falkTX
/
Cadence
mirror of https://github.com/falkTX/Cadence
1
0
Fork 0
Code Releases 3 Activity
Browse Source

Patch CVE-2023-43782: Use of Fixed Temporary File Path in /tmp/.cadence-aloop-daemon.x 

Apply SuSE fix for CVE-2023-43782 (by Matthias Gerstner)

0001-cadence_aloop_daemon-place-lockfile-into-non-public-.patch

https://bugzilla.suse.com/show_bug.cgi?id=1213983
pull/362/head
Nedko Arnaudov 1 year ago
parent
556859c0af
commit
5099c9152b
3 changed files with 13 additions and 3 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +2
    -1
      src/cadence.py
  2. +3
    -2
      src/cadence_aloop_daemon.py
  3. +8
    -0
      src/shared.py

+ 2
- 1
src/cadence.py View File

@@ -38,6 +38,7 @@ import ui_cadence_tb_alsa
import ui_cadence_tb_a2j
import ui_cadence_tb_pa
import ui_cadence_rwait
from shared import getDaemonLockfile
from shared_cadence import *
from shared_canvasjack import *
from shared_settings import *
@@ -1710,7 +1711,7 @@ class CadenceMainW(QMainWindow, ui_cadence.Ui_CadenceMainW):

@pyqtSlot()
def slot_AlsaBridgeStop(self):
checkFile = "/tmp/.cadence-aloop-daemon.x"
checkFile = self.getDaemonLockfile("cadence-aloop-daemon")
if os.path.exists(checkFile):
os.remove(checkFile)



+ 3
- 2
src/cadence_aloop_daemon.py View File

@@ -33,6 +33,7 @@ else:
# Imports (Custom Stuff)

import jacklib
from shared import getDaemonLockfile

# --------------------------------------------------
# Auto re-activate if on good kernel
@@ -50,7 +51,7 @@ doRunNow = True
useZita = False
procIn = QProcess()
procOut = QProcess()
checkFile = "/tmp/.cadence-aloop-daemon.x"
checkFile = getDaemonLockfile("cadence-aloop-daemon")

# --------------------------------------------------
# Global JACK variables
@@ -161,7 +162,7 @@ if __name__ == '__main__':
client = jacklib.client_open("cadence-aloop-daemon", jacklib.JackUseExactName, None)

if not client:
print("cadence-aloop-daemon is already running, delete \"/tmp/.cadence-aloop-daemon.x\" to close it")
print("cadence-aloop-daemon is already running, delete \"{}\" to close it".format(checkFile))
quit()

if jacklib.JACK2:


+ 8
- 0
src/shared.py View File

@@ -312,3 +312,11 @@ def setIcons(self_, modes):
if "misc" in modes:
gGui.ui.act_quit.setIcon(getIcon("application-exit"))
gGui.ui.act_configure.setIcon(getIcon("configure"))

def getDaemonLockfile(base):
lockdir = os.environ.get("XDG_RUNTIME_DIR", None)
if not lockdir:
lockdir = os.path.expanduser("~")

return os.path.join(lockdir, "{}-lock".format(base))


Write Preview
Loading…
Cancel
Save