CVE-2009-4135 : Unsafe temporary directory use in distcheck rule
This commit is contained in:
parent
84ce36b59c
commit
851fdcd87c
|
@ -0,0 +1,67 @@
|
|||
diff -urNp coreutils-7.6-orig/dist-check.mk coreutils-7.6/dist-check.mk
|
||||
--- coreutils-7.6-orig/dist-check.mk 2009-09-01 13:01:16.000000000 +0200
|
||||
+++ coreutils-7.6/dist-check.mk 2009-12-11 19:25:01.231452251 +0100
|
||||
@@ -4,14 +4,14 @@ bin=bin-$$$$
|
||||
|
||||
write_loser = printf '\#!%s\necho $$0: bad path 1>&2; exit 1\n' '$(SHELL)'
|
||||
|
||||
-TMPDIR ?= /tmp
|
||||
-t=$(TMPDIR)/$(PACKAGE)/test
|
||||
+tmpdir = $(abs_top_builddir)/tests/torture
|
||||
+t=$(tmpdir)/$(PACKAGE)/test
|
||||
pfx=$(t)/i
|
||||
|
||||
# More than once, tainted build and source directory names would
|
||||
# have caused at least one "make check" test to apply "chmod 700"
|
||||
# to all directories under $HOME. Make sure it doesn't happen again.
|
||||
-tp := $(shell echo "$(TMPDIR)/$(PACKAGE)-$$$$")
|
||||
+tp = $(tmpdir)/taint
|
||||
t_prefix = $(tp)/a
|
||||
t_taint = '$(t_prefix) b'
|
||||
fake_home = $(tp)/home
|
||||
@@ -30,10 +30,11 @@ taint-distcheck: $(DIST_ARCHIVES)
|
||||
touch $(fake_home)/f
|
||||
mkdir -p $(fake_home)/d/e
|
||||
ls -lR $(fake_home) $(t_prefix) > $(tp)/.ls-before
|
||||
+ HOME=$(fake_home); export HOME; \
|
||||
cd $(t_taint)/$(distdir) \
|
||||
&& ./configure \
|
||||
&& $(MAKE) \
|
||||
- && HOME=$(fake_home) $(MAKE) check \
|
||||
+ && $(MAKE) check \
|
||||
&& ls -lR $(fake_home) $(t_prefix) > $(tp)/.ls-after \
|
||||
&& diff $(tp)/.ls-before $(tp)/.ls-after \
|
||||
&& test -d $(t_prefix)
|
||||
@@ -52,6 +53,7 @@ endef
|
||||
# Install, then verify that all binaries and man pages are in place.
|
||||
# Note that neither the binary, ginstall, nor the ].1 man page is installed.
|
||||
define my-instcheck
|
||||
+ echo running my-instcheck; \
|
||||
$(MAKE) prefix=$(pfx) install \
|
||||
&& test ! -f $(pfx)/bin/ginstall \
|
||||
&& { fail=0; \
|
||||
@@ -70,6 +72,7 @@ endef
|
||||
|
||||
define coreutils-path-check
|
||||
{ \
|
||||
+ echo running coreutils-path-check; \
|
||||
if test -f $(srcdir)/src/true.c; then \
|
||||
fail=1; \
|
||||
mkdir $(bin) \
|
||||
@@ -117,7 +120,7 @@ my-distcheck: $(DIST_ARCHIVES) $(local-c
|
||||
mkdir -p $(t)
|
||||
GZIP=$(GZIP_ENV) $(AMTAR) -C $(t) -zxf $(distdir).tar.gz
|
||||
cd $(t)/$(distdir) \
|
||||
- && ./configure --enable-gcc-warnings --disable-nls \
|
||||
+ && ./configure --quiet --enable-gcc-warnings --disable-nls \
|
||||
&& $(MAKE) AM_MAKEFLAGS='$(null_AM_MAKEFLAGS)' \
|
||||
&& $(MAKE) dvi \
|
||||
&& $(install-transform-check) \
|
||||
@@ -128,6 +131,7 @@ my-distcheck: $(DIST_ARCHIVES) $(local-c
|
||||
&& $(AMTAR) -zxf - ) < $(distdir).tar.gz
|
||||
diff -ur $(t)/$(distdir).old $(t)/$(distdir)
|
||||
-rm -rf $(t)
|
||||
+ rmdir $(tmpdir)/$(PACKAGE) $(tmpdir)
|
||||
@echo "========================"; \
|
||||
echo "$(distdir).tar.gz is ready for distribution"; \
|
||||
echo "========================"
|
|
@ -1,7 +1,7 @@
|
|||
Summary: A set of basic GNU tools commonly used in shell scripts
|
||||
Name: coreutils
|
||||
Version: 7.6
|
||||
Release: 7%{?dist}
|
||||
Release: 8%{?dist}
|
||||
License: GPLv3+
|
||||
Group: System Environment/Base
|
||||
Url: http://www.gnu.org/software/coreutils/
|
||||
|
@ -25,6 +25,7 @@ Patch4: coreutils-7.6-tail-F-renaming.patch
|
|||
Patch5: coreutils-7.6-trueexecve.patch
|
||||
Patch6: coreutils-7.6-ls-infloop.patch
|
||||
Patch7: coreutils-7.6-ls-derefdanglinginode.patch
|
||||
Patch8: coreutils-CVE-2009-4135.patch
|
||||
|
||||
# Our patches
|
||||
Patch100: coreutils-6.10-configuration.patch
|
||||
|
@ -120,6 +121,7 @@ Libraries for coreutils package.
|
|||
%patch4 -p1 -b .renaming
|
||||
%patch5 -p1 -b .execve
|
||||
%patch6 -p1 -b .infloop
|
||||
%patch8 -p1 -b .unsafetmp
|
||||
|
||||
# Our patches
|
||||
%patch100 -p1 -b .configure
|
||||
|
@ -341,6 +343,9 @@ fi
|
|||
%{_libdir}/coreutils
|
||||
|
||||
%changelog
|
||||
* Fri Dec 11 2009 Ondrej Vasik <ovasik@redhat.com> - 7.6-8
|
||||
- CVE-2009-4135 : Unsafe temporary directory use in "distcheck" rule
|
||||
|
||||
* Mon Nov 23 2009 Ondrej Vasik <ovasik@redhat.com> - 7.6-7
|
||||
- update /etc/DIR_COLORS* files
|
||||
- ls -LR exits with status 2, not 0, when it encounters
|
||||
|
|
Loading…
Reference in New Issue