diff options
author | David Runge | 2023-10-05 10:49:12 +0200 |
---|---|---|
committer | David Runge | 2023-10-05 10:49:12 +0200 |
commit | 7c9fff81c4a0318def4ddf88ecbf2df375f096c4 (patch) | |
tree | b0886d0722bdf130185d6d9a211de3dd2e39c1b9 | |
parent | 94cb58d3c4e4f539a80b60eaffb3f50e4136427c (diff) | |
download | aur-7c9fff81c4a0318def4ddf88ecbf2df375f096c4.tar.gz |
upgpkg: 0.9.2-3
Add patches for CVE-2023-43782, CVE-2023-43783:
https://seclists.org/oss-sec/2023/q4/45
-rw-r--r-- | .SRCINFO | 41 | ||||
-rw-r--r-- | 0001-cadence_aloop_daemon-place-lockfile-into-non-public-.patch | 89 | ||||
-rw-r--r-- | 0001-cadence_py-wine-ASIO-settings-use-safe-tempfile.patch | 46 | ||||
-rw-r--r-- | PKGBUILD | 23 |
4 files changed, 195 insertions, 4 deletions
diff --git a/.SRCINFO b/.SRCINFO new file mode 100644 index 000000000000..95c9203b55e9 --- /dev/null +++ b/.SRCINFO @@ -0,0 +1,41 @@ +pkgbase = cadence + pkgdesc = JACK toolbox for audio production. + pkgver = 0.9.2 + pkgrel = 3 + url = https://kx.studio/Applications:Cadence + arch = x86_64 + license = GPL2 + makedepends = a2jmidid + makedepends = jack_capture + makedepends = libpulse + makedepends = pulseaudio-jack + makedepends = python-rdflib + makedepends = zita-ajbridge + depends = alsa-utils + depends = bash + depends = gcc-libs + depends = glibc + depends = hicolor-icon-theme + depends = jack2-dbus + depends = python + depends = python-dbus + depends = python-pyqt5 + depends = qt5-base + depends = qt5-svg + depends = sh + optdepends = a2jmidid: ALSA to JACK MIDI bridge + optdepends = jack_capture: recording via Cadence-Render + optdepends = pulseaudio-jack: PulseAudio to JACK bridge + optdepends = python-rdflib: LADSPA-RDF support in Carla + optdepends = zita-ajbridge: ALSA to JACK bridge + source = https://github.com/falkTX/cadence/archive/v0.9.2/cadence-v0.9.2.tar.gz + source = 0001-cadence_aloop_daemon-place-lockfile-into-non-public-.patch + source = 0001-cadence_py-wine-ASIO-settings-use-safe-tempfile.patch + sha512sums = d8a1b52c361e3e18a193d1c283bb69abe18ce667b554fc53cb9b752d92747269145144ae512895ffbb5df76efe8671cfc0782f29e59d0d7cd3d97c97240bdecf + sha512sums = c145404f12b26a88075c2475ad2bffbbdfe46ed294e7e9c88f7e11db645890afa35cfec99e2dd4bf14bb4bfaaf8e23c1ee64cc0d91d163274f7b02b32c080b75 + sha512sums = 7c66d7fcf7b05d50ff98373b29a2a884088be62c6e025fbd4362387c67018eeac6b9fc16e6866704e268eafdb4b2f12bfcc62927a3ea5914693a32b93d5e8775 + b2sums = a5422e4d74618e2e45d9c6f275393a6e918783fc37d60a54142725aa54e691435c41f76dd0346fae7684c452988b07a18d817902abd917dbceaff5fb4aaa6c47 + b2sums = 2a1cfa17a75f9e652064cb7f3fcddb0a3ff1ad7d829cb58fd924e6c406d3dd07091a2ccb0067b001378212dbdba7549c5e04ef0b99ee83ffddfd7e525a68da66 + b2sums = ef6f6a40736c57b6dbd3570ca5c5119432552f4000d230199d0ea329cd08b76abe30c8afa53380e5bbcabbbe6b97afa6f093bb0424c909ad8d8fa5f37e43661f + +pkgname = cadence diff --git a/0001-cadence_aloop_daemon-place-lockfile-into-non-public-.patch b/0001-cadence_aloop_daemon-place-lockfile-into-non-public-.patch new file mode 100644 index 000000000000..c056ac93fa12 --- /dev/null +++ b/0001-cadence_aloop_daemon-place-lockfile-into-non-public-.patch @@ -0,0 +1,89 @@ +From 986a26147fa85fc3b2727a13c478b12994555e4a Mon Sep 17 00:00:00 2001 +From: Matthias Gerstner <matthias.gerstner () suse de> +Date: Tue, 22 Aug 2023 14:06:40 +0200 +Subject: [PATCH] cadence_aloop_daemon: place lockfile into non-public + directory + +The fixed /tmp path for the lock / shutdown handling of the daemon is +problematic security wise, since any other user in the system can block +this path. This also makes parallel instances for multiple user accounts +impossible. + +Select a location in the user's /run directory or in its home directory +(as a fallback). +--- + src/cadence.py | 3 ++- + src/cadence_aloop_daemon.py | 5 +++-- + src/shared.py | 8 ++++++++ + 3 files changed, 13 insertions(+), 3 deletions(-) + +diff --git a/src/cadence.py b/src/cadence.py +index 87a14a8..714e2d6 100755 +--- a/src/cadence.py ++++ b/src/cadence.py +@@ -38,6 +38,7 @@ import ui_cadence_tb_alsa + import ui_cadence_tb_a2j + import ui_cadence_tb_pa + import ui_cadence_rwait ++from shared import getDaemonLockfile + from shared_cadence import * + from shared_canvasjack import * + from shared_settings import * +@@ -1710,7 +1711,7 @@ class CadenceMainW(QMainWindow, ui_cadence.Ui_CadenceMainW): + + @pyqtSlot() + def slot_AlsaBridgeStop(self): +- checkFile = "/tmp/.cadence-aloop-daemon.x" ++ checkFile = self.getDaemonLockfile("cadence-aloop-daemon") + if os.path.exists(checkFile): + os.remove(checkFile) + +diff --git a/src/cadence_aloop_daemon.py b/src/cadence_aloop_daemon.py +index c8408ef..b53f64d 100755 +--- a/src/cadence_aloop_daemon.py ++++ b/src/cadence_aloop_daemon.py +@@ -33,6 +33,7 @@ else: + # Imports (Custom Stuff) + + import jacklib ++from shared import getDaemonLockfile + + # -------------------------------------------------- + # Auto re-activate if on good kernel +@@ -50,7 +51,7 @@ doRunNow = True + useZita = False + procIn = QProcess() + procOut = QProcess() +-checkFile = "/tmp/.cadence-aloop-daemon.x" ++checkFile = getDaemonLockfile("cadence-aloop-daemon") + + # -------------------------------------------------- + # Global JACK variables +@@ -161,7 +162,7 @@ if __name__ == '__main__': + client = jacklib.client_open("cadence-aloop-daemon", jacklib.JackUseExactName, None) + + if not client: +- print("cadence-aloop-daemon is already running, delete \"/tmp/.cadence-aloop-daemon.x\" to close it") ++ print("cadence-aloop-daemon is already running, delete \"{}\" to close it".format(checkFile)) + quit() + + if jacklib.JACK2: +diff --git a/src/shared.py b/src/shared.py +index 2df4d54..e65d292 100644 +--- a/src/shared.py ++++ b/src/shared.py +@@ -312,3 +312,11 @@ def setIcons(self_, modes): + if "misc" in modes: + gGui.ui.act_quit.setIcon(getIcon("application-exit")) + gGui.ui.act_configure.setIcon(getIcon("configure")) ++ ++def getDaemonLockfile(base): ++ lockdir = os.environ.get("XDG_RUNTIME_DIR", None) ++ if not lockdir: ++ lockdir = os.path.expanduser("~") ++ ++ return os.path.join(lockdir, "{}-lock".format(base)) ++ +-- +2.41.0 + diff --git a/0001-cadence_py-wine-ASIO-settings-use-safe-tempfile.patch b/0001-cadence_py-wine-ASIO-settings-use-safe-tempfile.patch new file mode 100644 index 000000000000..87a0717677ab --- /dev/null +++ b/0001-cadence_py-wine-ASIO-settings-use-safe-tempfile.patch @@ -0,0 +1,46 @@ +From 3fdff274c40795ad6a24891066358aa7a3953962 Mon Sep 17 00:00:00 2001 +From: Matthias Gerstner <matthias.gerstner () suse de> +Date: Tue, 22 Aug 2023 14:28:33 +0200 +Subject: [PATCH] cadence.py: wine ASIO settings: use safe tempfile + +This fixed tempfile path poses a security issue that even might allow +other users on the system to inject arbitrary wine registry settings, if +protect_symlinks and protect_regular kernel protection is not enabled. + +Use a proper NamedTemporaryFile to pass the data to regedit to fix this. +--- + src/cadence.py | 11 ++++++----- + 1 file changed, 6 insertions(+), 5 deletions(-) + +diff --git a/src/cadence.py b/src/cadence.py +index 714e2d6..fddadfb 100755 +--- a/src/cadence.py ++++ b/src/cadence.py +@@ -47,6 +47,8 @@ from shared_settings import * + # Import getoutput + + from subprocess import getoutput ++import tempfile ++import subprocess + + # ------------------------------------------------------------------------------------------------------------ + # Try Import DBus +@@ -2095,11 +2097,10 @@ class CadenceMainW(QMainWindow, ui_cadence.Ui_CadenceMainW): + REGFILE += '"Number of outputs"=dword:000000%s\n' % smartHex(self.sb_wineasio_outs.value(), 2) + REGFILE += '"Preferred buffersize"=dword:0000%s\n' % smartHex(int(self.cb_wineasio_bsizes.currentText()), 4) + +- writeFile = open("/tmp/cadence-wineasio.reg", "w") +- writeFile.write(REGFILE) +- writeFile.close() +- +- os.system("regedit /tmp/cadence-wineasio.reg") ++ with tempfile.NamedTemporaryFile('w') as tmpfile: ++ tmpfile.write(REGFILE) ++ tmpfile.flush() ++ subprocess.run(["regedit", tmpfile.name]) + + self.settings_changed_types = [] + self.frame_tweaks_settings.setVisible(False) +-- +2.41.0 + @@ -5,7 +5,7 @@ _name=Cadence pkgname=cadence pkgver=0.9.2 -pkgrel=2 +pkgrel=3 pkgdesc="JACK toolbox for audio production." arch=(x86_64) url="https://kx.studio/Applications:Cadence" @@ -39,9 +39,24 @@ optdepends=( 'python-rdflib: LADSPA-RDF support in Carla' 'zita-ajbridge: ALSA to JACK bridge' ) -source=(https://github.com/falkTX/$pkgname/archive/v$pkgver/$pkgname-v$pkgver.tar.gz) -sha512sums=('d8a1b52c361e3e18a193d1c283bb69abe18ce667b554fc53cb9b752d92747269145144ae512895ffbb5df76efe8671cfc0782f29e59d0d7cd3d97c97240bdecf') -b2sums=('a5422e4d74618e2e45d9c6f275393a6e918783fc37d60a54142725aa54e691435c41f76dd0346fae7684c452988b07a18d817902abd917dbceaff5fb4aaa6c47') +source=( + https://github.com/falkTX/$pkgname/archive/v$pkgver/$pkgname-v$pkgver.tar.gz + 0001-cadence_aloop_daemon-place-lockfile-into-non-public-.patch + 0001-cadence_py-wine-ASIO-settings-use-safe-tempfile.patch +) +sha512sums=('d8a1b52c361e3e18a193d1c283bb69abe18ce667b554fc53cb9b752d92747269145144ae512895ffbb5df76efe8671cfc0782f29e59d0d7cd3d97c97240bdecf' + 'c145404f12b26a88075c2475ad2bffbbdfe46ed294e7e9c88f7e11db645890afa35cfec99e2dd4bf14bb4bfaaf8e23c1ee64cc0d91d163274f7b02b32c080b75' + '7c66d7fcf7b05d50ff98373b29a2a884088be62c6e025fbd4362387c67018eeac6b9fc16e6866704e268eafdb4b2f12bfcc62927a3ea5914693a32b93d5e8775') +b2sums=('a5422e4d74618e2e45d9c6f275393a6e918783fc37d60a54142725aa54e691435c41f76dd0346fae7684c452988b07a18d817902abd917dbceaff5fb4aaa6c47' + '2a1cfa17a75f9e652064cb7f3fcddb0a3ff1ad7d829cb58fd924e6c406d3dd07091a2ccb0067b001378212dbdba7549c5e04ef0b99ee83ffddfd7e525a68da66' + 'ef6f6a40736c57b6dbd3570ca5c5119432552f4000d230199d0ea329cd08b76abe30c8afa53380e5bbcabbbe6b97afa6f093bb0424c909ad8d8fa5f37e43661f') + +prepare() { + # fix CVE-2023-43782, CVE-2023-43783 + # https://seclists.org/oss-sec/2023/q4/45 + patch -Np1 -d $_name-$pkgver -i ../0001-cadence_aloop_daemon-place-lockfile-into-non-public-.patch + patch -Np1 -d $_name-$pkgver -i ../0001-cadence_py-wine-ASIO-settings-use-safe-tempfile.patch +} build() { make -C $_name-$pkgver |