[oe-commits] Holger Hans Peter Freyther : pulseaudio: Plug flaw with pulseaudio restarting itself..

Mon Mar 22 10:25:35 UTC 2010

Module: openembedded.git
Branch: org.openembedded.dev
Commit: df2b33fd9ba9e5377da260cd2e2df7740561870c
URL:    http://gitweb.openembedded.net/?p=openembedded.git&a=commit;h=df2b33fd9ba9e5377da260cd2e2df7740561870c

Author: Holger Hans Peter Freyther <zecke at selfish.org>
Date:   Mon Mar 22 14:20:40 2010 +0800

pulseaudio: Plug flaw with pulseaudio restarting itself..

Address CVE-2009-1894..

---

 recipes/pulseaudio/files/CVE-2009-1894.patch |   49 ++++++++++++++++++++++++++
 recipes/pulseaudio/pulseaudio_0.9.15.bb      |    3 +-
 2 files changed, 51 insertions(+), 1 deletions(-)

diff --git a/recipes/pulseaudio/files/CVE-2009-1894.patch b/recipes/pulseaudio/files/CVE-2009-1894.patch
new file mode 100644
index 0000000..729ed91
--- /dev/null
+++ b/recipes/pulseaudio/files/CVE-2009-1894.patch
@@ -0,0 +1,49 @@
+Index: pulseaudio-0.9.15/src/daemon/main.c
+===================================================================
+--- pulseaudio-0.9.15.orig/src/daemon/main.c
++++ pulseaudio-0.9.15/src/daemon/main.c
+@@ -399,28 +399,6 @@ int main(int argc, char *argv[]) {
+     pa_log_set_level(PA_LOG_NOTICE);
+     pa_log_set_flags(PA_LOG_COLORS|PA_LOG_PRINT_FILE|PA_LOG_PRINT_LEVEL, PA_LOG_RESET);
+ 
+-#if defined(__linux__) && defined(__OPTIMIZE__)
+-    /*
+-       Disable lazy relocations to make usage of external libraries
+-       more deterministic for our RT threads. We abuse __OPTIMIZE__ as
+-       a check whether we are a debug build or not.
+-    */
+-
+-    if (!getenv("LD_BIND_NOW")) {
+-        char *rp;
+-
+-        /* We have to execute ourselves, because the libc caches the
+-         * value of $LD_BIND_NOW on initialization. */
+-
+-        pa_set_env("LD_BIND_NOW", "1");
+-
+-        if ((rp = pa_readlink("/proc/self/exe")))
+-            pa_assert_se(execv(rp, argv) == 0);
+-        else
+-            pa_log_warn("Couldn't read /proc/self/exe, cannot self execute. Running in a chroot()?");
+-    }
+-#endif
+-
+ #ifdef HAVE_GETUID
+     real_root = getuid() == 0;
+     suid_root = !real_root && geteuid() == 0;
+Index: pulseaudio-0.9.15/src/Makefile.am
+===================================================================
+--- pulseaudio-0.9.15.orig/src/Makefile.am
++++ pulseaudio-0.9.15/src/Makefile.am
+@@ -153,9 +153,9 @@ PREOPEN_LIBS = $(modlibexec_LTLIBRARIES)
+ endif
+ 
+ if FORCE_PREOPEN
+-pulseaudio_LDFLAGS = $(AM_LDFLAGS) $(BINLDFLAGS) -dlpreopen force $(foreach f,$(PREOPEN_LIBS),-dlpreopen $(f))
++pulseaudio_LDFLAGS = $(AM_LDFLAGS) $(BINLDFLAGS) -Wl,-z,now -dlpreopen force $(foreach f,$(PREOPEN_LIBS),-dlpreopen $(f))
+ else
+-pulseaudio_LDFLAGS = $(AM_LDFLAGS) $(BINLDFLAGS) -dlopen force $(foreach f,$(PREOPEN_LIBS),-dlopen $(f))
++pulseaudio_LDFLAGS = $(AM_LDFLAGS) $(BINLDFLAGS) -Wl,-z,now -dlopen force $(foreach f,$(PREOPEN_LIBS),-dlopen $(f))
+ endif
+ 
+ if HAVE_POLKIT
diff --git a/recipes/pulseaudio/pulseaudio_0.9.15.bb b/recipes/pulseaudio/pulseaudio_0.9.15.bb
index 760e408..d71d077 100644
--- a/recipes/pulseaudio/pulseaudio_0.9.15.bb
+++ b/recipes/pulseaudio/pulseaudio_0.9.15.bb
@@ -1,7 +1,7 @@
 require pulseaudio.inc
 
 DEPENDS += "gdbm speex"
-PR = "${INC_PR}.5"
+PR = "${INC_PR}.6"
 
 inherit gettext
 
@@ -16,6 +16,7 @@ SRC_URI += "\
   file://tls_m4.patch;patch=1 \
   file://sbc-thumb.patch;patch=1 \
   file://CVE-2009-1299.patch;patch=1 \
+  file://CVE-2009-1894.patch;patch=1 \
 "
 
 do_compile_prepend() {



