packages: systemd/systemd.spec, systemd/CVE-2012-1174.patch (NEW)=?UTF-8?Q?=20?=- up to 4...

baggins baggins at pld-linux.org
Fri Mar 16 22:34:57 CET 2012 

Author: baggins                      Date: Fri Mar 16 21:34:57 2012 GMT
Module: packages                      Tag: HEAD
---- Log message:
- up to 44
- add patch to fix CVE-2012-1174 (https://bugzilla.redhat.com/show_bug.cgi?id=803358)
- move devel man pages to devel package

---- Files affected:
packages/systemd:
   systemd.spec (1.127 -> 1.128) , CVE-2012-1174.patch (NONE -> 1.1)  (NEW)

---- Diffs:

================================================================
Index: packages/systemd/systemd.spec
diff -u packages/systemd/systemd.spec:1.127 packages/systemd/systemd.spec:1.128
--- packages/systemd/systemd.spec:1.127	Fri Mar 16 08:18:19 2012
+++ packages/systemd/systemd.spec	Fri Mar 16 22:34:52 2012
@@ -17,12 +17,12 @@
 Summary:	A System and Service Manager
 Summary(pl.UTF-8):	systemd - zarządca systemu i usług dla Linuksa
 Name:		systemd
-Version:	43
-Release:	7
+Version:	44
+Release:	1
 License:	GPL v2+
 Group:		Base
 Source0:	http://www.freedesktop.org/software/systemd/%{name}-%{version}.tar.xz
-# Source0-md5:	446cc6db7625617af67e2d8e5f503a49
+# Source0-md5:	11f44ff74c87850064e4351518bcff17
 Source1:	%{name}-sysv-convert
 Source2:	%{name}_booted.c
 Source3:	network.service
@@ -37,6 +37,7 @@
 Patch2:		shut-sysv-up.patch
 Patch3:		pld-sysv-network.patch
 Patch4:		tmpfiles-not-fatal.patch
+Patch5:		CVE-2012-1174.patch
 URL:		http://www.freedesktop.org/wiki/Software/systemd
 BuildRequires:	acl-devel
 %{?with_audit:BuildRequires:	audit-libs-devel}
@@ -319,6 +320,7 @@
 %patch2 -p1
 %patch3 -p1
 %patch4 -p1
+%patch5 -p1
 cp -p %{SOURCE2} src/systemd_booted.c
 
 %build
@@ -555,15 +557,6 @@
 %{_datadir}/systemd/kbd-model-map
 %{_mandir}/man1/systemd.1*
 %{_mandir}/man1/systemd-*.1*
-%{_mandir}/man3/sd_booted.3*
-%{_mandir}/man3/sd_is_fifo.3*
-%{_mandir}/man3/sd_is_socket.3
-%{_mandir}/man3/sd_is_socket_inet.3
-%{_mandir}/man3/sd_is_socket_unix.3
-%{_mandir}/man3/sd_listen_fds.3*
-%{_mandir}/man3/sd_notify.3*
-%{_mandir}/man3/sd_notifyf.3
-%{_mandir}/man3/sd_readahead.3*
 %{_mandir}/man5/binfmt.d.5*
 %{_mandir}/man5/hostname.5*
 %{_mandir}/man5/locale.conf.5*
@@ -573,6 +566,7 @@
 %{_mandir}/man5/os-release.5*
 %{_mandir}/man5/sysctl.d.5*
 %{_mandir}/man5/systemd.*.5*
+%{_mandir}/man5/systemd-journald.conf.5*
 %{_mandir}/man5/systemd-logind.conf.5*
 %{_mandir}/man5/timezone.5*
 %{_mandir}/man5/vconsole.conf.5*
@@ -726,21 +720,34 @@
 %{_pkgconfigdir}/libsystemd-id128.pc
 %{_pkgconfigdir}/libsystemd-journal.pc
 %{_pkgconfigdir}/libsystemd-login.pc
+%{_mandir}/man3/sd_booted.3*
 %{_mandir}/man3/sd_get_seats.3*
 %{_mandir}/man3/sd_get_sessions.3*
 %{_mandir}/man3/sd_get_uids.3*
+%{_mandir}/man3/sd_is_fifo.3*
 %{_mandir}/man3/sd_is_mq.3*
+%{_mandir}/man3/sd_is_socket.3
+%{_mandir}/man3/sd_is_socket_inet.3
+%{_mandir}/man3/sd_is_socket_unix.3
+%{_mandir}/man3/sd_listen_fds.3*
 %{_mandir}/man3/sd_login_monitor_flush.3*
 %{_mandir}/man3/sd_login_monitor_get_fd.3*
 %{_mandir}/man3/sd_login_monitor_new.3*
 %{_mandir}/man3/sd_login_monitor_unref.3*
+%{_mandir}/man3/sd_notify.3*
+%{_mandir}/man3/sd_notifyf.3
 %{_mandir}/man3/sd_pid_get_owner_uid.3*
 %{_mandir}/man3/sd_pid_get_session.3*
 %{_mandir}/man3/sd_pid_get_unit.3*
+%{_mandir}/man3/sd_readahead.3*
 %{_mandir}/man3/sd_seat_can_multi_session.3*
 %{_mandir}/man3/sd_seat_get_active.3*
 %{_mandir}/man3/sd_seat_get_sessions.3*
+%{_mandir}/man3/sd_session_get_class.3*
+%{_mandir}/man3/sd_session_get_display.3*
 %{_mandir}/man3/sd_session_get_seat.3*
+%{_mandir}/man3/sd_session_get_service.3*
+%{_mandir}/man3/sd_session_get_type.3*
 %{_mandir}/man3/sd_session_get_uid.3*
 %{_mandir}/man3/sd_session_is_active.3*
 %{_mandir}/man3/sd_uid_get_seats.3*
@@ -762,6 +769,11 @@
 All persons listed below can be reached at <cvs_login>@pld-linux.org
 
 $Log$
+Revision 1.128  2012/03/16 21:34:52  baggins
+- up to 44
+- add patch to fix CVE-2012-1174 (https://bugzilla.redhat.com/show_bug.cgi?id=803358)
+- move devel man pages to devel package
+
 Revision 1.127  2012/03/16 07:18:19  baggins
 - rel 7
 - make sure all (network) drivers are loaded and accounted for

================================================================
Index: packages/systemd/CVE-2012-1174.patch
diff -u /dev/null packages/systemd/CVE-2012-1174.patch:1.1
--- /dev/null	Fri Mar 16 22:34:58 2012
+++ packages/systemd/CVE-2012-1174.patch	Fri Mar 16 22:34:52 2012
@@ -0,0 +1,28 @@
+From 5ebff5337594d690b322078c512eb222d34aaa82 Mon Sep 17 00:00:00 2001
+From: Michal Schmidt <mschmidt at redhat.com>
+Date: Fri, 02 Mar 2012 09:39:10 +0000
+Subject: util: never follow symlinks in rm_rf_children()
+
+The function checks if the entry is a directory before recursing, but
+there is a window between the check and the open, during which the
+directory could be replaced with a symlink.
+
+CVE-2012-1174
+https://bugzilla.redhat.com/show_bug.cgi?id=803358
+---
+diff --git a/src/util.c b/src/util.c
+index 20cbc2b..dfc1dc6 100644
+--- a/src/util.c
++++ b/src/util.c
+@@ -3593,7 +3593,8 @@ static int rm_rf_children(int fd, bool only_dirs, bool honour_sticky) {
+                 if (is_dir) {
+                         int subdir_fd;
+ 
+-                        if ((subdir_fd = openat(fd, de->d_name, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC)) < 0) {
++                        subdir_fd = openat(fd, de->d_name, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW);
++                        if (subdir_fd < 0) {
+                                 if (ret == 0 && errno != ENOENT)
+                                         ret = -errno;
+                                 continue;
+--
+cgit v0.9.0.2-2-gbebe
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/systemd/systemd.spec?r1=1.127&r2=1.128&f=u

More information about the pld-cvs-commit mailing list