parent
d626ba069e
commit
0ca909e550
|
@ -0,0 +1,48 @@
|
|||
diff -up rpm-4.7.2/lib/fsm.c.remove-sbits rpm-4.7.2/lib/fsm.c
|
||||
--- rpm-4.7.2/lib/fsm.c.remove-sbits 2009-10-26 07:58:01.000000000 +0200
|
||||
+++ rpm-4.7.2/lib/fsm.c 2010-06-30 13:07:58.000000000 +0300
|
||||
@@ -1323,6 +1323,21 @@ static const char * rpmteTypeString(rpmt
|
||||
}
|
||||
}
|
||||
|
||||
+static void removeSBITS(const char *path)
|
||||
+{
|
||||
+ struct stat stb;
|
||||
+ if (lstat(path, &stb) == 0 && S_ISREG(stb.st_mode)) {
|
||||
+ if ((stb.st_mode & 06000) != 0) {
|
||||
+ (void) chmod(path, stb.st_mode & 0777);
|
||||
+ }
|
||||
+#if WITH_CAP
|
||||
+ if (stb.st_mode & (S_IXUSR|S_IXGRP|S_IXOTH)) {
|
||||
+ (void) cap_set_file(path, NULL);
|
||||
+ }
|
||||
+#endif
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
#define IS_DEV_LOG(_x) \
|
||||
((_x) != NULL && strlen(_x) >= (sizeof("/dev/log")-1) && \
|
||||
!strncmp((_x), "/dev/log", sizeof("/dev/log")-1) && \
|
||||
@@ -2028,11 +2043,8 @@ if (!(fsm->mapFlags & CPIO_ALL_HARDLINKS
|
||||
break;
|
||||
|
||||
case FSM_UNLINK:
|
||||
- if (fsm->mapFlags & CPIO_SBIT_CHECK) {
|
||||
- struct stat stb;
|
||||
- if (lstat(fsm->path, &stb) == 0 && S_ISREG(stb.st_mode) && (stb.st_mode & 06000) != 0)
|
||||
- chmod(fsm->path, stb.st_mode & 0777);
|
||||
- }
|
||||
+ if (fsm->mapFlags & CPIO_SBIT_CHECK)
|
||||
+ removeSBITS(fsm->path);
|
||||
rc = unlink(fsm->path);
|
||||
if (_fsm_debug && (stage & FSM_SYSCALL))
|
||||
rpmlog(RPMLOG_DEBUG, " %8s (%s) %s\n", cur,
|
||||
@@ -2041,6 +2053,8 @@ if (!(fsm->mapFlags & CPIO_ALL_HARDLINKS
|
||||
rc = (errno == ENOENT ? CPIOERR_ENOENT : CPIOERR_UNLINK_FAILED);
|
||||
break;
|
||||
case FSM_RENAME:
|
||||
+ if (fsm->mapFlags & CPIO_SBIT_CHECK)
|
||||
+ removeSBITS(fsm->path);
|
||||
rc = rename(fsm->opath, fsm->path);
|
||||
#if defined(ETXTBSY) && defined(__HPUX__)
|
||||
if (rc && errno == ETXTBSY) {
|
7
rpm.spec
7
rpm.spec
|
@ -21,7 +21,7 @@
|
|||
Summary: The RPM package management system
|
||||
Name: rpm
|
||||
Version: %{rpmver}
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
Group: System Environment/Base
|
||||
Url: http://www.rpm.org/
|
||||
Source0: http://rpm.org/releases/rpm-4.7.x/%{name}-%{srcver}.tar.bz2
|
||||
|
@ -46,6 +46,7 @@ Patch203: rpm-4.7.1-sign-passcheck.patch
|
|||
Patch204: rpm-4.7.1-rpmfc-data.patch
|
||||
Patch205: rpm-4.7.1-chmod-test.patch
|
||||
Patch206: rpm-4.7.1-python-types.patch
|
||||
Patch207: rpm-4.7.2-remove-sbits.patch
|
||||
|
||||
# These are not yet upstream
|
||||
Patch301: rpm-4.6.0-niagara.patch
|
||||
|
@ -207,6 +208,7 @@ packages on a system.
|
|||
%patch204 -p1 -b .rpmfc-data
|
||||
%patch205 -p1 -b .chmod-test
|
||||
%patch206 -p1 -b .python-types
|
||||
%patch207 -p1 -b .remove-sbits
|
||||
|
||||
%patch301 -p1 -b .niagara
|
||||
%patch302 -p1 -b .geode
|
||||
|
@ -421,6 +423,9 @@ exit 0
|
|||
%doc doc/librpm/html/*
|
||||
|
||||
%changelog
|
||||
* Wed Jun 30 2010 Panu Matilainen <pmatilai@redhat.com> - 4.7.2-2
|
||||
- Fix CVE-2010-2059 (#598775) and CVE-2010-2198 (#601955)
|
||||
|
||||
* Tue Dec 08 2009 Panu Matilainen <pmatilai@redhat.com> - 4.7.2-1
|
||||
- update to 4.7.2 (http://rpm.org/wiki/Releases/4.7.2)
|
||||
- fix posix chmod test to unbreak %%fixperms macro (#543035)
|
||||
|
|
Loading…
Reference in New Issue