plautrba pushed to setroubleshoot (f20). "* Thu Mar 26 2015 Petr Lautrbach <plautrba at redhat.com> 3.2.17-2 (..more)"
notifications at fedoraproject.org
notifications at fedoraproject.org
Thu Mar 26 08:59:01 UTC 2015
>From 376d2776565e9f78924d1dd5abb2f2b9f1b0a70f Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba at redhat.com>
Date: Thu, 26 Mar 2015 09:58:39 +0100
Subject: * Thu Mar 26 2015 Petr Lautrbach <plautrba at redhat.com> 3.2.17-2 - Fix
get_rpm_nvr_*_temporary functions - CVE-2015-1815 (#1203352)
diff --git a/0001-Fix-get_rpm_nvr_-_temporary-functions-rhbz-1203977.patch b/0001-Fix-get_rpm_nvr_-_temporary-functions-rhbz-1203977.patch
new file mode 100644
index 0000000..4e0b0ee
--- /dev/null
+++ b/0001-Fix-get_rpm_nvr_-_temporary-functions-rhbz-1203977.patch
@@ -0,0 +1,53 @@
+From d78a46d19ad3001fb3e3a44bd6b4bb507f2017f4 Mon Sep 17 00:00:00 2001
+From: Petr Lautrbach <plautrba at redhat.com>
+Date: Mon, 23 Mar 2015 13:58:08 +0100
+Subject: [PATCH 1/2] Fix get_rpm_nvr_*_temporary functions - rhbz#1203977
+
+- use subprocess.check_output() instead of commands.getstatusoutput()
+- use os.path.abspath() to get a normalized absolutized version of the name
+---
+ framework/src/setroubleshoot/util.py | 18 +++++++++---------
+ 1 file changed, 9 insertions(+), 9 deletions(-)
+
+diff --git a/framework/src/setroubleshoot/util.py b/framework/src/setroubleshoot/util.py
+index 2dffb80..906735b 100755
+--- a/framework/src/setroubleshoot/util.py
++++ b/framework/src/setroubleshoot/util.py
+@@ -263,25 +263,25 @@ def get_rpm_nvr_by_name_temporary(name):
+
+ nvr = None
+ try:
+- import commands
+- rc, output = commands.getstatusoutput("rpm -q %s" % name)
+- if rc == 0:
+- nvr = output
++ import subprocess
++ nvr = subprocess.check_output(["rpm", "-q", name]).rstrip()
+ except:
+ syslog.syslog(syslog.LOG_ERR, "failed to retrieve rpm info for %s" % name)
+ return nvr
+
+
+ def get_rpm_nvr_by_file_path_temporary(name):
+- if name is None or not os.path.exists(name):
++ if name is None:
++ return None
++
++ name = os.path.abspath(name)
++ if not os.path.exists(name):
+ return None
+
+ nvr = None
+ try:
+- import commands
+- rc, output = commands.getstatusoutput("rpm -qf '%s'" % name)
+- if rc == 0:
+- nvr = output
++ import subprocess
++ nvr = subprocess.check_output(["rpm", "-qf", name]).rstrip()
+ except:
+ syslog.syslog(syslog.LOG_ERR, "failed to retrieve rpm info for %s" % name)
+ return nvr
+--
+2.3.3
+
diff --git a/setroubleshoot.spec b/setroubleshoot.spec
index 05dc1d8..b074723 100644
--- a/setroubleshoot.spec
+++ b/setroubleshoot.spec
@@ -1,13 +1,16 @@
Summary: Helps troubleshoot SELinux problems
Name: setroubleshoot
Version: 3.2.17
-Release: 1%{?dist}
+Release: 2%{?dist}
License: GPLv2+
Group: Applications/System
URL: https://fedorahosted.org/setroubleshoot
# git clone git://git.fedorahosted.org/git/setroubleshoot.git; cd setroubleshoot
# git archive --prefix setroubleshoot-3.0.10/426cf8ea7a38e8c5179981219d831368161b65f2 > setroubleshoot-3.0.10.tar.gz
Source0: %{name}-%{version}.tar.gz
+# https://bugzilla.redhat.com/show_bug.cgi?id=1203352
+# CVE-2015-1815
+Patch0: 0001-Fix-get_rpm_nvr_-_temporary-functions-rhbz-1203977.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: perl-XML-Parser
BuildRequires: libcap-ng-devel
@@ -71,6 +74,7 @@ fi
%prep
%setup -q
+%patch0 -p 2 -b .CVE-2015-1815
%build
%configure
@@ -168,6 +172,9 @@ rm -rf %{buildroot}
%{_datadir}/dbus-1/system-services/org.fedoraproject.SetroubleshootFixit.service
%changelog
+* Thu Mar 26 2015 Petr Lautrbach <plautrba at redhat.com> 3.2.17-2
+- Fix get_rpm_nvr_*_temporary functions - CVE-2015-1815 (#1203352)
+
* Mon Jan 20 2014 Dan Walsh <dwalsh at redhat.com> - 3.2.17-1
- Fix unicode settings
--
cgit v0.10.2
http://pkgs.fedoraproject.org/cgit/setroubleshoot.git/commit/?h=f20&id=376d2776565e9f78924d1dd5abb2f2b9f1b0a70f
More information about the scm-commits
mailing list