[rocksndiamonds/f15] apply fix for user configuration/cache directory permission issue (CVE-2011-4606, bz766805)

Tom Callaway spot at fedoraproject.org
Fri Feb 10 20:41:16 UTC 2012 

commit 459beb59a404d8e344e7db16b92c04fc4fc631ab
Author: Tom Callaway <spot at fedoraproject.org>
Date:   Fri Feb 10 15:41:15 2012 -0500

    apply fix for user configuration/cache directory permission issue (CVE-2011-4606, bz766805)

 rocksndiamonds-CVE-2011-4606.patch |   29 +++++++++++++++++++++++++++++
 rocksndiamonds.spec                |   23 ++++++++++++++++-------
 2 files changed, 45 insertions(+), 7 deletions(-)
---
diff --git a/rocksndiamonds-CVE-2011-4606.patch b/rocksndiamonds-CVE-2011-4606.patch
new file mode 100644
index 0000000..65a06e6
--- /dev/null
+++ b/rocksndiamonds-CVE-2011-4606.patch
@@ -0,0 +1,29 @@
+diff -up rocksndiamonds-3.3.0.1/src/libgame/setup.c.CVE-2011-4606 rocksndiamonds-3.3.0.1/src/libgame/setup.c
+--- rocksndiamonds-3.3.0.1/src/libgame/setup.c.CVE-2011-4606	2011-12-12 14:28:30.083078680 -0500
++++ rocksndiamonds-3.3.0.1/src/libgame/setup.c	2011-12-12 14:34:36.758744753 -0500
+@@ -1293,11 +1293,14 @@ void sortTreeInfo(TreeInfo **node_first)
+ #define MODE_W_ALL		(S_IWUSR | S_IWGRP | S_IWOTH)
+ #define MODE_X_ALL		(S_IXUSR | S_IXGRP | S_IXOTH)
+ 
++#define MODE_R_PRIVATE		(S_IRUSR)
+ #define MODE_W_PRIVATE		(S_IWUSR)
++#define MODE_X_PRIVATE		(S_IXUSR)
++
+ #define MODE_W_PUBLIC		(S_IWUSR | S_IWGRP)
+ #define MODE_W_PUBLIC_DIR	(S_IWUSR | S_IWGRP | S_ISGID)
+ 
+-#define DIR_PERMS_PRIVATE	(MODE_R_ALL | MODE_X_ALL | MODE_W_PRIVATE)
++#define DIR_PERMS_PRIVATE	(MODE_R_PRIVATE | MODE_X_PRIVATE | MODE_W_PRIVATE)
+ #define DIR_PERMS_PUBLIC	(MODE_R_ALL | MODE_X_ALL | MODE_W_PUBLIC_DIR)
+ 
+ #define FILE_PERMS_PRIVATE	(MODE_R_ALL | MODE_W_PRIVATE)
+@@ -1456,7 +1459,8 @@ void createDirectory(char *dir, char *te
+   if (running_setgid)
+     posix_umask(last_umask & group_umask);
+   else
+-    dir_mode |= MODE_W_ALL;
++    if (permission_class == PERMS_PUBLIC)
++      dir_mode |= MODE_W_ALL;
+ 
+   if (!fileExists(dir))
+     if (posix_mkdir(dir, dir_mode) != 0)
diff --git a/rocksndiamonds.spec b/rocksndiamonds.spec
index 1872994..f97f042 100644
--- a/rocksndiamonds.spec
+++ b/rocksndiamonds.spec
@@ -1,6 +1,6 @@
 Name:		rocksndiamonds
 Version:	3.3.0.1
-Release:	2%{?dist}
+Release:	5%{?dist}
 License:	GPL+
 Group:		Amusements/Games
 Summary:	Underground digging game
@@ -14,7 +14,7 @@ Patch0:		rocksndiamonds-3.2.6.0-nosmpeg.patch
 Patch1:		rocksndiamonds-highscore.patch
 Patch2:		rocksndiamonds-YN.patch
 Patch3:		rocksndiamonds-3.2.6.0-music-info-url.patch
-BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+Patch4:		rocksndiamonds-CVE-2011-4606.patch
 BuildRequires:	SDL-devel, libX11-devel, desktop-file-utils, xorg-x11-proto-devel
 BuildRequires:	SDL_image-devel, SDL_mixer-devel, SDL_net-devel
 
@@ -28,12 +28,12 @@ rocks and strange creatures!
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
+%patch4 -p1 
 
 %build
 make %{?_smp_mflags} RO_GAME_DIR=%{_datadir}/%{name}/ RW_GAME_DIR=%{_localstatedir}/games/%{name}/ EXTRA_CFLAGS="$RPM_OPT_FLAGS -DUSE_USERDATADIR_FOR_COMMONDATA"
 
 %install
-rm -rf $RPM_BUILD_ROOT
 mkdir -p $RPM_BUILD_ROOT%{_datadir}/%{name}
 mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/games/%{name}
 mkdir -p $RPM_BUILD_ROOT%{_datadir}/applications
@@ -47,17 +47,16 @@ done
 install -m0644 rocksndiamonds.1 $RPM_BUILD_ROOT%{_mandir}/man1
 cp %{SOURCE2} $RPM_BUILD_ROOT%{_datadir}/pixmaps
 
+# Get rid of unnecessary patch files.
+rm -rf $RPM_BUILD_ROOT%{_datadir}/%{name}/levels/Tutorials/*/*.orig $RPM_BUILD_ROOT%{_datadir}/%{name}/levels/Tutorials/*/tapes/*.orig
+
 desktop-file-install 				\
   --vendor fedora				\
   --dir $RPM_BUILD_ROOT%{_datadir}/applications	\
   --mode 0644					\
   %{SOURCE1}
 
-%clean
-rm -rf $RPM_BUILD_ROOT
-
 %files
-%defattr(-,root,root,-)
 %doc ChangeLog COPYING CREDITS INSTALL README
 %doc docs/elements/
 %{_bindir}/*
@@ -68,6 +67,16 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/man1/*
 
 %changelog
+* Fri Feb 10 2012 Tom Callaway <spot at fedoraproject.org> - 3.3.0.1-5
+- apply fix for user configuration/cache directory permission issue (CVE-2011-4606, bz766805)
+
+* Sat Jan 14 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 3.3.0.1-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
+
+* Thu Jun 02 2011 Tom Callaway <spot at fedoraproject.org> - 3.3.0.1-3
+- drop unnecessary .orig files (bz597737)
+- clean up spec file
+
 * Wed Feb 09 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 3.3.0.1-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild

More information about the scm-commits mailing list