forked from pool/pulseaudio
Accepting request 34582 from home:sreeves1:branches:multimedia:libs
Copy from home:sreeves1:branches:multimedia:libs/pulseaudio via accept of submit request 34582 revision 2. Request was accepted with message: OBS-URL: https://build.opensuse.org/request/show/34582 OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/pulseaudio?expand=0&rev=42
This commit is contained in:
Git OBS Bridge
parent
3e82242fc9
commit
bcd74e9a6d
@ -0,0 +1,89 @@
|
|||||||
|
From d3efa43d85ac132c6a5a416a2b6f2115f5d577ee Mon Sep 17 00:00:00 2001
|
||||||
|
From: Kees Cook <kees@ubuntu.com>
|
||||||
|
Date: Tue, 2 Mar 2010 21:33:34 -0800
|
||||||
|
Subject: [PATCH] core-util: ensure that we chmod only the dir we ourselves created
|
||||||
|
|
||||||
|
---
|
||||||
|
configure.ac | 2 +-
|
||||||
|
src/pulsecore/core-util.c | 39 ++++++++++++++++++++++++++++++++++-----
|
||||||
|
2 files changed, 35 insertions(+), 6 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/configure.ac b/configure.ac
|
||||||
|
index 1b80788..abcce13 100644
|
||||||
|
--- a/configure.ac
|
||||||
|
+++ b/configure.ac
|
||||||
|
@@ -424,7 +424,7 @@ AC_CHECK_FUNCS_ONCE([lrintf strtof])
|
||||||
|
AC_FUNC_FORK
|
||||||
|
AC_FUNC_GETGROUPS
|
||||||
|
AC_FUNC_SELECT_ARGTYPES
|
||||||
|
-AC_CHECK_FUNCS_ONCE([chmod chown clock_gettime getaddrinfo getgrgid_r getgrnam_r \
|
||||||
|
+AC_CHECK_FUNCS_ONCE([chmod chown fstat fchown fchmod clock_gettime getaddrinfo getgrgid_r getgrnam_r \
|
||||||
|
getpwnam_r getpwuid_r gettimeofday getuid inet_ntop inet_pton mlock nanosleep \
|
||||||
|
pipe posix_fadvise posix_madvise posix_memalign setpgid setsid shm_open \
|
||||||
|
sigaction sleep sysconf pthread_setaffinity_np])
|
||||||
|
diff --git a/src/pulsecore/core-util.c b/src/pulsecore/core-util.c
|
||||||
|
index d6017b9..a642553 100644
|
||||||
|
--- a/src/pulsecore/core-util.c
|
||||||
|
+++ b/src/pulsecore/core-util.c
|
||||||
|
@@ -199,7 +199,7 @@ void pa_make_fd_cloexec(int fd) {
|
||||||
|
/** Creates a directory securely */
|
||||||
|
int pa_make_secure_dir(const char* dir, mode_t m, uid_t uid, gid_t gid) {
|
||||||
|
struct stat st;
|
||||||
|
- int r, saved_errno;
|
||||||
|
+ int r, saved_errno, fd;
|
||||||
|
|
||||||
|
pa_assert(dir);
|
||||||
|
|
||||||
|
@@ -217,16 +217,45 @@ int pa_make_secure_dir(const char* dir, mode_t m, uid_t uid, gid_t gid) {
|
||||||
|
if (r < 0 && errno != EEXIST)
|
||||||
|
return -1;
|
||||||
|
|
||||||
|
-#ifdef HAVE_CHOWN
|
||||||
|
+#ifdef HAVE_FSTAT
|
||||||
|
+ if ((fd = open(dir,
|
||||||
|
+#ifdef O_CLOEXEC
|
||||||
|
+ O_CLOEXEC|
|
||||||
|
+#endif
|
||||||
|
+#ifdef O_NOCTTY
|
||||||
|
+ O_NOCTTY|
|
||||||
|
+#endif
|
||||||
|
+#ifdef O_NOFOLLOW
|
||||||
|
+ O_NOFOLLOW|
|
||||||
|
+#endif
|
||||||
|
+ O_RDONLY)) < 0)
|
||||||
|
+ goto fail;
|
||||||
|
+
|
||||||
|
+ if (fstat(fd, &st) < 0) {
|
||||||
|
+ pa_assert_se(pa_close(fd) >= 0);
|
||||||
|
+ goto fail;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (!S_ISDIR(st.st_mode)) {
|
||||||
|
+ pa_assert_se(pa_close(fd) >= 0);
|
||||||
|
+ errno = EEXIST;
|
||||||
|
+ goto fail;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+#ifdef HAVE_FCHOWN
|
||||||
|
if (uid == (uid_t)-1)
|
||||||
|
uid = getuid();
|
||||||
|
if (gid == (gid_t)-1)
|
||||||
|
gid = getgid();
|
||||||
|
- (void) chown(dir, uid, gid);
|
||||||
|
+ (void) fchown(fd, uid, gid);
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
+#ifdef HAVE_FCHMOD
|
||||||
|
+ (void) fchmod(fd, m);
|
||||||
|
#endif
|
||||||
|
|
||||||
|
-#ifdef HAVE_CHMOD
|
||||||
|
- chmod(dir, m);
|
||||||
|
+ pa_assert_se(pa_close(fd) >= 0);
|
||||||
|
+
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifdef HAVE_LSTAT
|
||||||
|
--
|
||||||
|
1.6.0.2
|
||||||
|
|
||||||
@ -1,3 +1,9 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Mar 8 22:24:00 UTC 2010 - sreeves@novell.com
|
||||||
|
|
||||||
|
- Add 0063-core-util-ensure-that-we-chmod-only-the-dir-we-ours.patch
|
||||||
|
Fix bnc#584938 - chmod only the dir we ourselves created.
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Mar 1 21:26:48 UTC 2010 - sreeves@novell.com
|
Mon Mar 1 21:26:48 UTC 2010 - sreeves@novell.com
|
||||||
|
|
||||||
|
|||||||
@ -92,6 +92,7 @@ Patch59: 0059-alsa-reset-max_rewind-max_request-while-suspending.patch
|
|||||||
Patch60: 0060-core-util-introduce-generic-function-pa_strip.patch
|
Patch60: 0060-core-util-introduce-generic-function-pa_strip.patch
|
||||||
Patch61: 0061-esd-simple-use-pa_memblockq_pop_missing.patch
|
Patch61: 0061-esd-simple-use-pa_memblockq_pop_missing.patch
|
||||||
Patch62: 0062-core-rework-how-stream-volumes-affect-sink-volumes.patch
|
Patch62: 0062-core-rework-how-stream-volumes-affect-sink-volumes.patch
|
||||||
|
Patch63: 0063-core-util-ensure-that-we-chmod-only-the-dir-we-ours.patch
|
||||||
Url: http://pulseaudio.org
|
Url: http://pulseaudio.org
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||||
BuildRequires: alsa-devel
|
BuildRequires: alsa-devel
|
||||||
@ -364,6 +365,7 @@ This package contains GDM integration hooks for the PulseAudio sound server.
|
|||||||
%patch60 -p1
|
%patch60 -p1
|
||||||
%patch61 -p1
|
%patch61 -p1
|
||||||
%patch62 -p1
|
%patch62 -p1
|
||||||
|
%patch63 -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
autoreconf
|
autoreconf
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user