Hello community,
here is the log from the commit of package python-rtslib-fb for
openSUSE:Factory checked in at 2020-07-02 23:54:09
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-rtslib-fb (Old)
and /work/SRC/openSUSE:Factory/.python-rtslib-fb.new.3060 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-rtslib-fb"
Thu Jul 2 23:54:09 2020 rev:24 rq:817942 version:2.1.73
Changes:
--------
--- /work/SRC/openSUSE:Factory/python-rtslib-fb/python-rtslib-fb.changes
2020-03-05 23:21:54.845298769 +0100
+++
/work/SRC/openSUSE:Factory/.python-rtslib-fb.new.3060/python-rtslib-fb.changes
2020-07-02 23:54:29.564505786 +0200
@@ -1,0 +2,15 @@
+Tue Jun 30 17:49:04 UTC 2020 - [email protected]
+
+- Update to version v2.1.73 (bsc#1173257 CVE-2020-14019):
+ * version 2.1.73
+ * save_to_file: fix fd open mode
+ * saveconfig: copy temp configfile with permissions
+ * saveconfig: open the temp configfile with modes set
+ * Fix "is not" with a literal SyntaxWarning
+ * Fix an incorrect config path in two comments
+ * version 2.1.72
+ * Do not change dbroot after drivers have been registered
+ * Remove '_if_needed' from RTSRoot._set_dbroot()'s name
+ Replacing old tarball with python-rtslib-fb-v2.1.73.tar.xz
+
+-------------------------------------------------------------------
Old:
----
python-rtslib-fb-v2.1.71.tar.xz
New:
----
python-rtslib-fb-v2.1.73.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-rtslib-fb.spec ++++++
--- /var/tmp/diff_new_pack.cDHhUY/_old 2020-07-02 23:54:31.716512920 +0200
+++ /var/tmp/diff_new_pack.cDHhUY/_new 2020-07-02 23:54:31.720512933 +0200
@@ -19,7 +19,7 @@
%define dbdir %{_sysconfdir}/target
%{?!python_module:%define python_module() python-%{**} python3-%{**}}
Name: python-rtslib-fb
-Version: 2.1.71
+Version: 2.1.73
Release: 0%{?dist}
Summary: API for Linux kernel SCSI target (aka LIO)
License: Apache-2.0
++++++ _service ++++++
--- /var/tmp/diff_new_pack.cDHhUY/_old 2020-07-02 23:54:31.788513158 +0200
+++ /var/tmp/diff_new_pack.cDHhUY/_new 2020-07-02 23:54:31.792513172 +0200
@@ -7,7 +7,7 @@
<param name="versionformat">@PARENT_TAG@</param>
<param name="versionrewrite-pattern">v(\d*\.\d*\.)fb(\d*)</param>
<param name="versionrewrite-replacement">\1\2</param>
- <param name="revision">v2.1.71</param>
+ <param name="revision">v2.1.73</param>
<param name="changesgenerate">enable</param>
</service>
<service name="recompress" mode="disabled">
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.cDHhUY/_old 2020-07-02 23:54:31.816513251 +0200
+++ /var/tmp/diff_new_pack.cDHhUY/_new 2020-07-02 23:54:31.816513251 +0200
@@ -1,4 +1,4 @@
<servicedata>
<service name="tar_scm">
<param
name="url">https://github.com/open-iscsi/rtslib-fb.git</param>
- <param
name="changesrevision">b37bc67fc7ed3d1ec447e9f43eb68d30dd716367</param></service></servicedata>
\ No newline at end of file
+ <param
name="changesrevision">4766d9d07338778a599d7d7e2b5012ac5b03bc16</param></service></servicedata>
\ No newline at end of file
++++++ python-rtslib-fb-v2.1.71.tar.xz -> python-rtslib-fb-v2.1.73.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/python-rtslib-fb-v2.1.71/rtslib/__init__.py
new/python-rtslib-fb-v2.1.73/rtslib/__init__.py
--- old/python-rtslib-fb-v2.1.71/rtslib/__init__.py 2019-11-06
13:35:08.000000000 +0100
+++ new/python-rtslib-fb-v2.1.73/rtslib/__init__.py 2020-06-24
10:16:57.000000000 +0200
@@ -36,7 +36,7 @@
from .alua import ALUATargetPortGroup
-__version__ = '2.1.71'
+__version__ = '2.1.73'
__author__ = "Jerome Martin <[email protected]>"
__url__ = 'http://github.com/open-iscsi/rtslib-fb'
__description__ = 'API for Linux kernel SCSI target (aka LIO)'
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/python-rtslib-fb-v2.1.71/rtslib/fabric.py
new/python-rtslib-fb-v2.1.73/rtslib/fabric.py
--- old/python-rtslib-fb-v2.1.71/rtslib/fabric.py 2019-11-06
13:35:08.000000000 +0100
+++ new/python-rtslib-fb-v2.1.73/rtslib/fabric.py 2020-06-24
10:16:57.000000000 +0200
@@ -486,3 +486,7 @@
def all(cls):
for mod in six.itervalues(fabric_modules):
yield mod()
+
+ @classmethod
+ def list_registered_drivers(cls):
+ return os.listdir('/sys/module/target_core_mod/holders')
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/python-rtslib-fb-v2.1.71/rtslib/root.py
new/python-rtslib-fb-v2.1.73/rtslib/root.py
--- old/python-rtslib-fb-v2.1.71/rtslib/root.py 2019-11-06 13:35:08.000000000
+0100
+++ new/python-rtslib-fb-v2.1.73/rtslib/root.py 2020-06-24 10:16:57.000000000
+0200
@@ -85,7 +85,7 @@
modprobe('target_core_mod')
self._create_in_cfs_ine('any')
- self._set_dbroot_if_needed()
+ self._set_dbroot()
def _list_targets(self):
self._check_self()
@@ -160,13 +160,21 @@
def __str__(self):
return "rtslib"
- def _set_dbroot_if_needed(self):
+ def _set_dbroot(self):
dbroot_path = self.path + "/dbroot"
if not os.path.exists(dbroot_path):
self._dbroot = self._default_dbroot
return
self._dbroot = fread(dbroot_path)
if self._dbroot != self._preferred_dbroot:
+ if len(FabricModule.list_registered_drivers()) != 0:
+ # Writing to dbroot_path after drivers have been registered
will make the kernel emit this error:
+ # db_root: cannot be changed: target drivers registered
+ from warnings import warn
+ warn("Cannot set dbroot to {}. Target drivers have already
been registered."
+ .format(self._preferred_dbroot))
+ return
+
try:
fwrite(dbroot_path, self._preferred_dbroot+"\n")
except:
@@ -441,7 +449,7 @@
def save_to_file(self, save_file=None, so_path=None):
'''
Write the configuration in json format to a file.
- Save file defaults to '/etc/targets/saveconfig.json'.
+ Save file defaults to '/etc/target/saveconfig.json'.
'''
if not save_file:
save_file = default_save_file
@@ -453,15 +461,33 @@
tmp_file = save_file + ".temp"
- with open(tmp_file, "w+") as f:
- os.fchmod(f.fileno(), stat.S_IRUSR | stat.S_IWUSR)
+ mode = stat.S_IRUSR | stat.S_IWUSR # 0o600
+ umask = 0o777 ^ mode # Prevents always downgrading umask to 0
+
+ # For security, remove file with potentially elevated mode
+ try:
+ os.remove(tmp_file)
+ except OSError:
+ pass
+
+ umask_original = os.umask(umask)
+ # Even though the old file is first deleted, a race condition is still
+ # possible. Including os.O_EXCL with os.O_CREAT in the flags will
+ # prevent the file from being created if it exists due to a race
+ try:
+ fdesc = os.open(tmp_file, os.O_WRONLY | os.O_CREAT | os.O_EXCL,
mode)
+ finally:
+ os.umask(umask_original)
+
+ with os.fdopen(fdesc, 'w') as f:
f.write(json.dumps(saveconf, sort_keys=True, indent=2))
f.write("\n")
f.flush()
os.fsync(f.fileno())
f.close()
- shutil.copyfile(tmp_file, save_file)
+ # copy along with permissions
+ shutil.copy(tmp_file, save_file)
os.remove(tmp_file)
def restore_from_file(self, restore_file=None, clear_existing=True,
@@ -469,7 +495,7 @@
abort_on_error=False):
'''
Restore the configuration from a file in json format.
- Restore file defaults to '/etc/targets/saveconfig.json'.
+ Restore file defaults to '/etc/target/saveconfig.json'.
Returns a list of non-fatal errors. If abort_on_error is set,
it will raise the exception instead of continuing.
'''
