From b8cfec946d74359ff731b27f196228f013d12bcb Mon Sep 17 00:00:00 2001
From: Lubomir Rintel <lkundrak@fedoraproject.org>
Date: Wed, 23 Jan 2008 15:42:03 +0000
Subject: [PATCH] Sync with F-8, add fix for CVE-2008-0008

---
 pulseaudio-0.9.6-nochown.patch          |  20 -----
 pulseaudio-0.9.8-create-dot-pulse.patch |  21 +++++
 pulseaudio-0.9.8-droproot.patch         | 112 ++++++++++++++++++++++++
 pulseaudio.spec                         |  16 +++-
 4 files changed, 145 insertions(+), 24 deletions(-)
 delete mode 100644 pulseaudio-0.9.6-nochown.patch
 create mode 100644 pulseaudio-0.9.8-droproot.patch

diff --git a/pulseaudio-0.9.6-nochown.patch b/pulseaudio-0.9.6-nochown.patch
deleted file mode 100644
index 0dd59f5..0000000
--- a/pulseaudio-0.9.6-nochown.patch
+++ /dev/null
@@ -1,20 +0,0 @@
---- pulseaudio-0.9.6/src/Makefile.in.orig	2007-05-27 22:59:32.000000000 +0200
-+++ pulseaudio-0.9.6/src/Makefile.in	2007-05-29 11:30:19.000000000 +0200
-@@ -5028,7 +5028,7 @@
- 
- suid: pulseaudio .libs/lt-pulseaudio
- 	chown root $^
--	chmod u+s $^
-+#	chmod u+s $^
- 
- esdcompat: daemon/esdcompat.in Makefile
- 	sed -e 's,@PACKAGE_VERSION\@,$(PACKAGE_VERSION),g' \
-@@ -5052,7 +5052,7 @@
- 
- install-exec-hook:
- 	chown root $(DESTDIR)$(bindir)/pulseaudio ; true
--	chmod u+s $(DESTDIR)$(bindir)/pulseaudio
-+#	chmod u+s $(DESTDIR)$(bindir)/pulseaudio
- 	ln -sf pacat $(DESTDIR)$(bindir)/parec
- 	rm -f $(DESTDIR)$(modlibexecdir)/*.a
- 	rm -f $(DESTDIR)$(libdir)/libpulsedsp.a
diff --git a/pulseaudio-0.9.8-create-dot-pulse.patch b/pulseaudio-0.9.8-create-dot-pulse.patch
index e69de29..92bb2eb 100644
--- a/pulseaudio-0.9.8-create-dot-pulse.patch
+++ b/pulseaudio-0.9.8-create-dot-pulse.patch
@@ -0,0 +1,21 @@
+Index: src/pulsecore/core-util.c
+===================================================================
+--- src/pulsecore/core-util.c	(revision 2077)
++++ src/pulsecore/core-util.c	(revision 2078)
+@@ -1129,8 +1129,15 @@
+ 
+         if ((e = getenv("PULSE_CONFIG_PATH")))
+             fn = lfn = pa_sprintf_malloc("%s/%s", e, local);
+-        else if (pa_get_home_dir(h, sizeof(h)))
++        else if (pa_get_home_dir(h, sizeof(h))) {
++            char *d;
++
++            d = pa_sprintf_malloc("%s/.pulse", h);
++            mkdir(d, 0755);
++            pa_xfree(d);
++
+             fn = lfn = pa_sprintf_malloc("%s/.pulse/%s", h, local);
++        }
+ 
+         if (lfn) {
+             FILE *f;
diff --git a/pulseaudio-0.9.8-droproot.patch b/pulseaudio-0.9.8-droproot.patch
new file mode 100644
index 0000000..a6c832b
--- /dev/null
+++ b/pulseaudio-0.9.8-droproot.patch
@@ -0,0 +1,112 @@
+Fail when dropping root privileges is not successful.
+
+https://bugzilla.novell.com/show_bug.cgi?id=347822
+https://bugzilla.redhat.com/show_bug.cgi?id=425481
+
+Lubomir Kundrak <lkundrak@redhat.com>
+
+Index: src/daemon/main.c
+===================================================================
+--- src/daemon/main.c	(revision 2098)
++++ src/daemon/main.c	(working copy)
+@@ -372,7 +372,8 @@
+         pa_limit_caps();
+ 
+         /* Drop priviliges, but keep CAP_SYS_NICE */
+-        pa_drop_root();
++        if (pa_drop_root() < 0)
++            goto finish;
+ 
+         /* After dropping root, the effective set is reset, hence,
+          * let's raise it again */
+@@ -443,7 +444,8 @@
+              * let's give it up early */
+ 
+             pa_drop_caps();
+-            pa_drop_root();
++            if (pa_drop_root() < 0)
++                goto finish;
+             suid_root = real_root = FALSE;
+ 
+             if (conf->high_priority || conf->realtime_scheduling)
+@@ -497,7 +499,8 @@
+ 
+         if (drop)  {
+             pa_drop_caps();
+-            pa_drop_root();
++            if (pa_drop_root() < 0)
++                goto finish;
+             suid_root = real_root = FALSE;
+         }
+     }
+Index: src/daemon/caps.c
+===================================================================
+--- src/daemon/caps.c	(revision 2098)
++++ src/daemon/caps.c	(working copy)
+@@ -54,27 +54,36 @@
+ #ifdef HAVE_GETUID
+ 
+ /* Drop root rights when called SUID root */
+-void pa_drop_root(void) {
++int pa_drop_root(void) {
+     uid_t uid = getuid();
++    int error = 0;
+ 
+     if (uid == 0 || geteuid() != 0)
+-        return;
++        return 0;
+ 
+     pa_log_info("Dropping root priviliges.");
+ 
+ #if defined(HAVE_SETRESUID)
+-    setresuid(uid, uid, uid);
++    error += setresuid(uid, uid, uid);
+ #elif defined(HAVE_SETREUID)
+-    setreuid(uid, uid);
++    error += setreuid(uid, uid);
+ #else
+-    setuid(uid);
+-    seteuid(uid);
++    error += setuid(uid);
++    error += seteuid(uid);
+ #endif
++
++    if (error != 0) {
++        pa_log_error("Could not drop root priviliges.");
++        return -1;
++    }
++
++    return 0;
+ }
+ 
+ #else
+ 
+-void pa_drop_root(void) {
++int pa_drop_root(void) {
++    return 0;
+ }
+ 
+ #endif
+@@ -142,8 +151,7 @@
+ }
+ 
+ int pa_drop_caps(void) {
+-    pa_drop_root();
+-    return 0;
++    return pa_drop_root();
+ }
+ 
+ #endif
+Index: src/daemon/caps.h
+===================================================================
+--- src/daemon/caps.h	(revision 2098)
++++ src/daemon/caps.h	(working copy)
+@@ -24,7 +24,7 @@
+   USA.
+ ***/
+ 
+-void pa_drop_root(void);
++int pa_drop_root(void);
+ int pa_limit_caps(void);
+ int pa_drop_caps(void);
+ 
diff --git a/pulseaudio.spec b/pulseaudio.spec
index 6b4fb1d..c007c67 100644
--- a/pulseaudio.spec
+++ b/pulseaudio.spec
@@ -3,11 +3,10 @@
 Name:		pulseaudio
 Summary: 	Improved Linux sound server
 Version:	0.9.8
-Release:	4%{?dist}
+Release:	5%{?dist}
 License:	GPLv2+
 Group:		System Environment/Daemons
-#Source0:	http://0pointer.de/lennart/projects/pulseaudio/pulseaudio-%{version}.tar.gz
-Source0:	pulseaudio-0.9.8.tar.gz
+Source0:	http://0pointer.de/lennart/projects/pulseaudio/pulseaudio-%{version}.tar.gz
 URL:		http://pulseaudio.org
 BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires: tcp_wrappers-devel, libsamplerate-devel, libsndfile-devel
@@ -23,10 +22,10 @@ BuildRequires:	libXt-devel, xorg-x11-proto-devel
 BuildRequires: openssl-devel
 Requires:	%{name}-core-libs = %{version}-%{release}
 Obsoletes:	pulseaudio-devel
-Patch1: 	pulseaudio-0.9.6-nochown.patch
 Patch2: 	pulseaudio-0.9.8-fix-sample-upload.patch
 Patch3: 	pulseaudio-0.9.8-unbreak-tunnels.patch
 Patch4:		pulseaudio-0.9.8-create-dot-pulse.patch
+Patch5:		pulseaudio-0.9.8-droproot.patch
 
 %description
 PulseAudio is a sound server for Linux and other Unix like operating 
@@ -166,6 +165,7 @@ This package contains command line utilities for the PulseAudio sound server.
 %patch2 -p2
 %patch3 -p1
 %patch4 -p0
+%patch5 -p0
 
 %build
 %configure --disable-ltdl-install --disable-static --disable-rpath --with-system-user=pulse --with-system-group=pulse --with-realtime-group=pulse-rt --with-access-group=pulse-access
@@ -381,6 +381,14 @@ fi
 %{_mandir}/man1/pax11publish.1.gz
 
 %changelog
+* Wed Jan 23 2008 Lubomir Kundrak <lkundrak@redhat.com> 0.9.8-5
+- Fix CVE-2008-0008 security issue (#425481)
+
+* Sun Jan 13 2008 Lubomir Kundrak <lkundrak@redhat.com> 0.9.8-4.1
+- Actually add content to pulseaudio-0.9.8-create-dot-pulse.patch
+- Make the Source0 tag point to URL instead of a local file
+- Drop the nochown patch; it's not applied at all and no longer needed
+
 * Thu Nov 29 2007 Lennart Poettering <lpoetter@redhat.com> 0.9.8-4
 - add missing dependency on pulseaudio-utils for pulseaudio-module-x11