subject:"Bug#987149\: xscreensaver\: diff for NMU version 5.45\+dfsg1\-1.1"

Bug#987149: xscreensaver: diff for NMU version 5.45+dfsg1-1.1

2021-06-06 Thread Tormod Volden

On Sun, Jun 6, 2021 at 11:57 AM Salvatore Bonaccorso wrote:
>
> I've prepared an NMU for xscreensaver (versioned as 5.45+dfsg1-1.1) and
> uploaded it to DELAYED/2. Please feel free to tell me if I
> should delay it longer.
>

I saw this now. I would of course prefer to have my 5.45+dfsg1-2
uploaded instead. I'll also look at including a fix for #989508 at the
same time.

BTW, WRT to your comment in your patch, please note that the real
issue is in mesa and xscreensaver 6 simply reverts back to use setuid
instead of using capabilities. So if the libcap removal should be seen
as something temporary, it must be until it gets fixed in mesa, and
not until xscreensaver 6 (in case it would be a permanent removal).

Regards,
Tormod

Bug#987149: xscreensaver: diff for NMU version 5.45+dfsg1-1.1

2021-06-06 Thread Salvatore Bonaccorso

Control: tags 987149 + patch
Control: tags 987149 + pending


Dear maintainer,

I've prepared an NMU for xscreensaver (versioned as 5.45+dfsg1-1.1) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.

Regards,
Salvatore
diff -Nru xscreensaver-5.45+dfsg1/debian/changelog xscreensaver-5.45+dfsg1/debian/changelog
--- xscreensaver-5.45+dfsg1/debian/changelog	2020-12-23 00:09:44.0 +0100
+++ xscreensaver-5.45+dfsg1/debian/changelog	2021-06-06 10:28:01.0 +0200
@@ -1,3 +1,12 @@
+xscreensaver (5.45+dfsg1-1.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Disable setcap call to set cap_net_raw capabilities on sonar binary in
+xscreensaver-gl's postinst maintainer script (CVE-2021-31523)
+(Closes: #987149)
+
+ -- Salvatore Bonaccorso   Sun, 06 Jun 2021 10:28:01 +0200
+
 xscreensaver (5.45+dfsg1-1) unstable; urgency=low
 
   * New upstream release 5.45
diff -Nru xscreensaver-5.45+dfsg1/debian/xscreensaver-gl.postinst xscreensaver-5.45+dfsg1/debian/xscreensaver-gl.postinst
--- xscreensaver-5.45+dfsg1/debian/xscreensaver-gl.postinst	2020-12-23 00:09:44.0 +0100
+++ xscreensaver-5.45+dfsg1/debian/xscreensaver-gl.postinst	2021-06-06 10:28:01.0 +0200
@@ -17,8 +17,9 @@
 fi
 fi
 
-# Apply capabilities to sonar hack so it doesnt need to be setuid root
-which setcap > /dev/null &&
-setcap cap_net_raw=p /usr/libexec/xscreensaver/sonar
+# Disabled call until update to 6.00 (Cf. #987149, CVE-2021-31523)
+## Apply capabilities to sonar hack so it doesnt need to be setuid root
+#which setcap > /dev/null &&
+#setcap cap_net_raw=p /usr/libexec/xscreensaver/sonar
 
 #DEBHELPER#

Bug#987149: xscreensaver: diff for NMU version 5.45+dfsg1-1.1

Bug#987149: xscreensaver: diff for NMU version 5.45+dfsg1-1.1

2 matches

Site Navigation

Mail list logo

Footer information