rpms/mod_auth_shadow/EL-4 mod_auth_shadow-2.2-CVE-2010-1151.patch, NONE, 1.1 mod_auth_shadow.spec, 1.1, 1.2
Jaroslav Reznik
jreznik at fedoraproject.org
Fri Apr 9 13:43:26 UTC 2010
- Previous message: rpms/cyrus-sasl/devel cyrus-sasl.spec, 1.94, 1.95 saslauthd.init, 1.8, 1.9
- Next message: rpms/krb5/devel .cvsignore, 1.29, 1.30 krb5.spec, 1.258, 1.259 sources, 1.32, 1.33 2010-002-patch.txt, 1.1, NONE krb5-1.8-kpasswd_ccache.patch, 1.3, NONE krb5-1.8-opte.patch, 1.2, NONE krb5-trunk-kpasswd_ipv6.patch, 1.1, NONE krb5-trunk-tktlifetime.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: jreznik
Update of /cvs/pkgs/rpms/mod_auth_shadow/EL-4
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv2476
Modified Files:
mod_auth_shadow.spec
Added Files:
mod_auth_shadow-2.2-CVE-2010-1151.patch
Log Message:
* Fri Apr 09 2010 Jaroslav Reznik <jreznik at redhat.com> - 2.2-4
- CVE-2010-1151: bad wait(2) call causes randomized authorization (#578168)
- fix license tag
mod_auth_shadow-2.2-CVE-2010-1151.patch:
mod_auth_shadow.c | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
--- NEW FILE mod_auth_shadow-2.2-CVE-2010-1151.patch ---
diff -up mod_auth_shadow-2.2/mod_auth_shadow.c.CVE-2010-1151 mod_auth_shadow-2.2/mod_auth_shadow.c
--- mod_auth_shadow-2.2/mod_auth_shadow.c.CVE-2010-1151 2007-04-02 17:38:27.000000000 +0200
+++ mod_auth_shadow-2.2/mod_auth_shadow.c 2010-04-09 14:26:05.949633122 +0200
@@ -144,6 +144,7 @@ static int auth_shadow_authorize(const c
int filedes[2]; /* fd's for pipe. Read from 0, write to 1*/
char validate_prog[255];
int ret, status;
+ int cpid;
FILE* fp;
if (strlen(INSTBINDIR) > 240) {
@@ -192,6 +193,9 @@ static int auth_shadow_authorize(const c
/* Parent */
+ /* Save child pid - we must only accept answers from it */
+ cpid = ret;
+
/* We write to the pipe, then wait for the child to finish. */
fp = fdopen(filedes[1],"w");
if (!fp) {
@@ -209,12 +213,17 @@ static int auth_shadow_authorize(const c
return(-1);
}
- ret = wait(&status);
- if (ret==0 || ret==-1) {
+ ret = waitpid(cpid, &status, 0);
+ if (ret==-1) {
ap_log_error(APLOG_MARK, APLOG_EMERG, errno, r->server,
"%s: Error while waiting for child: %d.",module_name, errno);
return(-1);
}
+ if (ret==0 || ret!=cpid) {
+ ap_log_error(APLOG_MARK, APLOG_EMERG, errno, r->server,
+ "%s: Failure waiting for child (none or wrong child returned): %d.",module_name, ret);
+ return(-1);
+ }
if (status==0)
return 1; /* Correct pw */
@@ -307,7 +316,7 @@ static int user_in_group (char *user, co
}
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, NULL,
- "%s: Looking in group file for %d: got user: %s", module_name,
+ "%s: Looking in group file for %s: got user: %s", module_name,
groupname, user);
// Get group information from group file using re-entrant
Index: mod_auth_shadow.spec
===================================================================
RCS file: /cvs/pkgs/rpms/mod_auth_shadow/EL-4/mod_auth_shadow.spec,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -p -r1.1 -r1.2
--- mod_auth_shadow.spec 3 Apr 2007 07:08:31 -0000 1.1
+++ mod_auth_shadow.spec 9 Apr 2010 13:43:26 -0000 1.2
@@ -1,10 +1,11 @@
Name: mod_auth_shadow
Version: 2.2
-Release: 3%{?dist}
+Release: 4%{?dist}
Source: http://downloads.sourceforge.net/mod-auth-shadow/%{name}-%{version}.tar.gz
Source1: mod_auth_shadow.conf
+Patch0: mod_auth_shadow-2.2-CVE-2010-1151.patch
URL: http://mod-auth-shadow.sourceforge.net
-License: GPL
+License: GPLv2+
Group: System Environment/Daemons
Summary: An Apache module for authentication using /etc/shadow
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -29,6 +30,8 @@ sed -i 's#/usr/local#/usr#' makefile
sed -i 's/chown/#chown/' makefile
sed -i 's/chmod/#chmod/' makefile
+%patch0 -p1 -b .CVE-2010-1151
+
%build
gcc -o validate validate.c -lcrypt
make %{?_smp_mflags} all
@@ -53,6 +56,10 @@ rm -rf $RPM_BUILD_ROOT
%doc CHANGES INSTALL README COPYING
%changelog
+* Fri Apr 09 2010 Jaroslav Reznik <jreznik at redhat.com> - 2.2-4
+- CVE-2010-1151: bad wait(2) call causes randomized authorization (#578168)
+- fix license tag
+
* Tue Apr 03 2007 David Anderson <fedora-packaging at dw-perspective.org.uk> 2.2-3
- Removed chmod/chown from makefile (sometimes caused root builds to fail)
- Previous message: rpms/cyrus-sasl/devel cyrus-sasl.spec, 1.94, 1.95 saslauthd.init, 1.8, 1.9
- Next message: rpms/krb5/devel .cvsignore, 1.29, 1.30 krb5.spec, 1.258, 1.259 sources, 1.32, 1.33 2010-002-patch.txt, 1.1, NONE krb5-1.8-kpasswd_ccache.patch, 1.3, NONE krb5-1.8-opte.patch, 1.2, NONE krb5-trunk-kpasswd_ipv6.patch, 1.1, NONE krb5-trunk-tktlifetime.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list