rpms/audacity/F-8 audacity-1.3.2-CVE-2007-6061.patch,NONE,1.1
Michael Schwendt (mschwendt)
fedora-extras-commits at redhat.com
Sat May 3 07:04:19 UTC 2008
- Previous message: rpms/scim-python/F-8 .cvsignore, 1.7, 1.8 scim-python.spec, 1.11, 1.12 sources, 1.8, 1.9
- Next message: rpms/audacity/F-9 audacity-1.3.2-CVE-2007-6061.patch, NONE, 1.1 audacity.spec, 1.48, 1.49
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: mschwendt
Update of /cvs/pkgs/rpms/audacity/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv15768/F-8
Added Files:
audacity-1.3.2-CVE-2007-6061.patch
Log Message:
* Sat May 3 2008 Michael Schwendt <mschwendt at fedoraproject.org> - 1.3.2-21
- check ownership of temporary files directory (#436260) (CVE-2007-6061)
audacity-1.3.2-CVE-2007-6061.patch:
--- NEW FILE audacity-1.3.2-CVE-2007-6061.patch ---
diff -Nur audacity-src-1.3.2-beta-orig/src/AudacityApp.cpp audacity-src-1.3.2-beta/src/AudacityApp.cpp
--- audacity-src-1.3.2-beta-orig/src/AudacityApp.cpp 2006-10-29 01:05:26.000000000 +0200
+++ audacity-src-1.3.2-beta/src/AudacityApp.cpp 2008-05-02 17:46:49.000000000 +0200
@@ -821,7 +821,7 @@
if (tempFromPrefs != wxT("")) {
if (wxDirExists(tempFromPrefs))
temp = tempFromPrefs;
- else if (wxMkdir(tempFromPrefs))
+ else if (wxMkdir(tempFromPrefs, 0755))
temp = tempFromPrefs;
}
@@ -830,10 +830,21 @@
if (temp==wxT("") && tempDefaultLoc != wxT("")) {
if (wxDirExists(tempDefaultLoc))
temp = tempDefaultLoc;
- else if (wxMkdir(tempDefaultLoc))
+ else if (wxMkdir(tempDefaultLoc, 0755))
temp = tempDefaultLoc;
}
+ // Check temp directory ownership.
+ struct stat tempStatBuf;
+ if ( lstat(temp.mb_str(), &tempStatBuf) != 0 ) {
+ temp.clear();
+ }
+ else {
+ if ( geteuid() != tempStatBuf.st_uid ) {
+ temp.clear();
+ }
+ }
+
if (temp == wxT("")) {
// Failed
wxMessageBox(_("Audacity could not find a place to store temporary files.\nPlease enter an appropriate directory in the preferences dialog."));
- Previous message: rpms/scim-python/F-8 .cvsignore, 1.7, 1.8 scim-python.spec, 1.11, 1.12 sources, 1.8, 1.9
- Next message: rpms/audacity/F-9 audacity-1.3.2-CVE-2007-6061.patch, NONE, 1.1 audacity.spec, 1.48, 1.49
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list