commit xawtv for openSUSE:Leap:15.2

Mon, 08 Jun 2020 04:45:19 -0700 

Hello community,

here is the log from the commit of package xawtv for openSUSE:Leap:15.2 checked 
in at 2020-06-08 13:44:45
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Leap:15.2/xawtv (Old)
 and      /work/SRC/openSUSE:Leap:15.2/.xawtv.new.3606 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "xawtv"

Mon Jun  8 13:44:45 2020 rev:10 rq:812362 version:3.103

Changes:
--------
--- /work/SRC/openSUSE:Leap:15.2/xawtv/xawtv.changes    2020-01-15 
16:29:53.392803013 +0100
+++ /work/SRC/openSUSE:Leap:15.2/.xawtv.new.3606/xawtv.changes  2020-06-08 
13:44:51.519104140 +0200
@@ -1,0 +2,7 @@
+Thu Jun  4 13:18:31 UTC 2020 - matthias.gerst...@suse.com
+
+- v4l-conf: add v4l-conf-fix-CVE-2020-13696.patch: fix security issue in
+  setuid-root program that allows for arbitrary file existence tests and
+  open() with O_RDWR (bsc#1171655, CVE-2020-13696)
+
+-------------------------------------------------------------------

New:
----
  v4l-conf-fix-CVE-2020-13696.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ xawtv.spec ++++++
--- /var/tmp/diff_new_pack.qtANB2/_old  2020-06-08 13:44:51.923105164 +0200
+++ /var/tmp/diff_new_pack.qtANB2/_new  2020-06-08 13:44:51.927105174 +0200
@@ -30,6 +30,7 @@
 Patch0:         v4l-conf_non-position-independent-executable_fix.patch
 # PATCH-SENT-UPSTREAM to hdegoede
 Patch1:         xawtv-fixblitframesegfault.patch
+Patch2:         v4l-conf-fix-CVE-2020-13696.patch
 BuildRequires:  aalib-devel
 BuildRequires:  alsa-devel
 %if 0%{?suse_version} > 1210
@@ -146,6 +147,7 @@
 %setup -q
 %patch0
 %patch1 -p1
+%patch2 -p1
 
 %build
 export CFLAGS="%{optflags} -fno-strict-aliasing"

++++++ v4l-conf-fix-CVE-2020-13696.patch ++++++
>From 31f31f9cbaee7be806cba38e0ff5431bd44b20a3 Mon Sep 17 00:00:00 2001
From: Mauro Carvalho Chehab <mchehab+hua...@kernel.org>
Date: Sat, 16 May 2020 01:22:07 +0200
Subject: [PATCH 1/3] v4l-conf: check file type before opening it

Let's avoid open the file if it doesn't exist or it is not
a file of the right type.

Signed-off-by: Mauro Carvalho Chehab <mchehab+hua...@kernel.org>
---
 console/v4l-conf.c | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/console/v4l-conf.c b/console/v4l-conf.c
index c38bf16..c96886b 100644
--- a/console/v4l-conf.c
+++ b/console/v4l-conf.c
@@ -141,20 +141,23 @@ dev_open(const char *device, int major)
        exit(1);
     }
 
-    /* open & check v4l device */
-    if (-1 == (fd = open(device,O_RDWR))) {
-       fprintf(stderr, "can't open %s: %s\n", device, strerror(errno));
+    /* First check if the device is really a devnode of the right type */
+    if (-1 == stat(device, &stb)) {
+       fprintf(stderr, "stat(%s): %s\n", device, strerror(errno));
        exit(1);
     }
 
-    if (-1 == fstat(fd,&stb)) {
-       fprintf(stderr, "fstat(%s): %s\n", device, strerror(errno));
-       exit(1);
-    }
     if (!S_ISCHR(stb.st_mode) || (major(stb.st_rdev) != major)) {
        fprintf(stderr, "%s: wrong device\n", device);
        exit(1);
     }
+
+    /* Then open it */
+    if (-1 == (fd = open(device,O_RDWR))) {
+       fprintf(stderr, "can't open %s: %s\n", device, strerror(errno));
+       exit(1);
+    }
+
     return fd;
 }
 
-- 
2.26.2

>From 36dc44e68e5886339b4a0fbe3f404fb1a4fd2292 Mon Sep 17 00:00:00 2001
From: Mauro Carvalho Chehab <mchehab+hua...@kernel.org>
Date: Thu, 28 May 2020 11:58:34 +0200
Subject: [PATCH 3/3] v4l-conf: simplify stat message

No need to print an error code here.

Signed-off-by: Mauro Carvalho Chehab <mchehab+hua...@kernel.org>
---
 console/v4l-conf.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/console/v4l-conf.c b/console/v4l-conf.c
index c96886b..0e8d3e3 100644
--- a/console/v4l-conf.c
+++ b/console/v4l-conf.c
@@ -143,7 +143,7 @@ dev_open(const char *device, int major)
 
     /* First check if the device is really a devnode of the right type */
     if (-1 == stat(device, &stb)) {
-       fprintf(stderr, "stat(%s): %s\n", device, strerror(errno));
+       fprintf(stderr, "stat failed on %s\n", device);
        exit(1);
     }
 
-- 
2.26.2

diff --git a/console/v4l-conf.c b/console/v4l-conf.c
index 0e8d3e3..d6fb960 100644
--- a/console/v4l-conf.c
+++ b/console/v4l-conf.c
@@ -143,12 +143,12 @@ dev_open(const char *device, int major)
 
     /* First check if the device is really a devnode of the right type */
     if (-1 == stat(device, &stb)) {
-       fprintf(stderr, "stat failed on %s\n", device);
+       fprintf(stderr, "invalid path or file is not of the right type %s\n", 
device);
        exit(1);
     }
 
     if (!S_ISCHR(stb.st_mode) || (major(stb.st_rdev) != major)) {
-       fprintf(stderr, "%s: wrong device\n", device);
+       fprintf(stderr, "invalid path or file is not of the right type %s\n", 
device);
        exit(1);
     }

Reply via email to