rpms
/
rpm
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

- Fix CVE-2010-2059 (#598775) and CVE-2010-2198 (#601955)

This commit is contained in:
Panu Matilainen 2010-06-30 10:10:11 +00:00
parent d626ba069e
commit 0ca909e550
2 changed files with 54 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
rpm-4.7.2-remove-sbits.patch Normal file
View File

@ -0,0 +1,48 @@
diff -up rpm-4.7.2/lib/fsm.c.remove-sbits rpm-4.7.2/lib/fsm.c
--- rpm-4.7.2/lib/fsm.c.remove-sbits 2009-10-26 07:58:01.000000000 +0200
+++ rpm-4.7.2/lib/fsm.c 2010-06-30 13:07:58.000000000 +0300
@@ -1323,6 +1323,21 @@ static const char * rpmteTypeString(rpmt
}
}
+static void removeSBITS(const char *path)
+{
+ struct stat stb;
+ if (lstat(path, &stb) == 0 && S_ISREG(stb.st_mode)) {
+ if ((stb.st_mode & 06000) != 0) {
+ (void) chmod(path, stb.st_mode & 0777);
+ }
+#if WITH_CAP
+ if (stb.st_mode & (S_IXUSR|S_IXGRP|S_IXOTH)) {
+ (void) cap_set_file(path, NULL);
+ }
+#endif
+ }
+}
+
#define IS_DEV_LOG(_x) \
((_x) != NULL && strlen(_x) >= (sizeof("/dev/log")-1) && \
!strncmp((_x), "/dev/log", sizeof("/dev/log")-1) && \
@@ -2028,11 +2043,8 @@ if (!(fsm->mapFlags & CPIO_ALL_HARDLINKS
break;
case FSM_UNLINK:
- if (fsm->mapFlags & CPIO_SBIT_CHECK) {
- struct stat stb;
- if (lstat(fsm->path, &stb) == 0 && S_ISREG(stb.st_mode) && (stb.st_mode & 06000) != 0)
- chmod(fsm->path, stb.st_mode & 0777);
- }
+ if (fsm->mapFlags & CPIO_SBIT_CHECK)
+ removeSBITS(fsm->path);
rc = unlink(fsm->path);
if (_fsm_debug && (stage & FSM_SYSCALL))
rpmlog(RPMLOG_DEBUG, " %8s (%s) %s\n", cur,
@@ -2041,6 +2053,8 @@ if (!(fsm->mapFlags & CPIO_ALL_HARDLINKS
rc = (errno == ENOENT ? CPIOERR_ENOENT : CPIOERR_UNLINK_FAILED);
break;
case FSM_RENAME:
+ if (fsm->mapFlags & CPIO_SBIT_CHECK)
+ removeSBITS(fsm->path);
rc = rename(fsm->opath, fsm->path);
#if defined(ETXTBSY) && defined(__HPUX__)
if (rc && errno == ETXTBSY) {

7
rpm.spec
View File

@ -21,7 +21,7 @@
Summary: The RPM package management system
Name: rpm
Version: %{rpmver}
Release: 1%{?dist}
Release: 2%{?dist}
Group: System Environment/Base
Url: http://www.rpm.org/
Source0: http://rpm.org/releases/rpm-4.7.x/%{name}-%{srcver}.tar.bz2
@ -46,6 +46,7 @@ Patch203: rpm-4.7.1-sign-passcheck.patch
Patch204: rpm-4.7.1-rpmfc-data.patch
Patch205: rpm-4.7.1-chmod-test.patch
Patch206: rpm-4.7.1-python-types.patch
Patch207: rpm-4.7.2-remove-sbits.patch
# These are not yet upstream
Patch301: rpm-4.6.0-niagara.patch
@ -207,6 +208,7 @@ packages on a system.
%patch204 -p1 -b .rpmfc-data
%patch205 -p1 -b .chmod-test
%patch206 -p1 -b .python-types
%patch207 -p1 -b .remove-sbits
%patch301 -p1 -b .niagara
%patch302 -p1 -b .geode
@ -421,6 +423,9 @@ exit 0
%doc doc/librpm/html/*
%changelog
* Wed Jun 30 2010 Panu Matilainen <pmatilai@redhat.com> - 4.7.2-2
- Fix CVE-2010-2059 (#598775) and CVE-2010-2198 (#601955)
* Tue Dec 08 2009 Panu Matilainen <pmatilai@redhat.com> - 4.7.2-1
- update to 4.7.2 (http://rpm.org/wiki/Releases/4.7.2)
- fix posix chmod test to unbreak %%fixperms macro (#543035)