[pkgsrc/trunk]: pkgsrc/audio/pulseaudio - plug up CVE-2009-1894, Linux specif...

[tnn <tnn%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/0f11ebaff93f
branches:  trunk
changeset: 396602:0f11ebaff93f
user:      tnn <tnn%pkgsrc.org@localhost>
date:      Tue Jul 28 12:52:40 2009 +0000

description:
- plug up CVE-2009-1894, Linux specific local root shell vulnerability
- add SPECIAL_PERMS to make the user-destdir build consistent
- bump PKGREVISION

diffstat:

 audio/pulseaudio/Makefile         |   6 ++++--
 audio/pulseaudio/distinfo         |   4 ++--
 audio/pulseaudio/patches/patch-ab |  13 +++++++++++--
 3 files changed, 17 insertions(+), 6 deletions(-)

diffs (66 lines):

diff -r 3f5a194908dc -r 0f11ebaff93f audio/pulseaudio/Makefile
--- a/audio/pulseaudio/Makefile Tue Jul 28 09:51:35 2009 +0000
+++ b/audio/pulseaudio/Makefile Tue Jul 28 12:52:40 2009 +0000
@@ -1,10 +1,10 @@
-# $NetBSD: Makefile,v 1.25 2009/07/22 09:01:19 wiz Exp $
+# $NetBSD: Makefile,v 1.26 2009/07/28 12:52:40 tnn Exp $
 
 # NOTE: Please send a copy of any patches that are not pkgsrc-specific
 # to <pulseaudio-discuss%mail.0pointer.de@localhost>
 
 DISTNAME=      pulseaudio-0.9.14
-PKGREVISION=   2
+PKGREVISION=   3
 CATEGORIES=    audio
 MASTER_SITES=  http://0pointer.de/lennart/projects/pulseaudio/
 
@@ -48,6 +48,8 @@
 CONFIGURE_ARGS+=       --with-access-group=${PULSE_GROUP_ACCESS}
 MAKE_ENV+=             EGDIR=${EGDIR}
 
+SPECIAL_PERMS+=                bin/pulseaudio ${SETUID_ROOT_PERMS}
+
 SUBST_CLASSES+=                padsp
 SUBST_MESSAGE.padsp=   Fixing LD_PRELOAD paths
 SUBST_STAGE.padsp=     post-build
diff -r 3f5a194908dc -r 0f11ebaff93f audio/pulseaudio/distinfo
--- a/audio/pulseaudio/distinfo Tue Jul 28 09:51:35 2009 +0000
+++ b/audio/pulseaudio/distinfo Tue Jul 28 12:52:40 2009 +0000
@@ -1,10 +1,10 @@
-$NetBSD: distinfo,v 1.14 2009/02/05 21:05:07 tron Exp $
+$NetBSD: distinfo,v 1.15 2009/07/28 12:52:40 tnn Exp $
 
 SHA1 (pulseaudio-0.9.14.tar.gz) = a0fb7c21ee21178e102a1e5a11d8ac474e6f5da4
 RMD160 (pulseaudio-0.9.14.tar.gz) = c7722d0d0240555edf917391989ad2e1cd4eb6b1
 Size (pulseaudio-0.9.14.tar.gz) = 1303077 bytes
 SHA1 (patch-aa) = 49ef2b68ef5ffd861e1339e792ab43205b7b1ed2
-SHA1 (patch-ab) = b894cf1797a2f02e8131be8abc8250774bfec1ec
+SHA1 (patch-ab) = 8e6270b50364d7d8010f2c42f8383362b315460c
 SHA1 (patch-ac) = 877f1dd615129aa7396fd3dc142474f2795fa802
 SHA1 (patch-ad) = 60caf8bc41504fc035a7264ff3c32a4b19da0645
 SHA1 (patch-ae) = 1cd31d18c133fdd5e8db59be319ba5b7a45fe0fe
diff -r 3f5a194908dc -r 0f11ebaff93f audio/pulseaudio/patches/patch-ab
--- a/audio/pulseaudio/patches/patch-ab Tue Jul 28 09:51:35 2009 +0000
+++ b/audio/pulseaudio/patches/patch-ab Tue Jul 28 12:52:40 2009 +0000
@@ -1,6 +1,6 @@
-$NetBSD: patch-ab,v 1.1.1.1 2008/12/18 14:42:56 jmcneill Exp $
+$NetBSD: patch-ab,v 1.2 2009/07/28 12:52:40 tnn Exp $
 
---- src/daemon/main.c.orig     2008-10-03 15:16:52.000000000 -0400
+--- src/daemon/main.c.orig     2009-01-13 00:11:38.000000000 +0100
 +++ src/daemon/main.c
 @@ -302,7 +302,9 @@ static void set_all_rlimits(const pa_dae
  #ifdef RLIMIT_MEMLOCK
@@ -12,3 +12,12 @@
  #ifdef RLIMIT_LOCKS
      set_one_rlimit(&conf->rlimit_locks, RLIMIT_LOCKS, "RLIMIT_LOCKS");
  #endif
+@@ -351,7 +353,7 @@ int main(int argc, char *argv[]) {
+     pa_log_set_maximal_level(PA_LOG_INFO);
+     pa_log_set_ident("pulseaudio");
+ 
+-#if defined(__linux__) && defined(__OPTIMIZE__)
++#if defined(__linux__) && defined(__OPTIMIZE__) && 0 /* CVE-2009-1894 */
+     /*
+        Disable lazy relocations to make usage of external libraries
+        more deterministic for our RT threads. We abuse __OPTIMIZE__ as