves1:branches:multimedia:libs

Copy from home:sreeves1:branches:multimedia:libs/pulseaudio via accept of submit request 34582 revision 2.
Request was accepted with message:

OBS-URL: https://build.opensuse.org/request/show/34582
OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/pulseaudio?expand=0&rev=42
---
 ...e-that-we-chmod-only-the-dir-we-ours.patch | 89 +++++++++++++++++++
 pulseaudio.changes                            |  6 ++
 pulseaudio.spec                               |  2 +
 3 files changed, 97 insertions(+)
 create mode 100644 0063-core-util-ensure-that-we-chmod-only-the-dir-we-ours.patch

diff --git a/0063-core-util-ensure-that-we-chmod-only-the-dir-we-ours.patch b/0063-core-util-ensure-that-we-chmod-only-the-dir-we-ours.patch
new file mode 100644
index 0000000..5e7ad01
--- /dev/null
+++ b/0063-core-util-ensure-that-we-chmod-only-the-dir-we-ours.patch
@@ -0,0 +1,89 @@
+From d3efa43d85ac132c6a5a416a2b6f2115f5d577ee Mon Sep 17 00:00:00 2001
+From: Kees Cook <kees@ubuntu.com>
+Date: Tue, 2 Mar 2010 21:33:34 -0800
+Subject: [PATCH] core-util: ensure that we chmod only the dir we ourselves created
+
+---
+ configure.ac              |    2 +-
+ src/pulsecore/core-util.c |   39 ++++++++++++++++++++++++++++++++++-----
+ 2 files changed, 35 insertions(+), 6 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 1b80788..abcce13 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -424,7 +424,7 @@ AC_CHECK_FUNCS_ONCE([lrintf strtof])
+ AC_FUNC_FORK
+ AC_FUNC_GETGROUPS
+ AC_FUNC_SELECT_ARGTYPES
+-AC_CHECK_FUNCS_ONCE([chmod chown clock_gettime getaddrinfo getgrgid_r getgrnam_r \
++AC_CHECK_FUNCS_ONCE([chmod chown fstat fchown fchmod clock_gettime getaddrinfo getgrgid_r getgrnam_r \
+     getpwnam_r getpwuid_r gettimeofday getuid inet_ntop inet_pton mlock nanosleep \
+     pipe posix_fadvise posix_madvise posix_memalign setpgid setsid shm_open \
+     sigaction sleep sysconf pthread_setaffinity_np])
+diff --git a/src/pulsecore/core-util.c b/src/pulsecore/core-util.c
+index d6017b9..a642553 100644
+--- a/src/pulsecore/core-util.c
++++ b/src/pulsecore/core-util.c
+@@ -199,7 +199,7 @@ void pa_make_fd_cloexec(int fd) {
+ /** Creates a directory securely */
+ int pa_make_secure_dir(const char* dir, mode_t m, uid_t uid, gid_t gid) {
+     struct stat st;
+-    int r, saved_errno;
++    int r, saved_errno, fd;
+ 
+     pa_assert(dir);
+ 
+@@ -217,16 +217,45 @@ int pa_make_secure_dir(const char* dir, mode_t m, uid_t uid, gid_t gid) {
+     if (r < 0 && errno != EEXIST)
+         return -1;
+ 
+-#ifdef HAVE_CHOWN
++#ifdef HAVE_FSTAT
++    if ((fd = open(dir,
++#ifdef O_CLOEXEC
++                   O_CLOEXEC|
++#endif
++#ifdef O_NOCTTY
++                   O_NOCTTY|
++#endif
++#ifdef O_NOFOLLOW
++                   O_NOFOLLOW|
++#endif
++                   O_RDONLY)) < 0)
++        goto fail;
++
++    if (fstat(fd, &st) < 0) {
++        pa_assert_se(pa_close(fd) >= 0);
++        goto fail;
++    }
++
++    if (!S_ISDIR(st.st_mode)) {
++        pa_assert_se(pa_close(fd) >= 0);
++        errno = EEXIST;
++        goto fail;
++    }
++
++#ifdef HAVE_FCHOWN
+     if (uid == (uid_t)-1)
+         uid = getuid();
+     if (gid == (gid_t)-1)
+         gid = getgid();
+-    (void) chown(dir, uid, gid);
++    (void) fchown(fd, uid, gid);
++#endif
++
++#ifdef HAVE_FCHMOD
++    (void) fchmod(fd, m);
+ #endif
+ 
+-#ifdef HAVE_CHMOD
+-    chmod(dir, m);
++    pa_assert_se(pa_close(fd) >= 0);
++
+ #endif
+ 
+ #ifdef HAVE_LSTAT
+-- 
+1.6.0.2
+
diff --git a/pulseaudio.changes b/pulseaudio.changes
index de3722c..a78552a 100644
--- a/pulseaudio.changes
+++ b/pulseaudio.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Mon Mar  8 22:24:00 UTC 2010 - sreeves@novell.com
+
+- Add 0063-core-util-ensure-that-we-chmod-only-the-dir-we-ours.patch
+    Fix bnc#584938 - chmod only the dir we ourselves created. 
+
 -------------------------------------------------------------------
 Mon Mar  1 21:26:48 UTC 2010 - sreeves@novell.com
 
diff --git a/pulseaudio.spec b/pulseaudio.spec
index 5d50d4d..4daa933 100644
--- a/pulseaudio.spec
+++ b/pulseaudio.spec
@@ -92,6 +92,7 @@ Patch59:        0059-alsa-reset-max_rewind-max_request-while-suspending.patch
 Patch60:        0060-core-util-introduce-generic-function-pa_strip.patch
 Patch61:        0061-esd-simple-use-pa_memblockq_pop_missing.patch
 Patch62:        0062-core-rework-how-stream-volumes-affect-sink-volumes.patch
+Patch63:        0063-core-util-ensure-that-we-chmod-only-the-dir-we-ours.patch
 Url:            http://pulseaudio.org
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  alsa-devel
@@ -364,6 +365,7 @@ This package contains GDM integration hooks for the PulseAudio sound server.
 %patch60 -p1
 %patch61 -p1
 %patch62 -p1
+%patch63 -p1
 
 %build
 autoreconf