rpms/audacity/devel audacity-1.3.2-CVE-2007-6061.patch, NONE, 1.1 audacity.spec, 1.48, 1.49

Michael Schwendt (mschwendt) fedora-extras-commits at redhat.com
Sat May 3 07:05:11 UTC 2008 

Author: mschwendt

Update of /cvs/pkgs/rpms/audacity/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv15768/devel

Modified Files:
	audacity.spec 
Added Files:
	audacity-1.3.2-CVE-2007-6061.patch 
Log Message:
* Sat May  3 2008 Michael Schwendt <mschwendt at fedoraproject.org> - 1.3.2-21
- check ownership of temporary files directory (#436260) (CVE-2007-6061)


audacity-1.3.2-CVE-2007-6061.patch:

--- NEW FILE audacity-1.3.2-CVE-2007-6061.patch ---
diff -Nur audacity-src-1.3.2-beta-orig/src/AudacityApp.cpp audacity-src-1.3.2-beta/src/AudacityApp.cpp
--- audacity-src-1.3.2-beta-orig/src/AudacityApp.cpp	2006-10-29 01:05:26.000000000 +0200
+++ audacity-src-1.3.2-beta/src/AudacityApp.cpp	2008-05-02 17:46:49.000000000 +0200
@@ -821,7 +821,7 @@
    if (tempFromPrefs != wxT("")) {
       if (wxDirExists(tempFromPrefs))
          temp = tempFromPrefs;
-      else if (wxMkdir(tempFromPrefs))
+      else if (wxMkdir(tempFromPrefs, 0755))
          temp = tempFromPrefs;
    }
 
@@ -830,10 +830,21 @@
    if (temp==wxT("") && tempDefaultLoc != wxT("")) {
       if (wxDirExists(tempDefaultLoc))
          temp = tempDefaultLoc;
-      else if (wxMkdir(tempDefaultLoc))
+      else if (wxMkdir(tempDefaultLoc, 0755))
          temp = tempDefaultLoc;
    }
 
+   // Check temp directory ownership.
+   struct stat tempStatBuf;
+   if ( lstat(temp.mb_str(), &tempStatBuf) != 0 ) {
+      temp.clear();
+   }
+   else {
+      if ( geteuid() != tempStatBuf.st_uid ) {
+         temp.clear();
+      }
+   }
+
    if (temp == wxT("")) {
       // Failed
       wxMessageBox(_("Audacity could not find a place to store temporary files.\nPlease enter an appropriate directory in the preferences dialog."));


Index: audacity.spec
===================================================================
RCS file: /cvs/pkgs/rpms/audacity/devel/audacity.spec,v
retrieving revision 1.48
retrieving revision 1.49
diff -u -r1.48 -r1.49
--- audacity.spec	12 Apr 2008 14:14:14 -0000	1.48
+++ audacity.spec	3 May 2008 07:04:27 -0000	1.49
@@ -1,6 +1,6 @@
 Name:           audacity
 Version:        1.3.2
-Release:        20%{?dist}
+Release:        21%{?dist}
 Summary:        A multitrack audio editor
 
 Group:          Applications/Multimedia
@@ -22,6 +22,7 @@
 Patch10:        audacity-1.3.2-jack-api-109.patch
 Patch11:        audacity-1.3.2-soundtouch-cxxflags.patch
 Patch12:        audacity-1.3.2-allegro-cflags.patch
+Patch13:        audacity-1.3.2-CVE-2007-6061.patch
 BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires:  alsa-lib-devel
 BuildRequires:  desktop-file-utils
@@ -80,6 +81,7 @@
 %endif
 %patch11 -p1 -b .soundtouch-cxxflags
 %patch12 -p1 -b .allegro-cflags
+%patch13 -p1 -b .CVE-2007-6061
 
 # Substitute occurences of "libmp3lame.so" with "libmp3lame.so.0".
 for i in help/wxhelp/audacity.hhk help/wxhelp/exportmp3.htm locale/*.po src/export/ExportMP3.cpp
@@ -158,6 +160,9 @@
 
 
 %changelog
+* Sat May  3 2008 Michael Schwendt <mschwendt at fedoraproject.org> - 1.3.2-21
+- check ownership of temporary files directory (#436260) (CVE-2007-6061)
+
 * Fri Mar 21 2008 Michael Schwendt <mschwendt at fedoraproject.org> - 1.3.2-20
 - make soundtouch and allegro build with RPM optflags

More information about the fedora-extras-commits mailing list