Author: baggins Date: Fri Mar 16 21:34:57 2012 GMT Module: packages Tag: HEAD ---- Log message: - up to 44 - add patch to fix CVE-2012-1174 (https://bugzilla.redhat.com/show_bug.cgi?id=803358) - move devel man pages to devel package
---- Files affected: packages/systemd: systemd.spec (1.127 -> 1.128) , CVE-2012-1174.patch (NONE -> 1.1) (NEW) ---- Diffs: ================================================================ Index: packages/systemd/systemd.spec diff -u packages/systemd/systemd.spec:1.127 packages/systemd/systemd.spec:1.128 --- packages/systemd/systemd.spec:1.127 Fri Mar 16 08:18:19 2012 +++ packages/systemd/systemd.spec Fri Mar 16 22:34:52 2012 @@ -17,12 +17,12 @@ Summary: A System and Service Manager Summary(pl.UTF-8): systemd - zarządca systemu i usług dla Linuksa Name: systemd -Version: 43 -Release: 7 +Version: 44 +Release: 1 License: GPL v2+ Group: Base Source0: http://www.freedesktop.org/software/systemd/%{name}-%{version}.tar.xz -# Source0-md5: 446cc6db7625617af67e2d8e5f503a49 +# Source0-md5: 11f44ff74c87850064e4351518bcff17 Source1: %{name}-sysv-convert Source2: %{name}_booted.c Source3: network.service @@ -37,6 +37,7 @@ Patch2: shut-sysv-up.patch Patch3: pld-sysv-network.patch Patch4: tmpfiles-not-fatal.patch +Patch5: CVE-2012-1174.patch URL: http://www.freedesktop.org/wiki/Software/systemd BuildRequires: acl-devel %{?with_audit:BuildRequires: audit-libs-devel} @@ -319,6 +320,7 @@ %patch2 -p1 %patch3 -p1 %patch4 -p1 +%patch5 -p1 cp -p %{SOURCE2} src/systemd_booted.c %build @@ -555,15 +557,6 @@ %{_datadir}/systemd/kbd-model-map %{_mandir}/man1/systemd.1* %{_mandir}/man1/systemd-*.1* -%{_mandir}/man3/sd_booted.3* -%{_mandir}/man3/sd_is_fifo.3* -%{_mandir}/man3/sd_is_socket.3 -%{_mandir}/man3/sd_is_socket_inet.3 -%{_mandir}/man3/sd_is_socket_unix.3 -%{_mandir}/man3/sd_listen_fds.3* -%{_mandir}/man3/sd_notify.3* -%{_mandir}/man3/sd_notifyf.3 -%{_mandir}/man3/sd_readahead.3* %{_mandir}/man5/binfmt.d.5* %{_mandir}/man5/hostname.5* %{_mandir}/man5/locale.conf.5* @@ -573,6 +566,7 @@ %{_mandir}/man5/os-release.5* %{_mandir}/man5/sysctl.d.5* %{_mandir}/man5/systemd.*.5* +%{_mandir}/man5/systemd-journald.conf.5* %{_mandir}/man5/systemd-logind.conf.5* %{_mandir}/man5/timezone.5* %{_mandir}/man5/vconsole.conf.5* @@ -726,21 +720,34 @@ %{_pkgconfigdir}/libsystemd-id128.pc %{_pkgconfigdir}/libsystemd-journal.pc %{_pkgconfigdir}/libsystemd-login.pc +%{_mandir}/man3/sd_booted.3* %{_mandir}/man3/sd_get_seats.3* %{_mandir}/man3/sd_get_sessions.3* %{_mandir}/man3/sd_get_uids.3* +%{_mandir}/man3/sd_is_fifo.3* %{_mandir}/man3/sd_is_mq.3* +%{_mandir}/man3/sd_is_socket.3 +%{_mandir}/man3/sd_is_socket_inet.3 +%{_mandir}/man3/sd_is_socket_unix.3 +%{_mandir}/man3/sd_listen_fds.3* %{_mandir}/man3/sd_login_monitor_flush.3* %{_mandir}/man3/sd_login_monitor_get_fd.3* %{_mandir}/man3/sd_login_monitor_new.3* %{_mandir}/man3/sd_login_monitor_unref.3* +%{_mandir}/man3/sd_notify.3* +%{_mandir}/man3/sd_notifyf.3 %{_mandir}/man3/sd_pid_get_owner_uid.3* %{_mandir}/man3/sd_pid_get_session.3* %{_mandir}/man3/sd_pid_get_unit.3* +%{_mandir}/man3/sd_readahead.3* %{_mandir}/man3/sd_seat_can_multi_session.3* %{_mandir}/man3/sd_seat_get_active.3* %{_mandir}/man3/sd_seat_get_sessions.3* +%{_mandir}/man3/sd_session_get_class.3* +%{_mandir}/man3/sd_session_get_display.3* %{_mandir}/man3/sd_session_get_seat.3* +%{_mandir}/man3/sd_session_get_service.3* +%{_mandir}/man3/sd_session_get_type.3* %{_mandir}/man3/sd_session_get_uid.3* %{_mandir}/man3/sd_session_is_active.3* %{_mandir}/man3/sd_uid_get_seats.3* @@ -762,6 +769,11 @@ All persons listed below can be reached at <cvs_login>@pld-linux.org $Log$ +Revision 1.128 2012/03/16 21:34:52 baggins +- up to 44 +- add patch to fix CVE-2012-1174 (https://bugzilla.redhat.com/show_bug.cgi?id=803358) +- move devel man pages to devel package + Revision 1.127 2012/03/16 07:18:19 baggins - rel 7 - make sure all (network) drivers are loaded and accounted for ================================================================ Index: packages/systemd/CVE-2012-1174.patch diff -u /dev/null packages/systemd/CVE-2012-1174.patch:1.1 --- /dev/null Fri Mar 16 22:34:58 2012 +++ packages/systemd/CVE-2012-1174.patch Fri Mar 16 22:34:52 2012 @@ -0,0 +1,28 @@ +From 5ebff5337594d690b322078c512eb222d34aaa82 Mon Sep 17 00:00:00 2001 +From: Michal Schmidt <[email protected]> +Date: Fri, 02 Mar 2012 09:39:10 +0000 +Subject: util: never follow symlinks in rm_rf_children() + +The function checks if the entry is a directory before recursing, but +there is a window between the check and the open, during which the +directory could be replaced with a symlink. + +CVE-2012-1174 +https://bugzilla.redhat.com/show_bug.cgi?id=803358 +--- +diff --git a/src/util.c b/src/util.c +index 20cbc2b..dfc1dc6 100644 +--- a/src/util.c ++++ b/src/util.c +@@ -3593,7 +3593,8 @@ static int rm_rf_children(int fd, bool only_dirs, bool honour_sticky) { + if (is_dir) { + int subdir_fd; + +- if ((subdir_fd = openat(fd, de->d_name, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC)) < 0) { ++ subdir_fd = openat(fd, de->d_name, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW); ++ if (subdir_fd < 0) { + if (ret == 0 && errno != ENOENT) + ret = -errno; + continue; +-- +cgit v0.9.0.2-2-gbebe ================================================================ ---- CVS-web: http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/systemd/systemd.spec?r1=1.127&r2=1.128&f=u _______________________________________________ pld-cvs-commit mailing list [email protected] http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
