[perl-PAR/f16] Fix CVE-2011-4114
Petr Pisar
ppisar at fedoraproject.org
Tue Dec 6 10:44:46 UTC 2011
commit b45cffe68b4e5e6f1920e5138b4c04c338b07210
Author: Petr Písař <ppisar at redhat.com>
Date: Thu Dec 1 15:46:19 2011 +0100
Fix CVE-2011-4114
perl-PAR-1.002-CVE-2011-4114.patch | 89 ++++++++++++++++++++++++++++++++++++
perl-PAR.spec | 10 ++++-
2 files changed, 98 insertions(+), 1 deletions(-)
---
diff --git a/perl-PAR-1.002-CVE-2011-4114.patch b/perl-PAR-1.002-CVE-2011-4114.patch
new file mode 100644
index 0000000..4db8a94
--- /dev/null
+++ b/perl-PAR-1.002-CVE-2011-4114.patch
@@ -0,0 +1,89 @@
+Fix CVE-2011-4114
+
+From: r1305 | rschupp | 2011-11-28 17:39:44 +0100 (Po, 28 lis 2011) | 7 lines
+RT #69560/CVE-2011-4114: PAR packed files are extracted to unsafe and
+predictable temporary directories
+- create parent of cache directory (i.e. /tmp/par-USER) with mode 0700
+- if it already exists, check that (and bail out if not)
+ - it's not a symlink
+ - it's mode 0700
+ - it's owned by USER
+
+Petr Pisar: Message wording adjustment from r1316 is included too.
+
+Index: lib/PAR/SetupTemp.pm
+===================================================================
+--- lib/PAR/SetupTemp.pm (revision 1304)
++++ lib/PAR/SetupTemp.pm (revision 1305)
+@@ -5,6 +5,8 @@
+ use strict;
+ use warnings;
+
++use Fcntl ':mode';
++
+ use PAR::SetupProgname;
+
+ =head1 NAME
+@@ -42,8 +44,9 @@
+ }
+
+ my $stmpdir = _get_par_user_tempdir();
++ die "unable to create cache directory" unless $stmpdir;
++
+ require File::Spec;
+- if (defined $stmpdir) { # it'd be quite bad if this was not the case
+ if (!$ENV{PAR_CLEAN} and my $mtime = (stat($PAR::SetupProgname::Progname))[9]) {
+ my $ctx = _get_digester();
+
+@@ -71,8 +74,7 @@
+ }
+
+ $ENV{PAR_TEMP} = $stmpdir;
+- mkdir $stmpdir, 0755;
+- } # end if found a temp dir
++ mkdir $stmpdir, 0700;
+
+ $PARTemp = $1 if defined $ENV{PAR_TEMP} and $ENV{PAR_TEMP} =~ /(.+)/;
+ }
+@@ -98,8 +100,25 @@
+ next unless defined $path and -d $path and -w $path;
+ $temp_path = File::Spec->catdir($path, "par-$username");
+ ($temp_path) = $temp_path =~ /^(.*)$/s;
+- mkdir $temp_path, 0755;
++ unless (mkdir($temp_path, 0700) || $!{EEXIST}) {
++ warn "creation of private subdirectory $temp_path failed (errno=$!)";
++ return;
++ }
+
++ unless ($^O eq 'MSWin32') {
++ my @st;
++ unless (@st = lstat($temp_path)) {
++ warn "stat of private subdirectory $temp_path failed (errno=$!)";
++ return;
++ }
++ if (!S_ISDIR($st[2])
++ || $st[4] != $<
++ || ($st[2] & 0777) != 0700 ) {
++ warn "private subdirectory $temp_path is unsafe";
++ return;
++ }
++ }
++
+ last;
+ }
+ return $temp_path;
+
+
+Index: lib/PAR/SetupTemp.pm
+===================================================================
+--- lib/PAR/SetupTemp.pm (revision 1315)
++++ lib/PAR/SetupTemp.pm (revision 1316)
+@@ -114,7 +114,7 @@
+ if (!S_ISDIR($st[2])
+ || $st[4] != $<
+ || ($st[2] & 0777) != 0700 ) {
+- warn "private subdirectory $temp_path is unsafe";
++ warn "private subdirectory $temp_path is unsafe (please remove it and retry your operation)";
+ return;
+ }
+ }
diff --git a/perl-PAR.spec b/perl-PAR.spec
index 1c98bed..23a6f2a 100644
--- a/perl-PAR.spec
+++ b/perl-PAR.spec
@@ -1,11 +1,13 @@
Name: perl-PAR
Version: 1.002
-Release: 4%{?dist}
+Release: 5%{?dist}
Summary: Perl Archive Toolkit
License: GPL+ or Artistic
Group: Development/Libraries
URL: http://search.cpan.org/dist/PAR/
Source0: http://www.cpan.org/authors/id/S/SM/SMUELLER/PAR-%{version}.tar.gz
+# Fix CVE-2011-4114, bug #760132, included in upstream 1.004.
+Patch0: perl-PAR-1.002-CVE-2011-4114.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildArch: noarch
BuildRequires: perl(Archive::Zip) >= 1
@@ -23,6 +25,7 @@ libraries from which Perl modules can be loaded.
%prep
%setup -q -n PAR-%{version}
+%patch0 -p0
%build
%{__perl} Makefile.PL INSTALLDIRS=vendor
@@ -39,7 +42,9 @@ find $RPM_BUILD_ROOT -depth -type d -exec rmdir {} 2>/dev/null \;
%{_fixperms} $RPM_BUILD_ROOT/*
%check
+export TEMP="$(mktemp -d)"
make test
+rm -rf "$TEMP"
%clean
rm -rf $RPM_BUILD_ROOT
@@ -51,6 +56,9 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man3/*
%changelog
+* Thu Dec 01 2011 Petr Pisar <ppisar at redhat.com> - 1.002-5
+- Fix CVE-2011-4114 (insecure temporary directory handling) (bug #760132)
+
* Tue Jul 19 2011 Petr Sabata <contyk at redhat.com> - 1.002-4
- Perl mass rebuild
More information about the perl-devel
mailing list