rpms/rpm/F-12 rpm-4.7.2-remove-sbits.patch, NONE, 1.1 rpm.spec, 1.362, 1.363

Panu Matilainen pmatilai at fedoraproject.org
Wed Jun 30 10:10:11 UTC 2010 

Author: pmatilai

Update of /cvs/pkgs/rpms/rpm/F-12
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv28325

Modified Files:
	rpm.spec 
Added Files:
	rpm-4.7.2-remove-sbits.patch 
Log Message:
- Fix CVE-2010-2059 (#598775) and CVE-2010-2198 (#601955)


rpm-4.7.2-remove-sbits.patch:
 fsm.c |   24 +++++++++++++++++++-----
 1 file changed, 19 insertions(+), 5 deletions(-)

--- NEW FILE rpm-4.7.2-remove-sbits.patch ---
diff -up rpm-4.7.2/lib/fsm.c.remove-sbits rpm-4.7.2/lib/fsm.c
--- rpm-4.7.2/lib/fsm.c.remove-sbits	2009-10-26 07:58:01.000000000 +0200
+++ rpm-4.7.2/lib/fsm.c	2010-06-30 13:07:58.000000000 +0300
@@ -1323,6 +1323,21 @@ static const char * rpmteTypeString(rpmt
     }
 }
 
+static void removeSBITS(const char *path)
+{
+    struct stat stb;
+    if (lstat(path, &stb) == 0 && S_ISREG(stb.st_mode)) {
+	if ((stb.st_mode & 06000) != 0) {
+	    (void) chmod(path, stb.st_mode & 0777);
+	}
+#if WITH_CAP
+	if (stb.st_mode & (S_IXUSR|S_IXGRP|S_IXOTH)) {
+	    (void) cap_set_file(path, NULL);
+	}
+#endif
+    }
+}
+
 #define	IS_DEV_LOG(_x)	\
 	((_x) != NULL && strlen(_x) >= (sizeof("/dev/log")-1) && \
 	!strncmp((_x), "/dev/log", sizeof("/dev/log")-1) && \
@@ -2028,11 +2043,8 @@ if (!(fsm->mapFlags & CPIO_ALL_HARDLINKS
 	break;
 
     case FSM_UNLINK:
-	if (fsm->mapFlags & CPIO_SBIT_CHECK) {
-	    struct stat stb;
-	    if (lstat(fsm->path, &stb) == 0 && S_ISREG(stb.st_mode) && (stb.st_mode & 06000) != 0)
-		chmod(fsm->path, stb.st_mode & 0777);
-	}
+	if (fsm->mapFlags & CPIO_SBIT_CHECK)
+	    removeSBITS(fsm->path);
 	rc = unlink(fsm->path);
 	if (_fsm_debug && (stage & FSM_SYSCALL))
 	    rpmlog(RPMLOG_DEBUG, " %8s (%s) %s\n", cur,
@@ -2041,6 +2053,8 @@ if (!(fsm->mapFlags & CPIO_ALL_HARDLINKS
 	    rc = (errno == ENOENT ? CPIOERR_ENOENT : CPIOERR_UNLINK_FAILED);
 	break;
     case FSM_RENAME:
+	if (fsm->mapFlags & CPIO_SBIT_CHECK)
+	    removeSBITS(fsm->path);
 	rc = rename(fsm->opath, fsm->path);
 #if defined(ETXTBSY) && defined(__HPUX__)
 	if (rc && errno == ETXTBSY) {


Index: rpm.spec
===================================================================
RCS file: /cvs/pkgs/rpms/rpm/F-12/rpm.spec,v
retrieving revision 1.362
retrieving revision 1.363
diff -u -p -r1.362 -r1.363
--- rpm.spec	8 Dec 2009 11:53:40 -0000	1.362
+++ rpm.spec	30 Jun 2010 10:10:11 -0000	1.363
@@ -21,7 +21,7 @@
 Summary: The RPM package management system
 Name: rpm
 Version: %{rpmver}
-Release: 1%{?dist}
+Release: 2%{?dist}
 Group: System Environment/Base
 Url: http://www.rpm.org/
 Source0: http://rpm.org/releases/rpm-4.7.x/%{name}-%{srcver}.tar.bz2
@@ -46,6 +46,7 @@ Patch203: rpm-4.7.1-sign-passcheck.patch
 Patch204: rpm-4.7.1-rpmfc-data.patch
 Patch205: rpm-4.7.1-chmod-test.patch
 Patch206: rpm-4.7.1-python-types.patch
+Patch207: rpm-4.7.2-remove-sbits.patch
 
 # These are not yet upstream
 Patch301: rpm-4.6.0-niagara.patch
@@ -207,6 +208,7 @@ packages on a system.
 %patch204 -p1 -b .rpmfc-data
 %patch205 -p1 -b .chmod-test
 %patch206 -p1 -b .python-types
+%patch207 -p1 -b .remove-sbits
 
 %patch301 -p1 -b .niagara
 %patch302 -p1 -b .geode
@@ -421,6 +423,9 @@ exit 0
 %doc doc/librpm/html/*
 
 %changelog
+* Wed Jun 30 2010 Panu Matilainen <pmatilai at redhat.com> - 4.7.2-2
+- Fix CVE-2010-2059 (#598775) and CVE-2010-2198 (#601955)
+
 * Tue Dec 08 2009 Panu Matilainen <pmatilai at redhat.com> - 4.7.2-1
 - update to 4.7.2 (http://rpm.org/wiki/Releases/4.7.2)
 - fix posix chmod test to unbreak %%fixperms macro (#543035)

More information about the scm-commits mailing list