Hello community, here is the log from the commit of package xawtv for openSUSE:Leap:15.2 checked in at 2020-06-08 13:44:45 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2/xawtv (Old) and /work/SRC/openSUSE:Leap:15.2/.xawtv.new.3606 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "xawtv" Mon Jun 8 13:44:45 2020 rev:10 rq:812362 version:3.103 Changes: -------- --- /work/SRC/openSUSE:Leap:15.2/xawtv/xawtv.changes 2020-01-15 16:29:53.392803013 +0100 +++ /work/SRC/openSUSE:Leap:15.2/.xawtv.new.3606/xawtv.changes 2020-06-08 13:44:51.519104140 +0200 @@ -1,0 +2,7 @@ +Thu Jun 4 13:18:31 UTC 2020 - matthias.gerst...@suse.com + +- v4l-conf: add v4l-conf-fix-CVE-2020-13696.patch: fix security issue in + setuid-root program that allows for arbitrary file existence tests and + open() with O_RDWR (bsc#1171655, CVE-2020-13696) + +------------------------------------------------------------------- New: ---- v4l-conf-fix-CVE-2020-13696.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ xawtv.spec ++++++ --- /var/tmp/diff_new_pack.qtANB2/_old 2020-06-08 13:44:51.923105164 +0200 +++ /var/tmp/diff_new_pack.qtANB2/_new 2020-06-08 13:44:51.927105174 +0200 @@ -30,6 +30,7 @@ Patch0: v4l-conf_non-position-independent-executable_fix.patch # PATCH-SENT-UPSTREAM to hdegoede Patch1: xawtv-fixblitframesegfault.patch +Patch2: v4l-conf-fix-CVE-2020-13696.patch BuildRequires: aalib-devel BuildRequires: alsa-devel %if 0%{?suse_version} > 1210 @@ -146,6 +147,7 @@ %setup -q %patch0 %patch1 -p1 +%patch2 -p1 %build export CFLAGS="%{optflags} -fno-strict-aliasing" ++++++ v4l-conf-fix-CVE-2020-13696.patch ++++++ >From 31f31f9cbaee7be806cba38e0ff5431bd44b20a3 Mon Sep 17 00:00:00 2001 From: Mauro Carvalho Chehab <mchehab+hua...@kernel.org> Date: Sat, 16 May 2020 01:22:07 +0200 Subject: [PATCH 1/3] v4l-conf: check file type before opening it Let's avoid open the file if it doesn't exist or it is not a file of the right type. Signed-off-by: Mauro Carvalho Chehab <mchehab+hua...@kernel.org> --- console/v4l-conf.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/console/v4l-conf.c b/console/v4l-conf.c index c38bf16..c96886b 100644 --- a/console/v4l-conf.c +++ b/console/v4l-conf.c @@ -141,20 +141,23 @@ dev_open(const char *device, int major) exit(1); } - /* open & check v4l device */ - if (-1 == (fd = open(device,O_RDWR))) { - fprintf(stderr, "can't open %s: %s\n", device, strerror(errno)); + /* First check if the device is really a devnode of the right type */ + if (-1 == stat(device, &stb)) { + fprintf(stderr, "stat(%s): %s\n", device, strerror(errno)); exit(1); } - if (-1 == fstat(fd,&stb)) { - fprintf(stderr, "fstat(%s): %s\n", device, strerror(errno)); - exit(1); - } if (!S_ISCHR(stb.st_mode) || (major(stb.st_rdev) != major)) { fprintf(stderr, "%s: wrong device\n", device); exit(1); } + + /* Then open it */ + if (-1 == (fd = open(device,O_RDWR))) { + fprintf(stderr, "can't open %s: %s\n", device, strerror(errno)); + exit(1); + } + return fd; } -- 2.26.2 >From 36dc44e68e5886339b4a0fbe3f404fb1a4fd2292 Mon Sep 17 00:00:00 2001 From: Mauro Carvalho Chehab <mchehab+hua...@kernel.org> Date: Thu, 28 May 2020 11:58:34 +0200 Subject: [PATCH 3/3] v4l-conf: simplify stat message No need to print an error code here. Signed-off-by: Mauro Carvalho Chehab <mchehab+hua...@kernel.org> --- console/v4l-conf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/console/v4l-conf.c b/console/v4l-conf.c index c96886b..0e8d3e3 100644 --- a/console/v4l-conf.c +++ b/console/v4l-conf.c @@ -143,7 +143,7 @@ dev_open(const char *device, int major) /* First check if the device is really a devnode of the right type */ if (-1 == stat(device, &stb)) { - fprintf(stderr, "stat(%s): %s\n", device, strerror(errno)); + fprintf(stderr, "stat failed on %s\n", device); exit(1); } -- 2.26.2 diff --git a/console/v4l-conf.c b/console/v4l-conf.c index 0e8d3e3..d6fb960 100644 --- a/console/v4l-conf.c +++ b/console/v4l-conf.c @@ -143,12 +143,12 @@ dev_open(const char *device, int major) /* First check if the device is really a devnode of the right type */ if (-1 == stat(device, &stb)) { - fprintf(stderr, "stat failed on %s\n", device); + fprintf(stderr, "invalid path or file is not of the right type %s\n", device); exit(1); } if (!S_ISCHR(stb.st_mode) || (major(stb.st_rdev) != major)) { - fprintf(stderr, "%s: wrong device\n", device); + fprintf(stderr, "invalid path or file is not of the right type %s\n", device); exit(1); }