Hello community,
here is the log from the commit of package udev for openSUSE:Factory checked in
at 2012-07-12 14:56:09
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/udev (Old)
and /work/SRC/openSUSE:Factory/.udev.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "udev", Maintainer is "rmila...@suse.com"
Changes:
--------
--- /work/SRC/openSUSE:Factory/udev/udev.changes 2012-06-28
17:03:18.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.udev.new/udev.changes 2012-07-12
14:56:11.000000000 +0200
@@ -1,0 +2,16 @@
+Wed Jul 11 13:24:21 UTC 2012 - rmila...@suse.com
+
+- Security: libudev using getenv() in suids (bnc#697103)
+ add: 0015-udev-secure-getenv.patch
+ Added several patches from upstream:
+ add: 0016-udev-ata_id-fixup-all-8-not-only-6-bytes-of-the-fw_revision.patch
+ add: 0017-udev-add-some-O_CLOEXEC.patch
+ add: 0018-udev-static-nodes-fix-default-permissions-if-no-rule.patch
+
+-------------------------------------------------------------------
+Fri Jul 6 14:37:31 UTC 2012 - dmuel...@suse.com
+
+- move udev.pc to the libudev-devel subpackage, as it causes
+ a pkg-config dependency
+
+-------------------------------------------------------------------
New:
----
0015-udev-secure-getenv.patch
0016-udev-ata_id-fixup-all-8-not-only-6-bytes-of-the-fw_revision.patch
0017-udev-add-some-O_CLOEXEC.patch
0018-udev-static-nodes-fix-default-permissions-if-no-rule.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ udev.spec ++++++
--- /var/tmp/diff_new_pack.PDY4Ir/_old 2012-07-12 14:56:14.000000000 +0200
+++ /var/tmp/diff_new_pack.PDY4Ir/_new 2012-07-12 14:56:14.000000000 +0200
@@ -80,6 +80,14 @@
Patch13: 0013-re-enable-by_path-links-for-ata-devices.patch
# PATCH-FIX-OPENSUSE 0014-rules-create-by-id-scsi-links-for-ATA-devices.patch
Patch14: 0014-rules-create-by-id-scsi-links-for-ATA-devices.patch
+# PATCH-FIX-OPENSUSE 0015-udev-secure-getenv.patch
+Patch15: 0015-udev-secure-getenv.patch
+# PATCH-FIX-UPSTREAM
0016-udev-ata_id-fixup-all-8-not-only-6-bytes-of-the-fw_revision.patch
+Patch16:
0016-udev-ata_id-fixup-all-8-not-only-6-bytes-of-the-fw_revision.patch
+# PATCH-FIX-UPSTREAM 0017-udev-add-some-O_CLOEXEC.patch
+Patch17: 0017-udev-add-some-O_CLOEXEC.patch
+# PATCH-FIX-UPSTREAM
0018-udev-static-nodes-fix-default-permissions-if-no-rule.patch
+Patch18: 0018-udev-static-nodes-fix-default-permissions-if-no-rule.patch
# Upstream First - Policy:
# Never add any patches to this package without the upstream commit id
@@ -163,6 +171,10 @@
%patch12 -p1
%patch13 -p1
%patch14 -p1
+%patch15 -p1
+%patch16 -p1
+%patch17 -p1
+%patch18 -p1
%build
autoreconf -vfi
@@ -277,7 +289,6 @@
%dir %{_sysconfdir}/udev/rules.d/
%config(noreplace) %{_sysconfdir}/udev/udev.conf
%{_mandir}/man?/*.[0-9]*
-%{_datadir}/pkgconfig/udev.pc
%doc %{_docdir}/udev
%dir /lib/udev/devices/
%dir /lib/systemd/system
@@ -296,6 +307,7 @@
%defattr(-,root,root)
%{_includedir}/libudev.h
%{_libdir}/libudev.so
+%{_datadir}/pkgconfig/udev.pc
%{_libdir}/pkgconfig/libudev.pc
%dir %{_datadir}/gtk-doc
%dir %{_datadir}/gtk-doc/html
++++++ 0015-udev-secure-getenv.patch ++++++
Index: udev-182/src/libudev.c
===================================================================
--- udev-182.orig/src/libudev.c
+++ udev-182/src/libudev.c
@@ -135,7 +135,7 @@ UDEV_EXPORT struct udev *udev_new(void)
udev_list_init(udev, &udev->properties_list, true);
/* custom config file */
- env = getenv("UDEV_CONFIG_FILE");
+ env = __secure_getenv("UDEV_CONFIG_FILE");
if (env != NULL) {
if (set_value(&config_file, env) == NULL)
goto err;
@@ -237,7 +237,7 @@ UDEV_EXPORT struct udev *udev_new(void)
}
/* environment overrides config */
- env = getenv("UDEV_LOG");
+ env = __secure_getenv("UDEV_LOG");
if (env != NULL)
udev_set_log_priority(udev, util_log_priority(env));
++++++ 0016-udev-ata_id-fixup-all-8-not-only-6-bytes-of-the-fw_revision.patch
++++++
>From daa9cf546ce7265645ced9592dd54c6b2fc04302 Mon Sep 17 00:00:00 2001
From: Kay Sievers <k...@vrfy.org>
Date: Thu, 5 Jul 2012 16:53:08 +0200
Subject: [PATCH] udev: ata_id - fixup all 8 not only 6 bytes of the fw_rev
string
The last two digits are in the wrong order:
$ hdparm -I /dev/sda | grep Revision
4PC10362
$ /lib/udev/ata_id -x /dev/sda | grep REVISION
4PC10326
Index: udev-182/src/ata_id/ata_id.c
===================================================================
--- udev-182.orig/src/ata_id/ata_id.c
+++ udev-182/src/ata_id/ata_id.c
@@ -511,7 +511,7 @@ int main(int argc, char *argv[])
* use and copy it into the hd_driveid struct for convenience
*/
disk_identify_fixup_string (identify, 10, 20); /* serial */
- disk_identify_fixup_string (identify, 23, 6); /* fwrev */
+ disk_identify_fixup_string (identify, 23, 8); /* fwrev */
disk_identify_fixup_string (identify, 27, 40); /* model */
disk_identify_fixup_uint16 (identify, 0); /*
configuration */
disk_identify_fixup_uint16 (identify, 75); /* queue depth
*/
++++++ 0017-udev-add-some-O_CLOEXEC.patch ++++++
>From 47ef94ac5f39db6c5c18be10afe32397a0a8d5cc Mon Sep 17 00:00:00 2001
From: Kay Sievers <k...@vrfy.org>
Date: Thu, 5 Jul 2012 17:33:24 +0200
Subject: [PATCH] udev: add some O_CLOEXEC
Index: udev-182/src/cdrom_id/cdrom_id.c
===================================================================
--- udev-182.orig/src/cdrom_id/cdrom_id.c
+++ udev-182/src/cdrom_id/cdrom_id.c
@@ -125,7 +125,7 @@ static bool is_mounted(const char *devic
if (stat(device, &statbuf) < 0)
return -ENODEV;
- fp = fopen("/proc/self/mountinfo", "r");
+ fp = fopen("/proc/self/mountinfo", "re");
if (fp == NULL)
return -ENOSYS;
while (fscanf(fp, "%*s %*s %i:%i %*[^\n]", &maj, &min) == 2) {
Index: udev-182/src/keymap/keymap.c
===================================================================
--- udev-182.orig/src/keymap/keymap.c
+++ udev-182/src/keymap/keymap.c
@@ -409,7 +409,7 @@ int main(int argc, char **argv)
const char *filearg = argv[optind+1];
if (strchr(filearg, '/')) {
/* Keymap file argument is a path */
- FILE *f = fopen(filearg, "r");
+ FILE *f = fopen(filearg, "re");
if (f)
merge_table(fd, f);
else
@@ -419,12 +419,12 @@ int main(int argc, char **argv)
/* Open override file if present, otherwise default
file */
char keymap_path[PATH_MAX];
snprintf(keymap_path, sizeof(keymap_path), "%s%s",
SYSCONFDIR "/udev/keymaps/", filearg);
- FILE *f = fopen(keymap_path, "r");
+ FILE *f = fopen(keymap_path, "re");
if (f) {
merge_table(fd, f);
} else {
snprintf(keymap_path, sizeof(keymap_path),
"%s%s", PKGLIBEXECDIR "/keymaps/", filearg);
- f = fopen(keymap_path, "r");
+ f = fopen(keymap_path, "re");
if (f)
merge_table(fd, f);
else
Index: udev-182/src/libudev-queue-private.c
===================================================================
--- udev-182.orig/src/libudev-queue-private.c
+++ udev-182/src/libudev-queue-private.c
@@ -223,7 +223,7 @@ static int rebuild_queue_file(struct ude
/* create new queue file */
util_strscpyl(filename_tmp, sizeof(filename_tmp),
udev_get_run_path(udev_queue_export->udev), "/queue.tmp", NULL);
- new_queue_file = fopen(filename_tmp, "w+");
+ new_queue_file = fopen(filename_tmp, "w+e");
if (new_queue_file == NULL)
goto error;
seqnum = udev_queue_export->seqnum_max;
Index: udev-182/src/udev-event.c
===================================================================
--- udev-182.orig/src/udev-event.c
+++ udev-182/src/udev-event.c
@@ -789,7 +789,7 @@ static void rename_netif_kernel_log(stru
int klog;
FILE *f;
- klog = open("/dev/kmsg", O_WRONLY);
+ klog = open("/dev/kmsg", O_WRONLY|O_CLOEXEC);
if (klog < 0)
return;
Index: udev-182/src/udev-rules.c
===================================================================
--- udev-182.orig/src/udev-rules.c
+++ udev-182/src/udev-rules.c
@@ -749,7 +749,7 @@ static int import_file_into_properties(s
FILE *f;
char line[UTIL_LINE_SIZE];
- f = fopen(filename, "r");
+ f = fopen(filename, "re");
if (f == NULL)
return -1;
while (fgets(line, sizeof(line), f) != NULL)
@@ -1641,7 +1641,7 @@ static int parse_file(struct udev_rules
info(rules->udev, "reading '%s' as rules file\n", filename);
- f = fopen(filename, "r");
+ f = fopen(filename, "re");
if (f == NULL)
return -1;
@@ -2350,7 +2350,7 @@ int udev_rules_apply_to_event(struct ude
FILE *f;
bool imported = false;
- f = fopen("/proc/cmdline", "r");
+ f = fopen("/proc/cmdline", "re");
if (f != NULL) {
char cmdline[4096];
@@ -2639,7 +2639,7 @@ int udev_rules_apply_to_event(struct ude
info(event->udev, "ATTR '%s' writing '%s' %s:%u\n",
attr, value,
&rules->buf[rule->rule.filename_off],
rule->rule.filename_line);
- f = fopen(attr, "w");
+ f = fopen(attr, "we");
if (f != NULL) {
if (fprintf(f, "%s", value) <= 0)
err(event->udev, "error writing
ATTR{%s}: %m\n", attr);
Index: udev-182/src/udevd.c
===================================================================
--- udev-182.orig/src/udevd.c
+++ udev-182/src/udevd.c
@@ -838,7 +838,7 @@ static void static_dev_create_from_modul
uname(&kernel);
util_strscpyl(modules, sizeof(modules), "/lib/modules/",
kernel.release, "/modules.devname", NULL);
- f = fopen(modules, "r");
+ f = fopen(modules, "re");
if (f == NULL)
return;
@@ -1016,7 +1016,7 @@ static int mem_size_mb(void)
char buf[4096];
long int memsize = -1;
- f = fopen("/proc/meminfo", "r");
+ f = fopen("/proc/meminfo", "re");
if (f == NULL)
return -1;
@@ -1054,7 +1054,7 @@ static int convert_db(struct udev *udev)
if (access(filename, F_OK) < 0)
return 0;
- f = fopen("/dev/kmsg", "w");
+ f = fopen("/dev/kmsg", "we");
if (f != NULL) {
fprintf(f, "<30>udevd[%u]: converting old udev database\n",
getpid());
fclose(f);
@@ -1285,7 +1285,7 @@ int main(int argc, char *argv[])
* udev.children-max=<number of workers> events are fully
serialized if set to 1
*
*/
- f = fopen("/proc/cmdline", "r");
+ f = fopen("/proc/cmdline", "re");
if (f != NULL) {
char cmdline[4096];
@@ -1445,7 +1445,7 @@ int main(int argc, char *argv[])
sd_notify(1, "READY=1");
}
- f = fopen("/dev/kmsg", "w");
+ f = fopen("/dev/kmsg", "we");
if (f != NULL) {
fprintf(f, "<30>udevd[%u]: starting version " VERSION "\n",
getpid());
fclose(f);
++++++ 0018-udev-static-nodes-fix-default-permissions-if-no-rule.patch ++++++
>From ef8a2bf6484bb0f82248ceb10a55509a93d82c6b Mon Sep 17 00:00:00 2001
From: Kay Sievers <k...@vrfy.org>
Date: Mon, 2 Jul 2012 20:44:05 +0200
Subject: [PATCH] udev: static nodes - fix default permissions if no rules is
given
<falconindy> kay: just curious -- it looks like nodes created by udev from
modules.devname all have 000 perms, and there's nothing in udev that attempts
to change this. is it intended?
<falconindy> c--------- 1 root root 10, 223 Jul 1 23:10 uinput
<kay> falconindy: we might miss the default of 0600
<falconindy> seems like it
<kay> falconindy: stuff that has a rule works i guess
<kay> falconindy: i'll add the 0600 now
Index: udev-182/src/udevd.c
===================================================================
--- udev-182.orig/src/udevd.c
+++ udev-182/src/udevd.c
@@ -876,10 +876,11 @@ static void static_dev_create_from_modul
if (sscanf(devno, "%c%u:%u", &type, &maj, &min) != 3)
continue;
+ mode = 0600;
if (type == 'c')
- mode = S_IFCHR;
+ mode |= S_IFCHR;
else if (type == 'b')
- mode = S_IFBLK;
+ mode |= S_IFBLK;
else
continue;
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
