rpms/audacious-plugins/devel audacious-plugins-2.2-tmp-vuln.patch, NONE, 1.1 audacious-plugins.spec, 1.93, 1.94

Michael Schwendt mschwendt at fedoraproject.org
Fri Feb 5 19:48:54 UTC 2010 

Author: mschwendt

Update of /cvs/pkgs/rpms/audacious-plugins/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv11668

Modified Files:
	audacious-plugins.spec 
Added Files:
	audacious-plugins-2.2-tmp-vuln.patch 
Log Message:
* Fri Feb  5 2010 Michael Schwendt <mschwendt at fedoraproject.org> - 2.2-19
- Fix temp file vulnerability in streambrowser plugin.


audacious-plugins-2.2-tmp-vuln.patch:
 streambrowser.c |   11 +++++++----
 streambrowser.h |    1 -
 xiph.c          |   12 ++++++++----
 xiph.h          |    1 -
 4 files changed, 15 insertions(+), 10 deletions(-)

--- NEW FILE audacious-plugins-2.2-tmp-vuln.patch ---
diff -Nur audacious-plugins-2.2-orig/src/streambrowser/streambrowser.c audacious-plugins-2.2-tmp-vuln/src/streambrowser/streambrowser.c
--- audacious-plugins-2.2-orig/src/streambrowser/streambrowser.c	2009-11-22 23:49:53.000000000 +0100
+++ audacious-plugins-2.2-tmp-vuln/src/streambrowser/streambrowser.c	2010-02-05 20:44:34.000000000 +0100
@@ -611,18 +611,21 @@
 {
         gint playlist = aud_playlist_get_active();
         gint entrycount = aud_playlist_entry_count(playlist);
+        gchar* tempname = g_strconcat( "file://", g_build_filename(audacious_get_localdir(), "streambrowser-tmp-playlist.pls", NULL) );
 
         if (strlen(streaminfo->playlist_url) > 0) {
 		debug("fetching stream playlist for station '%s' from '%s'\n", streaminfo->name, streaminfo->playlist_url);
-		if (!fetch_remote_to_local_file(streaminfo->playlist_url, PLAYLIST_TEMP_FILE)) {
-		    failure("shoutcast: stream playlist '%s' could not be downloaded to '%s'\n", streaminfo->playlist_url, PLAYLIST_TEMP_FILE);
+		if (!fetch_remote_to_local_file(streaminfo->playlist_url, tempname)) {
+		    failure("shoutcast: stream playlist '%s' could not be downloaded to '%s'\n", streaminfo->playlist_url, tempname);
+            g_free(tempname);
 		    return;
 		}
-		debug("stream playlist '%s' successfuly downloaded to '%s'\n", streaminfo->playlist_url, PLAYLIST_TEMP_FILE);
+		debug("stream playlist '%s' successfuly downloaded to '%s'\n", streaminfo->playlist_url, tempname);
 
-	   	aud_playlist_insert_playlist(aud_playlist_get_active(), entrycount, PLAYLIST_TEMP_FILE);
+	   	aud_playlist_insert_playlist(aud_playlist_get_active(), entrycount, tempname);
 		debug("stream playlist '%s' added\n", streaminfo->playlist_url);
 	}
+    g_free(tempname);
 
 	if (strlen(streaminfo->url) > 0) {
 		aud_playlist_insert_playlist(aud_playlist_get_active(), entrycount, streaminfo->url);
diff -Nur audacious-plugins-2.2-orig/src/streambrowser/streambrowser.h audacious-plugins-2.2-tmp-vuln/src/streambrowser/streambrowser.h
--- audacious-plugins-2.2-orig/src/streambrowser/streambrowser.h	2009-11-22 23:49:53.000000000 +0100
+++ audacious-plugins-2.2-tmp-vuln/src/streambrowser/streambrowser.h	2010-02-05 20:43:50.000000000 +0100
@@ -23,7 +23,6 @@
 #define DEF_STRING_LEN				1024
 #define DEF_BUFFER_SIZE				512
 #define MAX_UPDATE_THREADS			4
-#define PLAYLIST_TEMP_FILE			"file:///tmp/playlist.pls"
 #define STREAMBROWSER_ICON_SMALL	DATA_DIR G_DIR_SEPARATOR_S "images" G_DIR_SEPARATOR_S "streambrowser-16x16.png"
 #define STREAMBROWSER_ICON			DATA_DIR G_DIR_SEPARATOR_S "images" G_DIR_SEPARATOR_S "streambrowser-64x64.png"
 
diff -Nur audacious-plugins-2.2-orig/src/streambrowser/xiph.c audacious-plugins-2.2-tmp-vuln/src/streambrowser/xiph.c
--- audacious-plugins-2.2-orig/src/streambrowser/xiph.c	2009-11-22 23:49:53.000000000 +0100
+++ audacious-plugins-2.2-tmp-vuln/src/streambrowser/xiph.c	2010-02-05 20:43:41.000000000 +0100
@@ -162,6 +162,8 @@
 
 static void refresh_streamdir(void)
 {
+    gchar* tempname = g_strconcat( "file://", g_build_filename(audacious_get_localdir(), "streambrowser-tmp-xiph_yp.xml", NULL) );
+
 	/* free any previously fetched streamdir data */
 	if (xiph_entries != NULL) {
 		free(xiph_entries);
@@ -170,13 +172,15 @@
 	xiph_entry_count = 0;
 
 	debug("xiph: fetching streaming directory file '%s'\n", XIPH_STREAMDIR_URL);
-	if (!fetch_remote_to_local_file(XIPH_STREAMDIR_URL, XIPH_TEMP_FILENAME)) {
-		failure("xiph: stream directory file '%s' could not be downloaded to '%s'\n", XIPH_STREAMDIR_URL, XIPH_TEMP_FILENAME);
+	if (!fetch_remote_to_local_file(XIPH_STREAMDIR_URL, tempname)) {
+		failure("xiph: stream directory file '%s' could not be downloaded to '%s'\n", XIPH_STREAMDIR_URL, tempname);
+        g_free(tempname);
 		return;
 	}
-	debug("xiph: stream directory file '%s' successfuly downloaded to '%s'\n", XIPH_STREAMDIR_URL, XIPH_TEMP_FILENAME);
+	debug("xiph: stream directory file '%s' successfuly downloaded to '%s'\n", XIPH_STREAMDIR_URL, tempname);
 
-	xmlDoc *doc = xmlReadFile(XIPH_TEMP_FILENAME, NULL, 0);
+	xmlDoc *doc = xmlReadFile(tempname, NULL, 0);
+    g_free(tempname);
 	if (doc == NULL) {
 		failure("xiph: failed to read stream directory file\n");
 		return;
diff -Nur audacious-plugins-2.2-orig/src/streambrowser/xiph.h audacious-plugins-2.2-tmp-vuln/src/streambrowser/xiph.h
--- audacious-plugins-2.2-orig/src/streambrowser/xiph.h	2009-11-22 23:49:53.000000000 +0100
+++ audacious-plugins-2.2-tmp-vuln/src/streambrowser/xiph.h	2010-02-05 20:42:47.000000000 +0100
@@ -26,7 +26,6 @@
 #define XIPH_NAME				"Xiph"
 #define XIPH_ICON				DATA_DIR G_DIR_SEPARATOR_S "images" G_DIR_SEPARATOR_S "xiph.png"
 #define XIPH_STREAMDIR_URL		"http://dir.xiph.org/yp.xml"
-#define XIPH_TEMP_FILENAME		"file:///tmp/xiph_yp.xml"
 
 
 gboolean							xiph_streaminfo_fetch(category_t *category, streaminfo_t *streaminfo);


Index: audacious-plugins.spec
===================================================================
RCS file: /cvs/pkgs/rpms/audacious-plugins/devel/audacious-plugins.spec,v
retrieving revision 1.93
retrieving revision 1.94
diff -u -p -r1.93 -r1.94
--- audacious-plugins.spec	5 Feb 2010 19:19:42 -0000	1.93
+++ audacious-plugins.spec	5 Feb 2010 19:48:53 -0000	1.94
@@ -5,7 +5,7 @@
 
 Name: audacious-plugins
 Version: 2.2
-Release: 18%{?dist}
+Release: 19%{?dist}
 Summary: Plugins for the Audacious media player
 Group: Applications/Multimedia
 URL: http://audacious-media-player.org/
@@ -53,6 +53,8 @@ Patch11: audacious-plugins-2.2-streambro
 Patch12: audacious-plugins-2.2-ladspa.patch
 #
 Patch13: audacious-plugins-2.2-neon-error-handling.patch
+#
+Patch14: audacious-plugins-2.2-tmp-vuln.patch
 
 BuildRequires: audacious-devel >= %{aud_ver}
 BuildRequires: jack-audio-connection-kit-devel libsamplerate-devel
@@ -196,6 +198,7 @@ in Vortex (.vtx) format.
 %patch11 -p1 -b .streambrowser-race
 %patch12 -p1 -b .ladspa
 %patch13 -p1 -b .neon-error-handling
+%patch14 -p1 -b .tmp-vuln
 
 for i in src/ladspa/ladspa.c
 do
@@ -296,6 +299,9 @@ update-desktop-database &> /dev/null || 
 
 
 %changelog
+* Fri Feb  5 2010 Michael Schwendt <mschwendt at fedoraproject.org> - 2.2-19
+- Fix temp file vulnerability in streambrowser plugin.
+
 * Fri Feb  5 2010 Michael Schwendt <mschwendt at fedoraproject.org> - 2.2-18
 - Destroy neon request+session if ne_read_response_block failed and
   closed the connection. That way we don't call neon lib again with old

More information about the scm-commits mailing list