robert pushed to zarafa (el5). "Merge remote branch 'origin/f21' into el5"

notifications at fedoraproject.org notifications at fedoraproject.org
Mon May 18 22:00:52 UTC 2015 

From f800d1c7270ae156c3e498405b3692259b7d3f2b Mon Sep 17 00:00:00 2001
From: Robert Scheck <robert at fedoraproject.org>
Date: Mon, 18 May 2015 23:58:02 +0200
Subject: - Upgrade to 7.1.12 (re-released) - Backported patch from Zarafa 7.2
 to fix CVE-2015-3436 (#1222151)


diff --git a/sources b/sources
index 4a70ced..a15167f 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-98ceed8b35a68bba669aecccbc7b1f43  zcp-7.1.12.tar.gz
+4744f5c09ca082ea23cd28ea1d10941f  zcp-7.1.12.tar.gz
diff --git a/zarafa-7.1.12-upgrade-lock.patch b/zarafa-7.1.12-upgrade-lock.patch
new file mode 100644
index 0000000..2a1fddd
--- /dev/null
+++ b/zarafa-7.1.12-upgrade-lock.patch
@@ -0,0 +1,56 @@
+Patch by Robert Scheck <robert at fedoraproject.org> for Zarafa 7.1.12 which backports the fix for
+CVE-2015-3436. Guido Günther detected and reported that replacing "/tmp/zarafa-upgrade-lock" by
+a symlink makes the zarafa-server process following that symlink and thus allows to overwrite
+arbitrary files in the filesystem (assuming zarafa-server runs as root which is not the case by
+default at Fedora, but it is the upstream default). One just needs write permissions in /tmp and
+wait until the zarafa-server is restarted. https://bugzilla.redhat.com/show_bug.cgi?id=1222151
+contains further information. The difference between this backport and the original diff is that
+the log levels were reworked from Zarafa 7.1.x to 7.2.x (which this backport takes care of).
+
+--- zarafa-7.1.12/provider/server/ECServer.cpp			2015-05-08 15:09:05.000000000 +0200
++++ zarafa-7.1.12/provider/server/ECServer.cpp.upgrade-lock	2015-05-18 23:05:00.000000000 +0200
+@@ -101,6 +101,8 @@
+ // have to go with the safe value which is for 64bit.
+ #define MYSQL_MIN_THREAD_STACK (256*1024)
+ 
++const char upgrade_lock_file[] = "/tmp/zarafa-upgrade-lock";
++
+ extern ECSessionManager*    g_lpSessionManager;
+ 
+ // scheduled functions
+@@ -832,7 +834,7 @@
+ 	// SIGSEGV backtrace support
+ 	stack_t st = {0};
+ 	struct sigaction act = {{0}};
+-	FILE *tmplock = NULL;
++	int tmplock = -1;
+ 	struct stat dir = {0};
+ 	struct passwd *runasUser = NULL;
+ 
+@@ -1288,8 +1290,9 @@
+ 	m_bDatabaseUpdateIgnoreSignals = true;
+ 
+ 	// add a lock file to disable the /etc/init.d scripts
+-	tmplock = fopen("/tmp/zarafa-upgrade-lock","w");
+-	if (!tmplock)
++	tmplock = open(upgrade_lock_file, O_CREAT | O_EXCL, S_IRUSR | S_IWUSR);
++
++	if (tmplock == -1)
+ 		g_lpLogger->Log(EC_LOGLEVEL_FATAL, "WARNING: Unable to place upgrade lockfile: %s", strerror(errno));
+ 
+ #ifdef EMBEDDED_MYSQL
+@@ -1314,9 +1317,11 @@
+ 	er = lpDatabaseFactory->UpdateDatabase(m_bForceDatabaseUpdate, dbError);
+ 
+ 	// remove lock file
+-	if (tmplock) {
+-		fclose(tmplock);
+-		unlink("/tmp/zarafa-upgrade-lock");
++	if (tmplock != -1) {
++		if (unlink(upgrade_lock_file) == -1)
++			g_lpLogger->Log(EC_LOGLEVEL_FATAL, "WARNING: Unable to delete upgrade lockfile (%s): %s", upgrade_lock_file, strerror(errno));
++
++		close(tmplock);
+ 	}
+ 
+ 	if(er == ZARAFA_E_INVALID_VERSION) {
diff --git a/zarafa.spec b/zarafa.spec
index 2debd81..3821ad1 100644
--- a/zarafa.spec
+++ b/zarafa.spec
@@ -1,6 +1,6 @@
 %global beta_or_rc      0
-%global actual_release  1
-%global svnrevision     48726
+%global actual_release  2
+%global svnrevision     49411
 %global with_search     1
 %global with_ldap       1
 %global with_xmlto      1
@@ -68,6 +68,7 @@ Patch10:            zarafa-7.1.11-webaccess-fail2ban.patch
 Patch11:            zarafa-7.1.12-webaccess-mcrypt.patch
 Patch12:            zarafa-7.1.12-gsoap-sslv3.patch
 Patch13:            zarafa-7.1.12-licensed-archiver.patch
+Patch14:            zarafa-7.1.12-upgrade-lock.patch
 
 BuildRequires:      bison
 BuildRequires:      gcc-c++
@@ -408,6 +409,7 @@ touch -c -r aclocal.m4.rpath aclocal.m4
 rm -f php-webclient-ajax/{.,*,*/*}/*.webaccess-*
 %patch12 -p1 -b .gsoap-sslv3
 %patch13 -p1 -b .licensed-archiver
+%patch14 -p1 -b .upgrade-lock
 
 %build
 %if 0%{?rhel}%{?fedora} < 6
@@ -951,6 +953,10 @@ fi
 %{python_sitearch}/*
 
 %changelog
+* Mon May 18 2015 Robert Scheck <robert at fedoraproject.org> 7.1.12-2
+- Upgrade to 7.1.12 (re-released)
+- Backported patch from Zarafa 7.2 to fix CVE-2015-3436 (#1222151)
+
 * Tue Apr 07 2015 Robert Scheck <robert at fedoraproject.org> 7.1.12-1
 - Upgrade to 7.1.12
 - Added multiple minor enhancement and bugfix patches
-- 
cgit v0.10.2


	http://pkgs.fedoraproject.org/cgit/zarafa.git/commit/?h=el5&id=e2f70a50f94813d70f0ca73d16f1e5579ef78297

More information about the scm-commits mailing list