From 73a55413dd759ca824d893712096c053d10cee67 Mon Sep 17 00:00:00 2001
From: Michael Schwendt <mschwendt@fedoraproject.org>
Date: May 03 2008 07:04:09 +0000
Subject: - check ownership of temporary files directory (#436260) (CVE-2007-6061)


---

diff --git a/audacity-1.3.2-CVE-2007-6061.patch b/audacity-1.3.2-CVE-2007-6061.patch
new file mode 100644
index 0000000..bb1f4fd
--- /dev/null
+++ b/audacity-1.3.2-CVE-2007-6061.patch
@@ -0,0 +1,35 @@
+diff -Nur audacity-src-1.3.2-beta-orig/src/AudacityApp.cpp audacity-src-1.3.2-beta/src/AudacityApp.cpp
+--- audacity-src-1.3.2-beta-orig/src/AudacityApp.cpp	2006-10-29 01:05:26.000000000 +0200
++++ audacity-src-1.3.2-beta/src/AudacityApp.cpp	2008-05-02 17:46:49.000000000 +0200
+@@ -821,7 +821,7 @@
+    if (tempFromPrefs != wxT("")) {
+       if (wxDirExists(tempFromPrefs))
+          temp = tempFromPrefs;
+-      else if (wxMkdir(tempFromPrefs))
++      else if (wxMkdir(tempFromPrefs, 0755))
+          temp = tempFromPrefs;
+    }
+ 
+@@ -830,10 +830,21 @@
+    if (temp==wxT("") && tempDefaultLoc != wxT("")) {
+       if (wxDirExists(tempDefaultLoc))
+          temp = tempDefaultLoc;
+-      else if (wxMkdir(tempDefaultLoc))
++      else if (wxMkdir(tempDefaultLoc, 0755))
+          temp = tempDefaultLoc;
+    }
+ 
++   // Check temp directory ownership.
++   struct stat tempStatBuf;
++   if ( lstat(temp.mb_str(), &tempStatBuf) != 0 ) {
++      temp.clear();
++   }
++   else {
++      if ( geteuid() != tempStatBuf.st_uid ) {
++         temp.clear();
++      }
++   }
++
+    if (temp == wxT("")) {
+       // Failed
+       wxMessageBox(_("Audacity could not find a place to store temporary files.\nPlease enter an appropriate directory in the preferences dialog."));