Commit 364b8306 authored by Natanael Copa's avatar Natanael Copa
Browse files

main/augeas: security fix for CVE-2013-6412

fixes #2670
parent 463d66f4
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=augeas
pkgver=1.1.0
pkgrel=1
pkgrel=2
pkgdesc="A configuration editing tool"
url="http://augeas.net"
arch="all"
......@@ -11,7 +11,8 @@ depends_dev="libxml2-dev"
makedepends="$depends_dev readline-dev"
install=""
subpackages="$pkgname-dev $pkgname-doc $pkgname-tests $pkgname-libs"
source="http://download.augeas.net/augeas-$pkgver.tar.gz iface-multiopt.patch"
source="http://download.augeas.net/augeas-$pkgver.tar.gz iface-multiopt.patch
CVE-2013-6412.patch"
_builddir="$srcdir"/$pkgname-$pkgver
prepare() {
......@@ -68,8 +69,11 @@ libs() {
}
md5sums="520ce983457ff9ffa3816bc41a9f328b augeas-1.1.0.tar.gz
5fb936320a5f7f0386fbc00f3bc751c2 iface-multiopt.patch"
5fb936320a5f7f0386fbc00f3bc751c2 iface-multiopt.patch
90f48a055dfda363eb518902358d857c CVE-2013-6412.patch"
sha256sums="9d81e4228329e2d5cccb018ab06bc8b734fb2dede2c4d9b5c02303d4a690b76b augeas-1.1.0.tar.gz
1407f8de30cc2383cb6279e650fe458e664551426fa8227803e474a1550086a8 iface-multiopt.patch"
1407f8de30cc2383cb6279e650fe458e664551426fa8227803e474a1550086a8 iface-multiopt.patch
c323c75dc12d41d5b79e9825dcee496791830068b69dcd7b08b69694752a3db4 CVE-2013-6412.patch"
sha512sums="ddb06f71993079330fc5b134ccd45476c1ab24f475b7a859c5920a7af3bd00d4dae31bf8110841ded4c4f5197e72911c298d7fcfe32d1d3e6821bca74aa67e26 augeas-1.1.0.tar.gz
185875ddac0e81d2842864a5627e90dea402492927b5dfb92397c01045ac864994e1ff2502ab4c21b66d9e8ad65028c3f5dcf860bf24181b18cd5422f2d04adf iface-multiopt.patch"
185875ddac0e81d2842864a5627e90dea402492927b5dfb92397c01045ac864994e1ff2502ab4c21b66d9e8ad65028c3f5dcf860bf24181b18cd5422f2d04adf iface-multiopt.patch
a9f570c12f0212b37574b26f566e3c43f2ed7267c5db9672673f08a5f1037d5d7ea3b7aadb3c00cdb3dd3163b420ae3144d3bcb0a78ea01dfc14c80f435d062d CVE-2013-6412.patch"
From f5b4fc0ceb0e5a2be5f3a19f63ad936897a3ac26 Mon Sep 17 00:00:00 2001
From: Dominic Cleal <dcleal@redhat.com>
Date: Mon, 2 Dec 2013 17:49:35 +0000
Subject: [PATCH] Fix umask handling when creating new files
* src/transform.c (transform_save): faulty umask arithmetic would cause
overly-open file modes when the umask contains "7", as the umask was
incorrectly subtracted from the target file mode
Fixes CVE-2013-6412, RHBZ#1034261
---
src/transform.c | 2 +-
tests/test-save.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 49 insertions(+), 1 deletion(-)
diff --git a/src/transform.c b/src/transform.c
index 9f7653e..1026912 100644
--- a/src/transform.c
+++ b/src/transform.c
@@ -1144,7 +1144,7 @@ int transform_save(struct augeas *aug, struct tree *xfm,
mode_t curumsk = umask(022);
umask(curumsk);
- if (fchmod(fileno(fp), 0666 - curumsk) < 0) {
+ if (fchmod(fileno(fp), 0666 & ~curumsk) < 0) {
err_status = "create_chmod";
return -1;
}
--
1.8.5.1
The test/test-save.c hunk didnt apply so it was removed
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment