cadence: fix CVE-2023-{43782,43783}

2023-10-05 20:18:48 +07:00 · 2023-10-05 20:18:48 +07:00 · 808672a2dc
parent d7c16c7d61
commit 808672a2dc
4 changed files with 140 additions and 15 deletions
--- a/srcpkgs/cadence/patches/CVE-2023-43782.patch
+++ b/srcpkgs/cadence/patches/CVE-2023-43782.patch
@ -0,0 +1,89 @@
 From 986a26147fa85fc3b2727a13c478b12994555e4a Mon Sep 17 00:00:00 2001
 From: Matthias Gerstner <matthias.gerstner@suse.de>
 Date: Tue, 22 Aug 2023 14:06:40 +0200
 Subject: [PATCH] cadence_aloop_daemon: place lockfile into non-public
 directory
 The fixed /tmp path for the lock / shutdown handling of the daemon is
 problematic security wise, since any other user in the system can block
 this path. This also makes parallel instances for multiple user accounts
 impossible.
 Select a location in the user's /run directory or in its home directory
 (as a fallback).
 ---
 src/cadence.py              | 3 ++-
 src/cadence_aloop_daemon.py | 5 +++--
 src/shared.py               | 8 ++++++++
 3 files changed, 13 insertions(+), 3 deletions(-)
 diff --git a/src/cadence.py b/src/cadence.py
 index 87a14a8..714e2d6 100755
 --- a/src/cadence.py
 +++ b/src/cadence.py
@@ -38,6 +38,7 @@ import ui_cadence_tb_alsa
 import ui_cadence_tb_a2j
 import ui_cadence_tb_pa
 import ui_cadence_rwait
 +from shared import getDaemonLockfile
 from shared_cadence import *
 from shared_canvasjack import *
 from shared_settings import *
@@ -1710,7 +1711,7 @@ class CadenceMainW(QMainWindow, ui_cadence.Ui_CadenceMainW):
     @pyqtSlot()
     def slot_AlsaBridgeStop(self):
 -        checkFile = "/tmp/.cadence-aloop-daemon.x"
 +        checkFile = self.getDaemonLockfile("cadence-aloop-daemon")
         if os.path.exists(checkFile):
             os.remove(checkFile)
 diff --git a/src/cadence_aloop_daemon.py b/src/cadence_aloop_daemon.py
 index c8408ef..b53f64d 100755
 --- a/src/cadence_aloop_daemon.py
 +++ b/src/cadence_aloop_daemon.py
@@ -33,6 +33,7 @@ else:
 # Imports (Custom Stuff)
 import jacklib
 +from shared import getDaemonLockfile
 # --------------------------------------------------
 # Auto re-activate if on good kernel
@@ -50,7 +51,7 @@ doRunNow  = True
 useZita   = False
 procIn    = QProcess()
 procOut   = QProcess()
 -checkFile = "/tmp/.cadence-aloop-daemon.x"
 +checkFile = getDaemonLockfile("cadence-aloop-daemon")
 # --------------------------------------------------
 # Global JACK variables
@@ -161,7 +162,7 @@ if __name__ == '__main__':
     client = jacklib.client_open("cadence-aloop-daemon", jacklib.JackUseExactName, None)
     if not client:
 -        print("cadence-aloop-daemon is already running, delete \"/tmp/.cadence-aloop-daemon.x\" to close it")
 +        print("cadence-aloop-daemon is already running, delete \"{}\" to close it".format(checkFile))
         quit()
     if jacklib.JACK2:
 diff --git a/src/shared.py b/src/shared.py
 index 2df4d54..e65d292 100644
 --- a/src/shared.py
 +++ b/src/shared.py
@@ -312,3 +312,11 @@ def setIcons(self_, modes):
     if "misc" in modes:
         gGui.ui.act_quit.setIcon(getIcon("application-exit"))
         gGui.ui.act_configure.setIcon(getIcon("configure"))
 +
 +def getDaemonLockfile(base):
 +    lockdir = os.environ.get("XDG_RUNTIME_DIR", None)
 +    if not lockdir:
 +        lockdir = os.path.expanduser("~")
 +
 +    return os.path.join(lockdir, "{}-lock".format(base))
 +
 -- 
 2.41.0
--- a/srcpkgs/cadence/patches/CVE-2023-43783.patch
+++ b/srcpkgs/cadence/patches/CVE-2023-43783.patch
@ -0,0 +1,46 @@
 From 3fdff274c40795ad6a24891066358aa7a3953962 Mon Sep 17 00:00:00 2001
 From: Matthias Gerstner <matthias.gerstner@suse.de>
 Date: Tue, 22 Aug 2023 14:28:33 +0200
 Subject: [PATCH] cadence.py: wine ASIO settings: use safe tempfile
 This fixed tempfile path poses a security issue that even might allow
 other users on the system to inject arbitrary wine registry settings, if
 protect_symlinks and protect_regular kernel protection is not enabled.
 Use a proper NamedTemporaryFile to pass the data to regedit to fix this.
 ---
 src/cadence.py | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)
 diff --git a/src/cadence.py b/src/cadence.py
 index 714e2d6..fddadfb 100755
 --- a/src/cadence.py
 +++ b/src/cadence.py
@@ -47,6 +47,8 @@ from shared_settings import *
 # Import getoutput
 from subprocess import getoutput
 +import tempfile
 +import subprocess
 # ------------------------------------------------------------------------------------------------------------
 # Try Import DBus
@@ -2095,11 +2097,10 @@ class CadenceMainW(QMainWindow, ui_cadence.Ui_CadenceMainW):
             REGFILE += '"Number of outputs"=dword:000000%s\n' % smartHex(self.sb_wineasio_outs.value(), 2)
             REGFILE += '"Preferred buffersize"=dword:0000%s\n' % smartHex(int(self.cb_wineasio_bsizes.currentText()), 4)
 -            writeFile = open("/tmp/cadence-wineasio.reg", "w")
 -            writeFile.write(REGFILE)
 -            writeFile.close()
 -
 -            os.system("regedit /tmp/cadence-wineasio.reg")
 +            with tempfile.NamedTemporaryFile('w') as tmpfile:
 +                tmpfile.write(REGFILE)
 +                tmpfile.flush()
 +                subprocess.run(["regedit", tmpfile.name])
         self.settings_changed_types = []
         self.frame_tweaks_settings.setVisible(False)
 -- 
 2.41.0
--- a/srcpkgs/cadence/patches/QPainterPath.patch
+++ b/srcpkgs/cadence/patches/QPainterPath.patch
@ -1,5 +1,5 @@
--- a/c++/patchcanvas/canvasbezierline.cpp	2019-11-17 21:34:05.000000000 +0100
+--- a/c++/patchcanvas/canvasbezierline.cpp
-+++ b/c++/patchcanvas/canvasbezierline.cpp	2020-09-02 13:13:34.042234477 +0200
+++ b/c++/patchcanvas/canvasbezierline.cpp
@@ -18,6 +18,7 @@
 #include "canvasbezierline.h"
@ -8,8 +8,8 @@
 #include "canvasport.h"
 #include "canvasportglow.h"
--- a/c++/patchcanvas/canvasbezierlinemov.cpp	2019-11-17 21:34:05.000000000 +0100
+--- a/c++/patchcanvas/canvasbezierlinemov.cpp
-+++ b/c++/patchcanvas/canvasbezierlinemov.cpp	2020-09-02 13:13:27.093234119 +0200
+++ b/c++/patchcanvas/canvasbezierlinemov.cpp
@@ -18,6 +18,7 @@
 #include "canvasbezierlinemov.h"
@ -18,13 +18,3 @@
 #include "canvasport.h"
 --- a/c++/widgets/pixmapdial.cpp	2019-11-17 21:34:05.000000000 +0100
 +++ b/c++/widgets/pixmapdial.cpp	2020-09-02 13:13:16.853233591 +0200
@@ -21,6 +21,7 @@
 #include <QtCore/QTimer>
 #include <QtGui/QPainter>
 +#include <QtGui/QPainterPath>
 #include <QtGui/QPaintEvent>
 PixmapDial::PixmapDial(QWidget* parent)
--- a/srcpkgs/cadence/template
+++ b/srcpkgs/cadence/template
@ -1,7 +1,7 @@
 # Template file for 'cadence'
 pkgname=cadence
 version=0.9.2
-revision=3
+revision=4
 build_style=gnu-makefile
 pycompile_dirs="usr/share/cadence/src"
 hostmakedepends="pkg-config qt5-host-tools python3-PyQt5-devel-tools"