diff options
| author | Holger Hans Peter Freyther <zecke@selfish.org> | 2010-03-22 14:20:40 +0800 |
|---|---|---|
| committer | Holger Hans Peter Freyther <zecke@selfish.org> | 2010-03-22 18:24:16 +0800 |
| commit | df2b33fd9ba9e5377da260cd2e2df7740561870c (patch) | |
| tree | f219fcbed4104ff12c2fb3c33de69de8efbabec6 | |
| parent | 7284b51dfd5e8ada1af863a8e0d1b9948c62ccce (diff) | |
pulseaudio: Plug flaw with pulseaudio restarting itself..
Address CVE-2009-1894..
| -rw-r--r-- | recipes/pulseaudio/files/CVE-2009-1894.patch | 49 | ||||
| -rw-r--r-- | recipes/pulseaudio/pulseaudio_0.9.15.bb | 3 |
2 files changed, 51 insertions, 1 deletions
diff --git a/recipes/pulseaudio/files/CVE-2009-1894.patch b/recipes/pulseaudio/files/CVE-2009-1894.patch new file mode 100644 index 0000000000..729ed91782 --- /dev/null +++ b/recipes/pulseaudio/files/CVE-2009-1894.patch @@ -0,0 +1,49 @@ +Index: pulseaudio-0.9.15/src/daemon/main.c +=================================================================== +--- pulseaudio-0.9.15.orig/src/daemon/main.c ++++ pulseaudio-0.9.15/src/daemon/main.c +@@ -399,28 +399,6 @@ int main(int argc, char *argv[]) { + pa_log_set_level(PA_LOG_NOTICE); + pa_log_set_flags(PA_LOG_COLORS|PA_LOG_PRINT_FILE|PA_LOG_PRINT_LEVEL, PA_LOG_RESET); + +-#if defined(__linux__) && defined(__OPTIMIZE__) +- /* +- Disable lazy relocations to make usage of external libraries +- more deterministic for our RT threads. We abuse __OPTIMIZE__ as +- a check whether we are a debug build or not. +- */ +- +- if (!getenv("LD_BIND_NOW")) { +- char *rp; +- +- /* We have to execute ourselves, because the libc caches the +- * value of $LD_BIND_NOW on initialization. */ +- +- pa_set_env("LD_BIND_NOW", "1"); +- +- if ((rp = pa_readlink("/proc/self/exe"))) +- pa_assert_se(execv(rp, argv) == 0); +- else +- pa_log_warn("Couldn't read /proc/self/exe, cannot self execute. Running in a chroot()?"); +- } +-#endif +- + #ifdef HAVE_GETUID + real_root = getuid() == 0; + suid_root = !real_root && geteuid() == 0; +Index: pulseaudio-0.9.15/src/Makefile.am +=================================================================== +--- pulseaudio-0.9.15.orig/src/Makefile.am ++++ pulseaudio-0.9.15/src/Makefile.am +@@ -153,9 +153,9 @@ PREOPEN_LIBS = $(modlibexec_LTLIBRARIES) + endif + + if FORCE_PREOPEN +-pulseaudio_LDFLAGS = $(AM_LDFLAGS) $(BINLDFLAGS) -dlpreopen force $(foreach f,$(PREOPEN_LIBS),-dlpreopen $(f)) ++pulseaudio_LDFLAGS = $(AM_LDFLAGS) $(BINLDFLAGS) -Wl,-z,now -dlpreopen force $(foreach f,$(PREOPEN_LIBS),-dlpreopen $(f)) + else +-pulseaudio_LDFLAGS = $(AM_LDFLAGS) $(BINLDFLAGS) -dlopen force $(foreach f,$(PREOPEN_LIBS),-dlopen $(f)) ++pulseaudio_LDFLAGS = $(AM_LDFLAGS) $(BINLDFLAGS) -Wl,-z,now -dlopen force $(foreach f,$(PREOPEN_LIBS),-dlopen $(f)) + endif + + if HAVE_POLKIT diff --git a/recipes/pulseaudio/pulseaudio_0.9.15.bb b/recipes/pulseaudio/pulseaudio_0.9.15.bb index 760e408333..d71d077ab6 100644 --- a/recipes/pulseaudio/pulseaudio_0.9.15.bb +++ b/recipes/pulseaudio/pulseaudio_0.9.15.bb @@ -1,7 +1,7 @@ require pulseaudio.inc DEPENDS += "gdbm speex" -PR = "${INC_PR}.5" +PR = "${INC_PR}.6" inherit gettext @@ -16,6 +16,7 @@ SRC_URI += "\ file://tls_m4.patch;patch=1 \ file://sbc-thumb.patch;patch=1 \ file://CVE-2009-1299.patch;patch=1 \ + file://CVE-2009-1894.patch;patch=1 \ " do_compile_prepend() { |