falkTX
/
Cadence
mirror of https://github.com/falkTX/Cadence
1
0
Fork 0
Code Releases 3 Activity
Browse Source

Patch CVE-2023-43782: Use of Fixed Temporary File Path in /tmp/.cadence-aloop-daemon.x 

Apply SuSE fix for CVE-2023-43782 (by Matthias Gerstner)

0001-cadence_aloop_daemon-place-lockfile-into-non-public-.patch

https://bugzilla.suse.com/show_bug.cgi?id=1213983
pull/362/head
Nedko Arnaudov 1 year ago
parent
556859c0af
commit
5099c9152b
3 changed files with 13 additions and 3 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +2
    -1
      src/cadence.py
  2. +3
    -2
      src/cadence_aloop_daemon.py
  3. +8
    -0
      src/shared.py

+ 2
- 1
src/cadence.py View File

@@ -38,6 +38,7 @@ import ui_cadence_tb_alsa
import ui_cadence_tb_a2j import ui_cadence_tb_a2j
import ui_cadence_tb_pa import ui_cadence_tb_pa
import ui_cadence_rwait import ui_cadence_rwait
from shared import getDaemonLockfile
from shared_cadence import * from shared_cadence import *
from shared_canvasjack import * from shared_canvasjack import *
from shared_settings import * from shared_settings import *
@@ -1710,7 +1711,7 @@ class CadenceMainW(QMainWindow, ui_cadence.Ui_CadenceMainW):


@pyqtSlot() @pyqtSlot()
def slot_AlsaBridgeStop(self): def slot_AlsaBridgeStop(self):
checkFile = "/tmp/.cadence-aloop-daemon.x"
checkFile = self.getDaemonLockfile("cadence-aloop-daemon")
if os.path.exists(checkFile): if os.path.exists(checkFile):
os.remove(checkFile) os.remove(checkFile)




+ 3
- 2
src/cadence_aloop_daemon.py View File

@@ -33,6 +33,7 @@ else:
# Imports (Custom Stuff) # Imports (Custom Stuff)


import jacklib import jacklib
from shared import getDaemonLockfile


# -------------------------------------------------- # --------------------------------------------------
# Auto re-activate if on good kernel # Auto re-activate if on good kernel
@@ -50,7 +51,7 @@ doRunNow = True
useZita = False useZita = False
procIn = QProcess() procIn = QProcess()
procOut = QProcess() procOut = QProcess()
checkFile = "/tmp/.cadence-aloop-daemon.x"
checkFile = getDaemonLockfile("cadence-aloop-daemon")


# -------------------------------------------------- # --------------------------------------------------
# Global JACK variables # Global JACK variables
@@ -161,7 +162,7 @@ if __name__ == '__main__':
client = jacklib.client_open("cadence-aloop-daemon", jacklib.JackUseExactName, None) client = jacklib.client_open("cadence-aloop-daemon", jacklib.JackUseExactName, None)


if not client: if not client:
print("cadence-aloop-daemon is already running, delete \"/tmp/.cadence-aloop-daemon.x\" to close it")
print("cadence-aloop-daemon is already running, delete \"{}\" to close it".format(checkFile))
quit() quit()


if jacklib.JACK2: if jacklib.JACK2:


+ 8
- 0
src/shared.py View File

@@ -312,3 +312,11 @@ def setIcons(self_, modes):
if "misc" in modes: if "misc" in modes:
gGui.ui.act_quit.setIcon(getIcon("application-exit")) gGui.ui.act_quit.setIcon(getIcon("application-exit"))
gGui.ui.act_configure.setIcon(getIcon("configure")) gGui.ui.act_configure.setIcon(getIcon("configure"))

def getDaemonLockfile(base):
lockdir = os.environ.get("XDG_RUNTIME_DIR", None)
if not lockdir:
lockdir = os.path.expanduser("~")

return os.path.join(lockdir, "{}-lock".format(base))


Write Preview
Loading…
Cancel
Save