rpms/coreutils/F-11 coreutils-CVE-2009-4135.patch, NONE, 1.1 coreutils.spec, 1.260, 1.261
Ondrej Vasik
ovasik at fedoraproject.org
Fri Dec 11 18:50:15 UTC 2009
- Previous message: rpms/ghc/devel .cvsignore, 1.20, 1.21 ghc.spec, 1.111, 1.112 sources, 1.22, 1.23
- Next message: rpms/libsmbios/devel libsmbios.spec, 1.25, 1.26 sources, 1.17, 1.18 .cvsignore, 1.17, 1.18
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: ovasik
Update of /cvs/extras/rpms/coreutils/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv30987
Modified Files:
coreutils.spec
Added Files:
coreutils-CVE-2009-4135.patch
Log Message:
CVE-2009-4135 : Unsafe temporary directory use in distcheck rule
coreutils-CVE-2009-4135.patch:
maint.mk | 14 +++++++++-----
1 file changed, 9 insertions(+), 5 deletions(-)
--- NEW FILE coreutils-CVE-2009-4135.patch ---
diff -urNp coreutils-7.2-orig/maint.mk coreutils-7.2/maint.mk
--- coreutils-7.2-orig/maint.mk 2009-03-29 19:44:10.000000000 +0200
+++ coreutils-7.2/maint.mk 2009-12-11 19:44:19.699563781 +0100
@@ -666,14 +666,14 @@ bin=bin-$$$$
write_loser = printf '\#!%s\necho $$0: bad path 1>&2; exit 1\n' '$(SHELL)'
-TMPDIR ?= /tmp
-t=$(TMPDIR)/$(PACKAGE)/test
+tmpdir = $(abs_top_builddir)/tests/torture
+t=$(tmpdir)/$(PACKAGE)/test
pfx=$(t)/i
# More than once, tainted build and source directory names would
# have caused at least one "make check" test to apply "chmod 700"
# to all directories under $HOME. Make sure it doesn't happen again.
-tp := $(shell echo "$(TMPDIR)/$(PACKAGE)-$$$$")
+tp = $(tmpdir)/taint
t_prefix = $(tp)/a
t_taint = '$(t_prefix) b'
fake_home = $(tp)/home
@@ -691,10 +691,11 @@ taint-distcheck: $(DIST_ARCHIVES)
touch $(fake_home)/f
mkdir -p $(fake_home)/d/e
ls -lR $(fake_home) $(t_prefix) > $(tp)/.ls-before
+ HOME=$(fake_home); export HOME; \
cd $(t_taint)/$(distdir) \
&& ./configure \
&& $(MAKE) \
- && HOME=$(fake_home) $(MAKE) check \
+ && $(MAKE) check \
&& ls -lR $(fake_home) $(t_prefix) > $(tp)/.ls-after \
&& diff $(tp)/.ls-before $(tp)/.ls-after \
&& test -d $(t_prefix)
@@ -713,6 +714,7 @@ endef
# Install, then verify that all binaries and man pages are in place.
# Note that neither the binary, ginstall, nor the ].1 man page is installed.
define my-instcheck
+ echo running my-instcheck; \
$(MAKE) prefix=$(pfx) install \
&& test ! -f $(pfx)/bin/ginstall \
&& { fail=0; \
@@ -731,6 +733,7 @@ endef
define coreutils-path-check
{ \
+ echo running coreutils-path-check; \
if test -f $(srcdir)/src/true.c; then \
fail=1; \
mkdir $(bin) \
@@ -777,7 +780,7 @@ my-distcheck: $(DIST_ARCHIVES) $(local-c
mkdir -p $(t)
GZIP=$(GZIP_ENV) $(AMTAR) -C $(t) -zxf $(distdir).tar.gz
cd $(t)/$(distdir) \
- && ./configure --disable-nls \
+ && ./configure --quiet --disable-nls \
&& $(MAKE) CFLAGS='$(warn_cflags)' \
AM_MAKEFLAGS='$(null_AM_MAKEFLAGS)' \
&& $(MAKE) dvi \
@@ -789,6 +792,7 @@ my-distcheck: $(DIST_ARCHIVES) $(local-c
&& $(AMTAR) -zxf - ) < $(distdir).tar.gz
diff -ur $(t)/$(distdir).old $(t)/$(distdir)
-rm -rf $(t)
+ rmdir $(tmpdir)/$(PACKAGE) $(tmpdir)
@echo "========================"; \
echo "$(distdir).tar.gz is ready for distribution"; \
echo "========================"
Index: coreutils.spec
===================================================================
RCS file: /cvs/extras/rpms/coreutils/F-11/coreutils.spec,v
retrieving revision 1.260
retrieving revision 1.261
diff -u -p -r1.260 -r1.261
--- coreutils.spec 8 Sep 2009 08:46:55 -0000 1.260
+++ coreutils.spec 11 Dec 2009 18:50:15 -0000 1.261
@@ -1,7 +1,7 @@
Summary: A set of basic GNU tools commonly used in shell scripts
Name: coreutils
Version: 7.2
-Release: 4%{?dist}
+Release: 5%{?dist}
License: GPLv3+
Group: System Environment/Base
Url: http://www.gnu.org/software/coreutils/
@@ -23,6 +23,7 @@ Patch1: coreutils-7.4-ls-1U.patch
Patch2: coreutils-7.4-install-SELinux.patch
Patch3: coreutils-7.5-ls-inode.patch
Patch4: coreutils-7.2-ls-fr_FR-misalignment.patch
+Patch5: coreutils-CVE-2009-4135.patch
# Our patches
Patch100: coreutils-6.10-configuration.patch
@@ -107,6 +108,7 @@ the old GNU fileutils, sh-utils, and tex
%patch2 -p1 -b .install-SELinux
%patch3 -p1 -b .lsinode
%patch4 -p1 -b .frenchmonths
+%patch5 -p1 -b .unsafetmp
# Our patches
%patch100 -p1 -b .configure
@@ -325,6 +327,9 @@ fi
/sbin/runuser
%changelog
+* Fri Dec 11 2009 Ondrej Vasik <ovasik at redhat.com> - 7.2-5
+- CVE-2009-4135 : Unsafe temporary directory use in "distcheck" rule
+
* Tue Sep 08 2009 Ondrej Vasik <ovasik at redhat.com> - 7.2-4
- ls -i: print consistent inode numbers also for mount points
(#453709)
- Previous message: rpms/ghc/devel .cvsignore, 1.20, 1.21 ghc.spec, 1.111, 1.112 sources, 1.22, 1.23
- Next message: rpms/libsmbios/devel libsmbios.spec, 1.25, 1.26 sources, 1.17, 1.18 .cvsignore, 1.17, 1.18
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list