rpms/dpkg/devel fedora-fix-CVE-2010-0396-00.patch, NONE, 1.1 fedora-fix-CVE-2010-0396-01.patch, NONE, 1.1 dpkg.spec, 1.1, 1.2
topdog
topdog at fedoraproject.org
Thu Mar 11 13:43:41 UTC 2010
Author: topdog
Update of /cvs/pkgs/rpms/dpkg/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv8277
Modified Files:
dpkg.spec
Added Files:
fedora-fix-CVE-2010-0396-00.patch
fedora-fix-CVE-2010-0396-01.patch
Log Message:
* Thu Mar 11 2010 Andrew Colin Kissa <andrew at topdog.za.net> - 1.15.5.6-4
- Fix CVE-2010-0396
fedora-fix-CVE-2010-0396-00.patch:
Patch.pm | 17 +++++++++++++++--
1 file changed, 15 insertions(+), 2 deletions(-)
--- NEW FILE fedora-fix-CVE-2010-0396-00.patch ---
diff --git a/scripts/Dpkg/Source/Patch.pm b/scripts/Dpkg/Source/Patch.pm
--- a/scripts/Dpkg/Source/Patch.pm
+++ b/scripts/Dpkg/Source/Patch.pm
@@ -322,8 +322,9 @@ sub analyze {
error(_g("expected ^--- in line %d of diff `%s'"), $., $diff);
}
$_ = strip_ts($_);
- if ($_ eq '/dev/null' or s{^(\./)?[^/]+/}{$destdir/}) {
+ if ($_ eq '/dev/null' or s{^[^/]+/}{$destdir/}) {
$fn = $_;
+ error(_g("%s contains an insecure path: %s"), $diff, $_) if m{/\.\./};
}
if (/\.dpkg-orig$/) {
error(_g("diff `%s' patches file with name ending .dpkg-orig"), $diff);
@@ -336,8 +337,9 @@ sub analyze {
error(_g("line after --- isn't as expected in diff `%s' (line %d)"), $diff, $.);
}
$_ = strip_ts($_);
- if ($_ eq '/dev/null' or s{^(\./)?[^/]+/}{$destdir/}) {
+ if ($_ eq '/dev/null' or s{^[^/]+/}{$destdir/}) {
$fn2 = $_;
+ error(_g("%s contains an insecure path: %s"), $diff, $_) if m{/\.\./};
} else {
unless (defined $fn) {
error(_g("none of the filenames in ---/+++ are relative in diff `%s' (line %d)"),
@@ -363,6 +365,17 @@ sub analyze {
if ($dirname =~ s{/[^/]+$}{} && not -d $dirname) {
$dirtocreate{$dirname} = 1;
}
+
+ # Sanity check, refuse to patch through a symlink
+ $dirname = $fn;
+ while (1) {
+ if (-l $dirname) {
+ error(_g("diff %s modifies file %s through a symlink: %s"),
+ $diff, $fn, $dirname);
+ }
+ last unless $dirname =~ s{/[^/]+$}{};
+ }
+
if (-e $fn and not -f _) {
error(_g("diff `%s' patches something which is not a plain file"), $diff);
}
fedora-fix-CVE-2010-0396-01.patch:
quilt.pm | 1 +
1 file changed, 1 insertion(+)
--- NEW FILE fedora-fix-CVE-2010-0396-01.patch ---
diff --git a/scripts/Dpkg/Source/Package/V3/quilt.pm b/scripts/Dpkg/Source/Package/V3/quilt.pm
--- a/scripts/Dpkg/Source/Package/V3/quilt.pm
+++ b/scripts/Dpkg/Source/Package/V3/quilt.pm
@@ -123,6 +123,7 @@ sub read_patch_list {
}
}
next if $opts{"skip_auto"} and $_ eq $auto_patch;
+ error(_g("%s contains an insecure path: %s"), $file, $_) if m{(^|/)\.\./};
push @patches, $_;
}
close(SERIES);
Index: dpkg.spec
===================================================================
RCS file: /cvs/pkgs/rpms/dpkg/devel/dpkg.spec,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -p -r1.1 -r1.2
--- dpkg.spec 20 Feb 2010 06:01:41 -0000 1.1
+++ dpkg.spec 11 Mar 2010 13:43:39 -0000 1.2
@@ -1,6 +1,6 @@
Name: dpkg
Version: 1.15.5.6
-Release: 3%{?dist}
+Release: 4%{?dist}
Summary: Package maintenance system for Debian Linux
Group: System Environment/Base
# The entire source code is GPLv2+ with exception of the following
@@ -17,6 +17,9 @@ Source1: dpkg.archtable
# Fedora specific patch to store files under /usr/share/dpkg, not these are not binary
# libs. and set user search path to /usr/local/share/dpkg
Patch1: dpkg-change-libdir-path.patch
+# Fixes CVE-2010-0396 bugzilla #572522
+Patch2: fedora-fix-CVE-2010-0396-00.patch
+Patch3: fedora-fix-CVE-2010-0396-01.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: zlib-devel, bzip2-devel, libselinux-devel, gettext, ncurses-devel
@@ -58,6 +61,8 @@ dselect is a high-level interface for th
%setup -q
%patch1 -p1
+%patch2 -p1
+%patch3 -p1
# Filter unwanted Requires:
cat << \EOF > %{name}-req
@@ -196,6 +201,9 @@ rm -rf $RPM_BUILD_ROOT
%changelog
+* Thu Mar 11 2010 Andrew Colin Kissa <andrew at topdog.za.net> - 1.15.5.6-4
+- Fix CVE-2010-0396
+
* Mon Feb 15 2010 Andrew Colin Kissa <andrew at topdog.za.net> - 1.15.5.6-3
- review changes
More information about the scm-commits
mailing list