diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2013-04-12 12:49:40 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2013-04-12 12:53:48 +0000 |
commit | b2343efd22068339ff40fa6f2843c0dc091b1a99 (patch) | |
tree | 486507719b096e175f053f9118510b61c5109255 | |
parent | 6c450cd99f50bc642856c90bc1eb74c65b534e36 (diff) | |
download | aports-b2343efd22068339ff40fa6f2843c0dc091b1a99.tar.bz2 aports-b2343efd22068339ff40fa6f2843c0dc091b1a99.tar.xz |
main/automake: security fix (CVE-2012-3386)
fixes #1764
-rw-r--r-- | main/automake/APKBUILD | 17 | ||||
-rw-r--r-- | main/automake/CVE-2012-3386.patch | 73 |
2 files changed, 87 insertions, 3 deletions
diff --git a/main/automake/APKBUILD b/main/automake/APKBUILD index 262d1caaa3..67a2733c3f 100644 --- a/main/automake/APKBUILD +++ b/main/automake/APKBUILD @@ -1,16 +1,26 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=automake pkgver=1.11.1 -pkgrel=0 +pkgrel=1 pkgdesc="A GNU tool for automatically creating Makefiles" arch="noarch" license=GPL url="http://www.gnu.org/software/automake" -source=ftp://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.gz +source="ftp://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.gz + CVE-2012-3386.patch" depends="perl" makedepends="autoconf" subpackages="$pkgname-doc" +prepare() { + cd "$srcdir"/$pkgname-$pkgver + for i in $source; do + case $i in + *.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;; + esac + done +} + build() { cd "$srcdir"/$pkgname-$pkgver ./configure --prefix=/usr @@ -22,4 +32,5 @@ package() { make DESTDIR=$pkgdir install } -md5sums="4ee7f0ff5f0e467d58b6bd5da96b1c74 automake-1.11.1.tar.gz" +md5sums="4ee7f0ff5f0e467d58b6bd5da96b1c74 automake-1.11.1.tar.gz +4f3b076713662c040dbe22aa7e074eef CVE-2012-3386.patch" diff --git a/main/automake/CVE-2012-3386.patch b/main/automake/CVE-2012-3386.patch new file mode 100644 index 0000000000..7960a56917 --- /dev/null +++ b/main/automake/CVE-2012-3386.patch @@ -0,0 +1,73 @@ +>From bab7065f75bb9680df8c782da06a8312e5fa95a6 Mon Sep 17 00:00:00 2001 +Message-Id: <address@hidden> +From: Stefano Lattarini <address@hidden> +Date: Fri, 6 Jul 2012 22:43:04 +0200 +Subject: [PATCH] distcheck: never make part of $(distdir) world-writable + +This fixes a locally-exploitable security vulnerability (CVE-2012-3386). + +In the 'distcheck' rule, we used to make the just-extracted (from +the distribution tarball) $(distdir) directory and all its files and +subdirectories read-only; then, in order to create the '_inst' and +'_build' subdirectories in there (used by the rest of the recipe) we +made the top-level $(distdir) *world-writable* for an instant (the +time to create those two directories) before making it read-only +again. + +Making that directory world-writable (albeit only briefly) introduced a +locally exploitable race condition for those who run "make distcheck" with +a non-restrictive umask (e.g., 022) in a directory that is accessible by +others. A successful exploit would result in arbitrary code execution +with the privileges of the user running "make distcheck" -- game over. +Jim Meyering wrote a proof-of-concept script showing that such exploit is +easily implemented. + +This issue is similar to the CVE-2009-4029 vulnerability: +<http://lists.gnu.org/archive/html/automake/2009-12/msg00012.html> + +* lib/am/distdir.am (distcheck): Don't make $(distdir) world-writable, +not even for an instant; make it user-writable instead, which is enough. + +Helped-By: Jim Meyering <address@hidden> +Signed-off-by: Stefano Lattarini <address@hidden> +--- + NEWS | 9 +++++++++ + lib/am/distdir.am | 2 +- + 2 files changed, 10 insertions(+), 1 deletion(-) + +diff --git a/NEWS b/NEWS +index ee16961..4975e8e 100644 +--- a/NEWS ++++ b/NEWS +@@ -92,6 +92,15 @@ New in 1.12.2: + + Bugs fixed in 1.12.2: + ++* SECURITY VULNERABILITIES! ++ ++ - The recipe of the 'distcheck' no longer grants anymore temporary ++ world-wide write permissions on the extracted distdir. Even if such ++ rights were only granted for a vanishingly small time window, the ++ implied race condition proved to be enough to allow a local attacker ++ to run arbitrary code with the privileges of the user running "make ++ distcheck". This is CVE-2012-3386. ++ + * Long-standing bugs: + + - The "recheck" targets behaves better in the face of build failures +diff --git a/lib/am/distdir.am b/lib/am/distdir.am +index e27b650..f636a1e 100644 +--- a/lib/am/distdir.am ++++ b/lib/am/distdir.am +@@ -449,7 +449,7 @@ distcheck: dist + ## Make the new source tree read-only. Distributions ought to work in + ## this case. However, make the top-level directory writable so we + ## can make our new subdirs. +- chmod -R a-w $(distdir); chmod a+w $(distdir) ++ chmod -R a-w $(distdir); chmod u+w $(distdir) + mkdir $(distdir)/_build + mkdir $(distdir)/_inst + ## Undo the write access. +-- +1.7.9.5 + |