Git-Url: 
http://git.frugalware.org/gitweb/gitweb.cgi?p=gnometesting.git;a=commitdiff;h=f92924d17dadd7a563d5c4caec2d0f5e915ee264

commit f92924d17dadd7a563d5c4caec2d0f5e915ee264
Author: Miklos Vajna <vmik...@frugalware.org>
Date:   Mon Mar 29 23:46:21 2010 +0200

pulseaudio-0.9.21-3-i686

- add CVE-2009-1299.patch

diff --git a/source/multimedia-extra/pulseaudio/CVE-2009-1299.patch 
b/source/multimedia-extra/pulseaudio/CVE-2009-1299.patch
new file mode 100644
index 0000000..dc7f822
--- /dev/null
+++ b/source/multimedia-extra/pulseaudio/CVE-2009-1299.patch
@@ -0,0 +1,57 @@
+diff -uNrp pulseaudio-0.9.22~0.9.21+stable-queue-32-g8478~/configure.ac 
pulseaudio-0.9.22~0.9.21+stable-queue-32-g8478/configure.ac
+--- pulseaudio-0.9.22~0.9.21+stable-queue-32-g8478~/configure.ac       
2010-01-17 15:54:19.000000000 -0800
++++ pulseaudio-0.9.22~0.9.21+stable-queue-32-g8478/configure.ac        
2010-03-02 21:19:12.163057106 -0800
+@@ -424,7 +424,7 @@ AC_CHECK_FUNCS_ONCE([lrintf strtof])
+ AC_FUNC_FORK
+ AC_FUNC_GETGROUPS
+ AC_FUNC_SELECT_ARGTYPES
+-AC_CHECK_FUNCS_ONCE([chmod chown clock_gettime getaddrinfo getgrgid_r 
getgrnam_r \
++AC_CHECK_FUNCS_ONCE([chmod chown fstat fchown fchmod clock_gettime 
getaddrinfo getgrgid_r getgrnam_r \
+     getpwnam_r getpwuid_r gettimeofday getuid inet_ntop inet_pton mlock 
nanosleep \
+     pipe posix_fadvise posix_madvise posix_memalign setpgid setsid shm_open \
+     sigaction sleep sysconf pthread_setaffinity_np])
+diff -uNrp 
pulseaudio-0.9.22~0.9.21+stable-queue-32-g8478~/src/pulsecore/core-util.c 
pulseaudio-0.9.22~0.9.21+stable-queue-32-g8478/src/pulsecore/core-util.c
+--- pulseaudio-0.9.22~0.9.21+stable-queue-32-g8478~/src/pulsecore/core-util.c  
2010-01-17 15:54:20.000000000 -0800
++++ pulseaudio-0.9.22~0.9.21+stable-queue-32-g8478/src/pulsecore/core-util.c   
2010-03-02 21:18:19.573062096 -0800
+@@ -214,16 +214,37 @@ int pa_make_secure_dir(const char* dir,
+     if (r < 0 && errno != EEXIST)
+         return -1;
+
+-#ifdef HAVE_CHOWN
++#ifdef HAVE_FSTAT
++    int fd = open(dir, O_RDONLY);
++
++    if (fd < 0)
++      goto fail;
++
++    if (fstat(fd, &st) < 0) {
++      close(fd);
++      goto fail;
++    }
++
++    if(!S_ISDIR(st.st_mode)) {
++      close(fd);
++      errno = EACCES;
++      goto fail;
++    }
++
++#ifdef HAVE_FCHOWN
+     if (uid == (uid_t)-1)
+         uid = getuid();
+     if (gid == (gid_t)-1)
+         gid = getgid();
+-    (void) chown(dir, uid, gid);
++    (void) fchown(fd, uid, gid);
++#endif
++
++#ifdef HAVE_FCHMOD
++    fchmod(fd, m);
+ #endif
+
+-#ifdef HAVE_CHMOD
+-    chmod(dir, m);
++    close(fd);
++
+ #endif
+
+ #ifdef HAVE_LSTAT
diff --git a/source/multimedia-extra/pulseaudio/FrugalBuild 
b/source/multimedia-extra/pulseaudio/FrugalBuild
index 0040276..0052c02 100644
--- a/source/multimedia-extra/pulseaudio/FrugalBuild
+++ b/source/multimedia-extra/pulseaudio/FrugalBuild
@@ -3,7 +3,7 @@

pkgname=pulseaudio
pkgver=0.9.21
-pkgrel=2
+pkgrel=3
pkgdesc="PulseAudio is a sound server with an advanced plugin system"
url="http://pulseaudio.org/";
depends=('speex' 'liboil' 'audiofile' 'libsndfile' 'libtool' 'libatomic_ops' 
'libsamplerate' 'flac' 'glib2' \
@@ -14,11 +14,12 @@ groups=('multimedia-extra')
archs=('i686' 'x86_64' 'ppc')
up2date="Flasttar http://pulseaudio.org/wiki/DownloadPulseAudio#Sourcecode";
source=(http://0pointer.de/lennart/projects/$pkgname/$pkgname-$pkgver.tar.gz \
-       rc.pulseaudio pulseaudio.sysconfig README.Frugalware)
+       rc.pulseaudio pulseaudio.sysconfig README.Frugalware 
CVE-2009-1299.patch)
sha1sums=('0309c97f7e0812e243c1bb80a4b74dc26369ac22' \
'484a26a79dc9c66807fcd3edb91ea98513cc95cb' \
'e95d0cd97ae6b68029487080ba460c412afa0ca0' \
-          'e05930aab23ef8d615dffa9ec818c84c4ee67edf')
+          'e05930aab23ef8d615dffa9ec818c84c4ee67edf' \
+          '7f694620fed97ee8190fe88956cbaf6023c36005')

subpkgs=("pulseaudio-hal" "pulseaudio-esd" "pulseaudio-bluetooth" 
"pulseaudio-x11" \
"pulseaudio-avahi" "pulseaudio-jack" "pulseaudio-gconf")
_______________________________________________
Frugalware-git mailing list
Frugalware-git@frugalware.org
http://frugalware.org/mailman/listinfo/frugalware-git

Reply via email to