cadence: fix CVE-2023-{43782,43783}
This commit is contained in:
Đoàn Trần Công Danh
parent
d7c16c7d61
commit
808672a2dc
|
|
@ -0,0 +1,89 @@
|
|||
From 986a26147fa85fc3b2727a13c478b12994555e4a Mon Sep 17 00:00:00 2001
|
||||
From: Matthias Gerstner <matthias.gerstner@suse.de>
|
||||
Date: Tue, 22 Aug 2023 14:06:40 +0200
|
||||
Subject: [PATCH] cadence_aloop_daemon: place lockfile into non-public
|
||||
directory
|
||||
|
||||
The fixed /tmp path for the lock / shutdown handling of the daemon is
|
||||
problematic security wise, since any other user in the system can block
|
||||
this path. This also makes parallel instances for multiple user accounts
|
||||
impossible.
|
||||
|
||||
Select a location in the user's /run directory or in its home directory
|
||||
(as a fallback).
|
||||
---
|
||||
src/cadence.py | 3 ++-
|
||||
src/cadence_aloop_daemon.py | 5 +++--
|
||||
src/shared.py | 8 ++++++++
|
||||
3 files changed, 13 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/cadence.py b/src/cadence.py
|
||||
index 87a14a8..714e2d6 100755
|
||||
--- a/src/cadence.py
|
||||
+++ b/src/cadence.py
|
||||
@@ -38,6 +38,7 @@ import ui_cadence_tb_alsa
|
||||
import ui_cadence_tb_a2j
|
||||
import ui_cadence_tb_pa
|
||||
import ui_cadence_rwait
|
||||
+from shared import getDaemonLockfile
|
||||
from shared_cadence import *
|
||||
from shared_canvasjack import *
|
||||
from shared_settings import *
|
||||
@@ -1710,7 +1711,7 @@ class CadenceMainW(QMainWindow, ui_cadence.Ui_CadenceMainW):
|
||||
|
||||
@pyqtSlot()
|
||||
def slot_AlsaBridgeStop(self):
|
||||
- checkFile = "/tmp/.cadence-aloop-daemon.x"
|
||||
+ checkFile = self.getDaemonLockfile("cadence-aloop-daemon")
|
||||
if os.path.exists(checkFile):
|
||||
os.remove(checkFile)
|
||||
|
||||
diff --git a/src/cadence_aloop_daemon.py b/src/cadence_aloop_daemon.py
|
||||
index c8408ef..b53f64d 100755
|
||||
--- a/src/cadence_aloop_daemon.py
|
||||
+++ b/src/cadence_aloop_daemon.py
|
||||
@@ -33,6 +33,7 @@ else:
|
||||
# Imports (Custom Stuff)
|
||||
|
||||
import jacklib
|
||||
+from shared import getDaemonLockfile
|
||||
|
||||
# --------------------------------------------------
|
||||
# Auto re-activate if on good kernel
|
||||
@@ -50,7 +51,7 @@ doRunNow = True
|
||||
useZita = False
|
||||
procIn = QProcess()
|
||||
procOut = QProcess()
|
||||
-checkFile = "/tmp/.cadence-aloop-daemon.x"
|
||||
+checkFile = getDaemonLockfile("cadence-aloop-daemon")
|
||||
|
||||
# --------------------------------------------------
|
||||
# Global JACK variables
|
||||
@@ -161,7 +162,7 @@ if __name__ == '__main__':
|
||||
client = jacklib.client_open("cadence-aloop-daemon", jacklib.JackUseExactName, None)
|
||||
|
||||
if not client:
|
||||
- print("cadence-aloop-daemon is already running, delete \"/tmp/.cadence-aloop-daemon.x\" to close it")
|
||||
+ print("cadence-aloop-daemon is already running, delete \"{}\" to close it".format(checkFile))
|
||||
quit()
|
||||
|
||||
if jacklib.JACK2:
|
||||
diff --git a/src/shared.py b/src/shared.py
|
||||
index 2df4d54..e65d292 100644
|
||||
--- a/src/shared.py
|
||||
+++ b/src/shared.py
|
||||
@@ -312,3 +312,11 @@ def setIcons(self_, modes):
|
||||
if "misc" in modes:
|
||||
gGui.ui.act_quit.setIcon(getIcon("application-exit"))
|
||||
gGui.ui.act_configure.setIcon(getIcon("configure"))
|
||||
+
|
||||
+def getDaemonLockfile(base):
|
||||
+ lockdir = os.environ.get("XDG_RUNTIME_DIR", None)
|
||||
+ if not lockdir:
|
||||
+ lockdir = os.path.expanduser("~")
|
||||
+
|
||||
+ return os.path.join(lockdir, "{}-lock".format(base))
|
||||
+
|
||||
--
|
||||
2.41.0
|
||||
|
||||
|
|
@ -0,0 +1,46 @@
|
|||
From 3fdff274c40795ad6a24891066358aa7a3953962 Mon Sep 17 00:00:00 2001
|
||||
From: Matthias Gerstner <matthias.gerstner@suse.de>
|
||||
Date: Tue, 22 Aug 2023 14:28:33 +0200
|
||||
Subject: [PATCH] cadence.py: wine ASIO settings: use safe tempfile
|
||||
|
||||
This fixed tempfile path poses a security issue that even might allow
|
||||
other users on the system to inject arbitrary wine registry settings, if
|
||||
protect_symlinks and protect_regular kernel protection is not enabled.
|
||||
|
||||
Use a proper NamedTemporaryFile to pass the data to regedit to fix this.
|
||||
---
|
||||
src/cadence.py | 11 ++++++-----
|
||||
1 file changed, 6 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/src/cadence.py b/src/cadence.py
|
||||
index 714e2d6..fddadfb 100755
|
||||
--- a/src/cadence.py
|
||||
+++ b/src/cadence.py
|
||||
@@ -47,6 +47,8 @@ from shared_settings import *
|
||||
# Import getoutput
|
||||
|
||||
from subprocess import getoutput
|
||||
+import tempfile
|
||||
+import subprocess
|
||||
|
||||
# ------------------------------------------------------------------------------------------------------------
|
||||
# Try Import DBus
|
||||
@@ -2095,11 +2097,10 @@ class CadenceMainW(QMainWindow, ui_cadence.Ui_CadenceMainW):
|
||||
REGFILE += '"Number of outputs"=dword:000000%s\n' % smartHex(self.sb_wineasio_outs.value(), 2)
|
||||
REGFILE += '"Preferred buffersize"=dword:0000%s\n' % smartHex(int(self.cb_wineasio_bsizes.currentText()), 4)
|
||||
|
||||
- writeFile = open("/tmp/cadence-wineasio.reg", "w")
|
||||
- writeFile.write(REGFILE)
|
||||
- writeFile.close()
|
||||
-
|
||||
- os.system("regedit /tmp/cadence-wineasio.reg")
|
||||
+ with tempfile.NamedTemporaryFile('w') as tmpfile:
|
||||
+ tmpfile.write(REGFILE)
|
||||
+ tmpfile.flush()
|
||||
+ subprocess.run(["regedit", tmpfile.name])
|
||||
|
||||
self.settings_changed_types = []
|
||||
self.frame_tweaks_settings.setVisible(False)
|
||||
--
|
||||
2.41.0
|
||||
|
||||
|
|
@ -1,5 +1,5 @@
|
|||
--- a/c++/patchcanvas/canvasbezierline.cpp 2019-11-17 21:34:05.000000000 +0100
|
||||
+++ b/c++/patchcanvas/canvasbezierline.cpp 2020-09-02 13:13:34.042234477 +0200
|
||||
--- a/c++/patchcanvas/canvasbezierline.cpp
|
||||
+++ b/c++/patchcanvas/canvasbezierline.cpp
|
||||
@@ -18,6 +18,7 @@
|
||||
#include "canvasbezierline.h"
|
||||
|
||||
|
|
@ -8,8 +8,8 @@
|
|||
|
||||
#include "canvasport.h"
|
||||
#include "canvasportglow.h"
|
||||
--- a/c++/patchcanvas/canvasbezierlinemov.cpp 2019-11-17 21:34:05.000000000 +0100
|
||||
+++ b/c++/patchcanvas/canvasbezierlinemov.cpp 2020-09-02 13:13:27.093234119 +0200
|
||||
--- a/c++/patchcanvas/canvasbezierlinemov.cpp
|
||||
+++ b/c++/patchcanvas/canvasbezierlinemov.cpp
|
||||
@@ -18,6 +18,7 @@
|
||||
#include "canvasbezierlinemov.h"
|
||||
|
||||
|
|
@ -18,13 +18,3 @@
|
|||
|
||||
#include "canvasport.h"
|
||||
|
||||
--- a/c++/widgets/pixmapdial.cpp 2019-11-17 21:34:05.000000000 +0100
|
||||
+++ b/c++/widgets/pixmapdial.cpp 2020-09-02 13:13:16.853233591 +0200
|
||||
@@ -21,6 +21,7 @@
|
||||
|
||||
#include <QtCore/QTimer>
|
||||
#include <QtGui/QPainter>
|
||||
+#include <QtGui/QPainterPath>
|
||||
#include <QtGui/QPaintEvent>
|
||||
|
||||
PixmapDial::PixmapDial(QWidget* parent)
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
# Template file for 'cadence'
|
||||
pkgname=cadence
|
||||
version=0.9.2
|
||||
revision=3
|
||||
revision=4
|
||||
build_style=gnu-makefile
|
||||
pycompile_dirs="usr/share/cadence/src"
|
||||
hostmakedepends="pkg-config qt5-host-tools python3-PyQt5-devel-tools"
|
||||
|
|
|
|||
Loading…
Reference in New Issue