commit nfs-utils for openSUSE:Factory

Sat, 23 Nov 2019 14:46:54 -0800 

Hello community,

here is the log from the commit of package nfs-utils for openSUSE:Factory 
checked in at 2019-11-23 23:46:21
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/nfs-utils (Old)
 and      /work/SRC/openSUSE:Factory/.nfs-utils.new.26869 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "nfs-utils"

Sat Nov 23 23:46:21 2019 rev:150 rq:750032 version:unknown

Changes:
--------
--- /work/SRC/openSUSE:Factory/nfs-utils/nfs-utils.changes      2019-09-25 
01:35:27.137668009 +0200
+++ /work/SRC/openSUSE:Factory/.nfs-utils.new.26869/nfs-utils.changes   
2019-11-23 23:46:22.518940887 +0100
@@ -1,0 +2,11 @@
+Wed Nov 20 23:55:31 UTC 2019 - Neil Brown <[email protected]>
+
+- nfs-utils.spec - don't chown when not needed.
+  Only chown directories in /var/lib/nfs to statd
+  if they are currently owned by root.
+  The chown is needed for some upgrades, but if the
+  dirs are already owned by statd, an vulnerability in
+  statd could be escalated to root.
+  (bsc#1157321)
+
+-------------------------------------------------------------------

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ nfs-utils.spec ++++++
--- /var/tmp/diff_new_pack.ru9YRk/_old  2019-11-23 23:46:23.570941011 +0100
+++ /var/tmp/diff_new_pack.ru9YRk/_new  2019-11-23 23:46:23.574941012 +0100
@@ -224,9 +224,17 @@
 %service_add_pre auth-rpcgss-module.service nfs-idmapd.service 
nfs-blkmap.service rpc-statd-notify.service rpc-gssd.service rpc-statd.service 
rpc-svcgssd.service
 
 %post -n nfs-client
+# lib/nfs must be root-owned. 
+# sm and sm.back and contents should be statd:nogroup,
+# but only chown if the dirs are currently root-owned.
+# This is needed for some upgraded, but chown is best avoided
+# when not necessary
 chown root:root %{_localstatedir}/lib/nfs > /dev/null 2>&1 || :
 for i in sm sm.bak; do
-       chown -R statd:nogroup %{_localstatedir}/lib/nfs/$i > /dev/null 2>&1 || 
:
+    p=%{_localstatedir}/lib/nfs/$i
+    if [ -d "$b" -a -n "`chown 2> /dev/null -c --from root statd:nogroup $p`" 
]; then
+       chown -R statd:nogroup $p > /dev/null 2>&1 || :
+    fi
 done
 ### migrate from /var/lock/subsys
 [ -d /run/nfs ] || mkdir /run/nfs

Reply via email to