diff options
| author | Natanael Copa <ncopa@alpinelinux.org> | 2014-02-05 12:35:55 +0000 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2014-02-05 12:35:55 +0000 |
| commit | 364b830649d5e4c6118660c09f94c404a8a0a079 (patch) | |
| tree | ea7299e0063751d886773280377c642e52da68d6 /main/augeas | |
| parent | 463d66f4cb7fe8b689c0dd463671e28f722f803c (diff) | |
| download | aports-364b830649d5e4c6118660c09f94c404a8a0a079.tar.bz2 aports-364b830649d5e4c6118660c09f94c404a8a0a079.tar.xz | |
main/augeas: security fix for CVE-2013-6412
fixes #2670
Diffstat (limited to 'main/augeas')
| -rw-r--r-- | main/augeas/APKBUILD | 14 | ||||
| -rw-r--r-- | main/augeas/CVE-2013-6412.patch | 32 |
2 files changed, 41 insertions, 5 deletions
diff --git a/main/augeas/APKBUILD b/main/augeas/APKBUILD index 534952baf2..ce69529777 100644 --- a/main/augeas/APKBUILD +++ b/main/augeas/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=augeas pkgver=1.1.0 -pkgrel=1 +pkgrel=2 pkgdesc="A configuration editing tool" url="http://augeas.net" arch="all" @@ -11,7 +11,8 @@ depends_dev="libxml2-dev" makedepends="$depends_dev readline-dev" install="" subpackages="$pkgname-dev $pkgname-doc $pkgname-tests $pkgname-libs" -source="http://download.augeas.net/augeas-$pkgver.tar.gz iface-multiopt.patch" +source="http://download.augeas.net/augeas-$pkgver.tar.gz iface-multiopt.patch + CVE-2013-6412.patch" _builddir="$srcdir"/$pkgname-$pkgver prepare() { @@ -68,8 +69,11 @@ libs() { } md5sums="520ce983457ff9ffa3816bc41a9f328b augeas-1.1.0.tar.gz -5fb936320a5f7f0386fbc00f3bc751c2 iface-multiopt.patch" +5fb936320a5f7f0386fbc00f3bc751c2 iface-multiopt.patch +90f48a055dfda363eb518902358d857c CVE-2013-6412.patch" sha256sums="9d81e4228329e2d5cccb018ab06bc8b734fb2dede2c4d9b5c02303d4a690b76b augeas-1.1.0.tar.gz -1407f8de30cc2383cb6279e650fe458e664551426fa8227803e474a1550086a8 iface-multiopt.patch" +1407f8de30cc2383cb6279e650fe458e664551426fa8227803e474a1550086a8 iface-multiopt.patch +c323c75dc12d41d5b79e9825dcee496791830068b69dcd7b08b69694752a3db4 CVE-2013-6412.patch" sha512sums="ddb06f71993079330fc5b134ccd45476c1ab24f475b7a859c5920a7af3bd00d4dae31bf8110841ded4c4f5197e72911c298d7fcfe32d1d3e6821bca74aa67e26 augeas-1.1.0.tar.gz -185875ddac0e81d2842864a5627e90dea402492927b5dfb92397c01045ac864994e1ff2502ab4c21b66d9e8ad65028c3f5dcf860bf24181b18cd5422f2d04adf iface-multiopt.patch" +185875ddac0e81d2842864a5627e90dea402492927b5dfb92397c01045ac864994e1ff2502ab4c21b66d9e8ad65028c3f5dcf860bf24181b18cd5422f2d04adf iface-multiopt.patch +a9f570c12f0212b37574b26f566e3c43f2ed7267c5db9672673f08a5f1037d5d7ea3b7aadb3c00cdb3dd3163b420ae3144d3bcb0a78ea01dfc14c80f435d062d CVE-2013-6412.patch" diff --git a/main/augeas/CVE-2013-6412.patch b/main/augeas/CVE-2013-6412.patch new file mode 100644 index 0000000000..9660a8c0f9 --- /dev/null +++ b/main/augeas/CVE-2013-6412.patch @@ -0,0 +1,32 @@ +From f5b4fc0ceb0e5a2be5f3a19f63ad936897a3ac26 Mon Sep 17 00:00:00 2001 +From: Dominic Cleal <dcleal@redhat.com> +Date: Mon, 2 Dec 2013 17:49:35 +0000 +Subject: [PATCH] Fix umask handling when creating new files + + * src/transform.c (transform_save): faulty umask arithmetic would cause + overly-open file modes when the umask contains "7", as the umask was + incorrectly subtracted from the target file mode + +Fixes CVE-2013-6412, RHBZ#1034261 +--- + src/transform.c | 2 +- + tests/test-save.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 49 insertions(+), 1 deletion(-) + +diff --git a/src/transform.c b/src/transform.c +index 9f7653e..1026912 100644 +--- a/src/transform.c ++++ b/src/transform.c +@@ -1144,7 +1144,7 @@ int transform_save(struct augeas *aug, struct tree *xfm, + mode_t curumsk = umask(022); + umask(curumsk); + +- if (fchmod(fileno(fp), 0666 - curumsk) < 0) { ++ if (fchmod(fileno(fp), 0666 & ~curumsk) < 0) { + err_status = "create_chmod"; + return -1; + } +-- +1.8.5.1 + +The test/test-save.c hunk didnt apply so it was removed |