diff options
| author |   Diego Elio Pettenò <flameeyes@gentoo.org> | 2009-07-16 14:00:05 +0000 |
|---|---|---|
| committer | Diego Elio Pettenò <flameeyes@gentoo.org> | 2009-07-16 14:00:05 +0000 |
| commit | 092595fdc4d716194bd43bdfe1d72f94de68ea9d (patch) | |
| tree | d751132da925805ee80624f3cc8129267ce46d84 /media-sound/pulseaudio/files | |
| parent | Sparc stable, bug #278039. (diff) | |
| download | historical-092595fdc4d716194bd43bdfe1d72f94de68ea9d.tar.gz historical-092595fdc4d716194bd43bdfe1d72f94de68ea9d.tar.bz2 historical-092595fdc4d716194bd43bdfe1d72f94de68ea9d.zip | |
Add patch to fix CVE-2009-1894, see bug #276986.
Package-Manager: portage-2.2_rc33/cvs/Linux x86_64
RepoMan-Options: --force
Diffstat (limited to 'media-sound/pulseaudio/files')
3 files changed, 198 insertions, 0 deletions
diff --git a/media-sound/pulseaudio/files/pulseaudio-0.9.15-CVE-2009-1894.patch b/media-sound/pulseaudio/files/pulseaudio-0.9.15-CVE-2009-1894.patch new file mode 100644 index 000000000000..729ed9178286 --- /dev/null +++ b/media-sound/pulseaudio/files/pulseaudio-0.9.15-CVE-2009-1894.patch @@ -0,0 +1,49 @@ +Index: pulseaudio-0.9.15/src/daemon/main.c +=================================================================== +--- pulseaudio-0.9.15.orig/src/daemon/main.c ++++ pulseaudio-0.9.15/src/daemon/main.c +@@ -399,28 +399,6 @@ int main(int argc, char *argv[]) { + pa_log_set_level(PA_LOG_NOTICE); + pa_log_set_flags(PA_LOG_COLORS|PA_LOG_PRINT_FILE|PA_LOG_PRINT_LEVEL, PA_LOG_RESET); + +-#if defined(__linux__) && defined(__OPTIMIZE__) +- /* +- Disable lazy relocations to make usage of external libraries +- more deterministic for our RT threads. We abuse __OPTIMIZE__ as +- a check whether we are a debug build or not. +- */ +- +- if (!getenv("LD_BIND_NOW")) { +- char *rp; +- +- /* We have to execute ourselves, because the libc caches the +- * value of $LD_BIND_NOW on initialization. */ +- +- pa_set_env("LD_BIND_NOW", "1"); +- +- if ((rp = pa_readlink("/proc/self/exe"))) +- pa_assert_se(execv(rp, argv) == 0); +- else +- pa_log_warn("Couldn't read /proc/self/exe, cannot self execute. Running in a chroot()?"); +- } +-#endif +- + #ifdef HAVE_GETUID + real_root = getuid() == 0; + suid_root = !real_root && geteuid() == 0; +Index: pulseaudio-0.9.15/src/Makefile.am +=================================================================== +--- pulseaudio-0.9.15.orig/src/Makefile.am ++++ pulseaudio-0.9.15/src/Makefile.am +@@ -153,9 +153,9 @@ PREOPEN_LIBS = $(modlibexec_LTLIBRARIES) + endif + + if FORCE_PREOPEN +-pulseaudio_LDFLAGS = $(AM_LDFLAGS) $(BINLDFLAGS) -dlpreopen force $(foreach f,$(PREOPEN_LIBS),-dlpreopen $(f)) ++pulseaudio_LDFLAGS = $(AM_LDFLAGS) $(BINLDFLAGS) -Wl,-z,now -dlpreopen force $(foreach f,$(PREOPEN_LIBS),-dlpreopen $(f)) + else +-pulseaudio_LDFLAGS = $(AM_LDFLAGS) $(BINLDFLAGS) -dlopen force $(foreach f,$(PREOPEN_LIBS),-dlopen $(f)) ++pulseaudio_LDFLAGS = $(AM_LDFLAGS) $(BINLDFLAGS) -Wl,-z,now -dlopen force $(foreach f,$(PREOPEN_LIBS),-dlopen $(f)) + endif + + if HAVE_POLKIT diff --git a/media-sound/pulseaudio/files/pulseaudio-0.9.16-CVE-2009-1894.patch b/media-sound/pulseaudio/files/pulseaudio-0.9.16-CVE-2009-1894.patch new file mode 100644 index 000000000000..64e672377ac0 --- /dev/null +++ b/media-sound/pulseaudio/files/pulseaudio-0.9.16-CVE-2009-1894.patch @@ -0,0 +1,85 @@ +From fdd11d6cc0f4c75f75c62fb7d419d157ce00c956 Mon Sep 17 00:00:00 2001 +From: =?utf-8?q?Diego=20Elio=20'Flameeyes'=20Petten=C3=B2?= <flameeyes@gmail.com> +Date: Tue, 7 Jul 2009 20:51:53 +0200 +Subject: [PATCH] Remove exploitable LD_BIND_NOW hack. + +Instead of trying to re-execute pulseaudio itself with LD_BIND_NOW set, +just find the correct flag for the linker to request immediate bindings +(all ELF files support that option), and use that when linking the daemon. + +Reduce the amount of compiled and executed code as well. +--- + configure.ac | 6 ++++++ + src/Makefile.am | 4 ++-- + src/daemon/main.c | 22 ---------------------- + 3 files changed, 8 insertions(+), 24 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 9c96d1c..cc7f674 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -113,6 +113,12 @@ CC_CHECK_LDFLAGS([${tmp_ldflag}], + [VERSIONING_LDFLAGS='-Wl,-version-script=$(srcdir)/map-file']) + AC_SUBST([VERSIONING_LDFLAGS]) + ++dnl Use immediate (now) bindings; avoids the funky re-call in itself ++dnl the -z now syntax is lifted from Sun's linker and works with GNU's too ++dnl other linkes might be added later ++CC_CHECK_LDFLAGS([-Wl,-z,now], [IMMEDIATE_LDFLAGS="-Wl,-z,now"]) ++AC_SUBST([IMMEDIATE_LDFLAGS]) ++ + dnl Check for the proper way to build libraries that have no undefined + dnl symbols; on some hosts this needs to be avoided but the macro + dnl takes care of it. +diff --git a/src/Makefile.am b/src/Makefile.am +index 7ebf1f8..ac627c8 100644 +--- a/src/Makefile.am ++++ b/src/Makefile.am +@@ -183,9 +183,9 @@ PREOPEN_LIBS = $(modlibexec_LTLIBRARIES) + endif + + if FORCE_PREOPEN +-pulseaudio_LDFLAGS = $(AM_LDFLAGS) $(BINLDFLAGS) -dlpreopen force $(foreach f,$(PREOPEN_LIBS),-dlpreopen $(f)) ++pulseaudio_LDFLAGS = $(AM_LDFLAGS) $(BINLDFLAGS) $(IMMEDIATE_LDFLAGS) -dlpreopen force $(foreach f,$(PREOPEN_LIBS),-dlpreopen $(f)) + else +-pulseaudio_LDFLAGS = $(AM_LDFLAGS) $(BINLDFLAGS) -dlopen force $(foreach f,$(PREOPEN_LIBS),-dlopen $(f)) ++pulseaudio_LDFLAGS = $(AM_LDFLAGS) $(BINLDFLAGS) $(IMMEDIATE_LDFLAGS) -dlopen force $(foreach f,$(PREOPEN_LIBS),-dlopen $(f)) + endif + + ################################### +diff --git a/src/daemon/main.c b/src/daemon/main.c +index eb378d2..0f6fc90 100644 +--- a/src/daemon/main.c ++++ b/src/daemon/main.c +@@ -401,28 +401,6 @@ int main(int argc, char *argv[]) { + pa_log_set_level(PA_LOG_NOTICE); + pa_log_set_flags(PA_LOG_COLORS|PA_LOG_PRINT_FILE|PA_LOG_PRINT_LEVEL, PA_LOG_RESET); + +-#if defined(__linux__) && defined(__OPTIMIZE__) +- /* +- Disable lazy relocations to make usage of external libraries +- more deterministic for our RT threads. We abuse __OPTIMIZE__ as +- a check whether we are a debug build or not. +- */ +- +- if (!getenv("LD_BIND_NOW")) { +- char *rp; +- +- /* We have to execute ourselves, because the libc caches the +- * value of $LD_BIND_NOW on initialization. */ +- +- pa_set_env("LD_BIND_NOW", "1"); +- +- if ((rp = pa_readlink("/proc/self/exe"))) +- pa_assert_se(execv(rp, argv) == 0); +- else +- pa_log_warn("Couldn't read /proc/self/exe, cannot self execute. Running in a chroot()?"); +- } +-#endif +- + if ((e = getenv("PULSE_PASSED_FD"))) { + passed_fd = atoi(e); + +-- +1.6.3.3 + diff --git a/media-sound/pulseaudio/files/pulseaudio-0.9.9-CVE-2009-1894.patch b/media-sound/pulseaudio/files/pulseaudio-0.9.9-CVE-2009-1894.patch new file mode 100644 index 000000000000..affa986d2f8d --- /dev/null +++ b/media-sound/pulseaudio/files/pulseaudio-0.9.9-CVE-2009-1894.patch @@ -0,0 +1,64 @@ +From fdd11d6cc0f4c75f75c62fb7d419d157ce00c956 Mon Sep 17 00:00:00 2001 +From: =?utf-8?q?Diego=20Elio=20'Flameeyes'=20Petten=C3=B2?= <flameeyes@gmail.com> +Date: Tue, 7 Jul 2009 20:51:53 +0200 +Subject: [PATCH] Remove exploitable LD_BIND_NOW hack. + +Instead of trying to re-execute pulseaudio itself with LD_BIND_NOW set, +just find the correct flag for the linker to request immediate bindings +(all ELF files support that option), and use that when linking the daemon. + +Reduce the amount of compiled and executed code as well. +--- + src/Makefile.am | 4 ++-- + src/daemon/main.c | 19 ------------------- + 2 files changed, 2 insertions(+), 21 deletions(-) + +diff --git a/src/Makefile.am b/src/Makefile.am +index 2ac4f3d..7d1c431 100644 +--- a/src/Makefile.am ++++ b/src/Makefile.am +@@ -147,9 +147,9 @@ PREOPEN_LIBS = $(modlibexec_LTLIBRARIES) + endif + + if FORCE_PREOPEN +-pulseaudio_LDFLAGS = $(AM_LDFLAGS) $(BINLDFLAGS) -dlpreopen force $(foreach f,$(PREOPEN_LIBS),-dlpreopen $(f)) ++pulseaudio_LDFLAGS = $(AM_LDFLAGS) $(BINLDFLAGS) -Wl,-z,now -dlpreopen force $(foreach f,$(PREOPEN_LIBS),-dlpreopen $(f)) + else +-pulseaudio_LDFLAGS = $(AM_LDFLAGS) $(BINLDFLAGS) -dlopen force $(foreach f,$(PREOPEN_LIBS),-dlopen $(f)) ++pulseaudio_LDFLAGS = $(AM_LDFLAGS) $(BINLDFLAGS) -Wl,-z,now -dlopen force $(foreach f,$(PREOPEN_LIBS),-dlopen $(f)) + endif + + if HAVE_POLKIT +diff --git a/src/daemon/main.c b/src/daemon/main.c +index 4276d1d..c788917 100644 +--- a/src/daemon/main.c ++++ b/src/daemon/main.c +@@ -340,25 +340,6 @@ int main(int argc, char *argv[]) { + #endif + + +-#if defined(__linux__) && defined(__OPTIMIZE__) +- /* +- Disable lazy relocations to make usage of external libraries +- more deterministic for our RT threads. We abuse __OPTIMIZE__ as +- a check whether we are a debug build or not. +- */ +- +- if (!getenv("LD_BIND_NOW")) { +- char *rp; +- +- /* We have to execute ourselves, because the libc caches the +- * value of $LD_BIND_NOW on initialization. */ +- +- putenv(pa_xstrdup("LD_BIND_NOW=1")); +- pa_assert_se(rp = pa_readlink("/proc/self/exe")); +- pa_assert_se(execv(rp, argv) == 0); +- } +-#endif +- + #ifdef HAVE_GETUID + real_root = getuid() == 0; + suid_root = !real_root && geteuid() == 0; +-- +1.6.3.3 + |