dracut-044-21
- fixed permissions of initramfs file, if microcode is prepended CVE-2016-8637
This commit is contained in:
parent
ba0ad88af7
commit
894e54a968
|
@ -0,0 +1,27 @@
|
|||
From 5372714971867a6f4baf4e8a6352d02d6327c1d1 Mon Sep 17 00:00:00 2001
|
||||
From: Andreas Stieger <astieger@suse.com>
|
||||
Date: Mon, 7 Nov 2016 10:37:22 +0100
|
||||
Subject: [PATCH] dracut.sh: create the initramfs non-world readable also if
|
||||
early cpio is used
|
||||
|
||||
Fixes: 5f2c30d9bcd614d546d5c55c6897e33f88b9ab90
|
||||
Previously fixed CVE-2012-4453: e1b48995c26c4f06d1a718539cb1bd5b0179af91
|
||||
|
||||
Signed-off-by: Andreas Stieger <astieger@suse.com>
|
||||
---
|
||||
dracut.sh | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/dracut.sh b/dracut.sh
|
||||
index 6dc9858..07ea738 100755
|
||||
--- a/dracut.sh
|
||||
+++ b/dracut.sh
|
||||
@@ -1697,7 +1697,7 @@ if [[ $create_early_cpio = yes ]]; then
|
||||
|
||||
# The microcode blob is _before_ the initramfs blob, not after
|
||||
if ! (
|
||||
- cd "$early_cpio_dir/d"
|
||||
+ umask 077; cd "$early_cpio_dir/d"
|
||||
find . -print0 | sort -z \
|
||||
| cpio ${CPIO_REPRODUCIBLE:+--reproducible} --null $cpio_owner_root -H newc -o --quiet > "${DRACUT_TMPDIR}/initramfs.img"
|
||||
); then
|
|
@ -16,7 +16,7 @@
|
|||
|
||||
Name: dracut
|
||||
Version: 044
|
||||
Release: 20%{?dist}
|
||||
Release: 21%{?dist}
|
||||
|
||||
Summary: Initramfs generator using udev
|
||||
%if 0%{?fedora} || 0%{?rhel}
|
||||
|
@ -54,6 +54,7 @@ Patch16: 0016-dracut.sh-restorecon-final-image-file.patch
|
|||
Patch17: 0017-add-support-to-F2FS-filesystem-fsck.patch
|
||||
Patch18: 0018-fs-lib-add-crc32c-kernel-module-for-f2fs.patch
|
||||
Patch19: 0019-fs-lib-f2fs-needs-crc32-not-crc32c.patch
|
||||
Patch20: 0020-dracut.sh-create-the-initramfs-non-world-readable-al.patch
|
||||
|
||||
Source1: https://www.gnu.org/licenses/lgpl-2.1.txt
|
||||
|
||||
|
@ -514,6 +515,10 @@ rm -rf -- $RPM_BUILD_ROOT
|
|||
%endif
|
||||
|
||||
%changelog
|
||||
* Mon Nov 07 2016 Harald Hoyer <harald@redhat.com> - 044-21
|
||||
- fixed permissions of initramfs file, if microcode is prepended
|
||||
CVE-2016-8637
|
||||
|
||||
* Fri Jul 08 2016 Harald Hoyer <harald@redhat.com> - 044-20
|
||||
- add correct crc32 kernel module for f2fs
|
||||
|
||||
|
|
Loading…
Reference in New Issue