[SCM] bristol/master: Add patch to prevent insecure library loading (Closes: #598285, CVE-2010-3351).

alessio at users.alioth.debian.org alessio at users.alioth.debian.org
Wed Sep 29 10:09:13 UTC 2010 

The following commit has been merged in the master branch:
commit ec38d3bf95b1f4c34eadd44325749f191b9ebf83
Author: Alessio Treglia <alessio at debian.org>
Date:   Wed Sep 29 12:01:20 2010 +0200

    Add patch to prevent insecure library loading (Closes: #598285, CVE-2010-3351).

diff --git a/debian/patches/90-CVE_insecure_library_loading.patch b/debian/patches/90-CVE_insecure_library_loading.patch
new file mode 100644
index 0000000..d08289f
--- /dev/null
+++ b/debian/patches/90-CVE_insecure_library_loading.patch
@@ -0,0 +1,119 @@
+Subject: Fix insecure library loading - CVE-2010-3351
+Origin: upstream, https://sourceforge.net/support/tracker.php?aid=3077160
+Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598285
+---
+ bin/startBristol.in |   54 ++++++++++++++++++++++++++++++++++++++++++++++++----
+ 1 file changed, 50 insertions(+), 4 deletions(-)
+
+--- bristol.orig/bin/startBristol.in
++++ bristol/bin/startBristol.in
+@@ -14,11 +14,17 @@ midi=seq
+ HELP=0
+ README=0
+ 
++EMULATE=hammondB3
++FREQ=0
++
+ #PORT=5028
+ # Randomise the port numbers, can be overridden by -port which would be a
+ # requirement for multitimbral
+ PORT=`date +%N`
+-PORT=`expr $PORT % 65536`
++PORT=`expr $PORT % 65536` >/dev/null 2>&1
++if [ -z $PORT ]; then
++	PORT=0
++fi
+ if [ $PORT -lt 1024 ]; then
+ 	PORT=`expr $PORT + 5028`
+ fi
+@@ -132,17 +138,39 @@ for index in $*; do
+ 		host=`echo $2 | awk -F: '{print $1}'`
+ 		if [ $host = "unix" ]; then
+ 			localport=`echo $2 | awk -F: '{print $2}'`
++			if [ -z $localport ]; then
++				localport=$PORT
++			fi
++		fi
++	fi
++	if [ $index = "-freqtweak" ]; then
++		FREQ=$2
++		if [ $FREQ -ne 0 -a -x /usr/bin/cpufreq-set -a $execme -eq 0 ]; then
++			cpufreq-set --min $FREQ
+ 		fi
+ 	fi
++	if [ $index = "-count" ]; then
++		COUNT=$2
++	fi
+ 	if [ $index = "-sleep" ]; then
+ 		sleep $2
+ 	fi
++	if [ $index = "-emulate" ]; then
++		EMULATE=$2
++	fi
+ 	if [ $index = "-port" ]; then
+ 		PORT=$2
+ 	fi
+ 	if [ $index = "-cache" ]; then
+ 		export BRISTOL_CACHE=$2
+ 	fi
++	if [ $index = "-memdump" ]; then
++		export BRISTOL_DUMP=$2
++	fi
++	if [ $index = "--summary" ]; then
++		brighton --summary
++		exit 0
++	fi
+ 	if [ $index = "-summary" ]; then
+ 		brighton -summary
+ 		exit 0
+@@ -250,7 +278,17 @@ if [ -z "$BRISTOL_CACHE" ]; then
+ 	export BRISTOL_CACHE=${HOME}/.bristol
+ fi
+ 
+-mkdir -p ${BRISTOL_CACHE}/memory
++if [ -z "$BRISTOL_DUMP" ]; then
++	mkdir -p ${BRISTOL_CACHE}/memory
++else
++	if [ ! -d $BRISTOL_DUMP/memory/$EMULATE ]; then
++		mkdir -p $BRISTOL_DUMP/memory/$EMULATE
++		cp -f $BRISTOL_DIR/memory/$EMULATE/* $BRISTOL_DUMP/memory/$EMULATE
++		cp -f $BRISTOL_CACHE/memory/$EMULATE/* $BRISTOL_DUMP/memory/$EMULATE
++		echo created memory shadow in $BRISTOL_DUMP
++	fi
++	export BRISTOL_CACHE=$BRISTOL_DUMP
++fi
+ 
+ # Nokey: Does the BRISTOL directory actually exist?
+ if [ ! -d $BRISTOL ]; then
+@@ -360,7 +398,7 @@ fi
+ export SLAB_HOME=$BRISTOL
+ export BRIGHTON=$BRISTOL
+ 
+-export LD_LIBRARY_PATH=/usr/local/lib:usr/lib:${LD_LIBRARY_PATH}:${BRISTOL}/lib
++export LD_LIBRARY_PATH=@BRISTOL_DIR@/lib:/usr/local/lib:/usr/lib:/lib
+ 
+ export PATH=${PATH}:$BRISTOL/bin:/usr/local/bin
+ 
+@@ -408,7 +446,7 @@ if [ $engine = 1 ]; then
+ 		ls /tmp/br.$localport >/dev/null 2>&1
+ 		if [ $? -eq 0 ]; then
+ 			echo "host port looked busy, unlinking"
+-			rm /tmp/br.$localport
++			rm -f /tmp/br.$localport
+ 		fi
+ 	else
+ 		echo checking availability of TCP port $PORT
+@@ -506,5 +544,13 @@ fi
+ 
+ sleep 1
+ 
++if [ $FREQ -ne 0 -a -x /usr/bin/cpufreq-set ]; then
++	cpufreq-set --min 250000
++fi
++# This could be a lot more intelligent but it will work. We need to remove any
++# dangling sockets. Alternatively just delete the files, the check for their
++# existance is superfluous
++rm -f /tmp/br.* >/dev/null 2>&1
++
+  exit `expr $engstatus + $guistatus`
+  
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..9623374
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
+90-CVE_insecure_library_loading.patch

-- 
bristol packaging

More information about the pkg-multimedia-commits mailing list