- Add patch to fix RHBZ #578272 - security vulnerability with movemail
(CVE-2010-0825)
This commit is contained in:
parent
61d4f1f1d3
commit
e76d57d670
100
emacs-23.1-movemail.patch
Normal file
100
emacs-23.1-movemail.patch
Normal file
@ -0,0 +1,100 @@
|
||||
diff -up emacs-23.1/lib-src/movemail.c.movemail emacs-23.1/lib-src/movemail.c
|
||||
--- emacs-23.1/lib-src/movemail.c.movemail 2010-03-31 19:18:05.611899443 +0200
|
||||
+++ emacs-23.1/lib-src/movemail.c 2010-03-31 19:24:29.738754553 +0200
|
||||
@@ -176,7 +176,9 @@ main (argc, argv)
|
||||
int nread;
|
||||
int status;
|
||||
int c, preserve_mail = 0;
|
||||
-
|
||||
+ uid_t real_gid, priv_gid;
|
||||
+ real_gid = getgid();
|
||||
+ priv_gid = getegid();
|
||||
#ifndef MAIL_USE_SYSTEM_LOCK
|
||||
struct stat st;
|
||||
long now;
|
||||
@@ -247,25 +249,6 @@ main (argc, argv)
|
||||
if (*outname == 0)
|
||||
fatal ("Destination file name is empty", 0, 0);
|
||||
|
||||
- /* Check access to output file. */
|
||||
- if (access (outname, F_OK) == 0 && access (outname, W_OK) != 0)
|
||||
- pfatal_with_name (outname);
|
||||
-
|
||||
- /* Also check that outname's directory is writable to the real uid. */
|
||||
- {
|
||||
- char *buf = (char *) xmalloc (strlen (outname) + 1);
|
||||
- char *p;
|
||||
- strcpy (buf, outname);
|
||||
- p = buf + strlen (buf);
|
||||
- while (p > buf && !IS_DIRECTORY_SEP (p[-1]))
|
||||
- *--p = 0;
|
||||
- if (p == buf)
|
||||
- *p++ = '.';
|
||||
- if (access (buf, W_OK) != 0)
|
||||
- pfatal_with_name (buf);
|
||||
- free (buf);
|
||||
- }
|
||||
-
|
||||
#ifdef MAIL_USE_POP
|
||||
if (!strncmp (inname, "po:", 3))
|
||||
{
|
||||
@@ -277,15 +260,11 @@ main (argc, argv)
|
||||
exit (status);
|
||||
}
|
||||
|
||||
- setuid (getuid ());
|
||||
+ if (setuid (getuid ()) < 0)
|
||||
+ fatal ("Failed to drop privileges", 0, 0);
|
||||
#endif /* MAIL_USE_POP */
|
||||
|
||||
#ifndef DISABLE_DIRECT_ACCESS
|
||||
-
|
||||
- /* Check access to input file. */
|
||||
- if (access (inname, R_OK | W_OK) != 0)
|
||||
- pfatal_with_name (inname);
|
||||
-
|
||||
#ifndef MAIL_USE_MMDF
|
||||
#ifndef MAIL_USE_SYSTEM_LOCK
|
||||
#ifdef MAIL_USE_MAILLOCK
|
||||
@@ -379,7 +358,8 @@ main (argc, argv)
|
||||
time_t touched_lock, now;
|
||||
#endif
|
||||
|
||||
- setuid (getuid ());
|
||||
+ if (setuid (getuid ()) < 0 || setegid (real_gid) < 0)
|
||||
+ fatal("Failed to drop privileges", 0, 0);
|
||||
|
||||
#ifndef MAIL_USE_MMDF
|
||||
#ifdef MAIL_USE_SYSTEM_LOCK
|
||||
@@ -405,6 +385,9 @@ main (argc, argv)
|
||||
if (outdesc < 0)
|
||||
pfatal_with_name (outname);
|
||||
|
||||
+ if (setegid (priv_gid) < 0)
|
||||
+ fatal("Failed to regain privileges", 0, 0);
|
||||
+
|
||||
/* This label exists so we can retry locking
|
||||
after a delay, if it got EAGAIN or EBUSY. */
|
||||
retry_lock:
|
||||
@@ -502,6 +485,10 @@ main (argc, argv)
|
||||
if (close (outdesc) != 0)
|
||||
pfatal_and_delete (outname);
|
||||
|
||||
+ /* Prevent symlink attacks truncating other users' mailboxes */
|
||||
+ if (setegid (real_gid) < 0)
|
||||
+ fatal("Failed to drop privileges", 0, 0);
|
||||
+
|
||||
#ifdef MAIL_USE_SYSTEM_LOCK
|
||||
if (! preserve_mail)
|
||||
{
|
||||
@@ -529,6 +516,10 @@ main (argc, argv)
|
||||
}
|
||||
#endif /* not MAIL_USE_SYSTEM_LOCK */
|
||||
|
||||
+ /* End of mailbox truncation */
|
||||
+ if (setegid (priv_gid) < 0)
|
||||
+ fatal("Failed to regain privileges", 0, 0);
|
||||
+
|
||||
#ifdef MAIL_USE_MAILLOCK
|
||||
/* This has to occur in the child, i.e., in the process that
|
||||
acquired the lock! */
|
12
emacs.spec
12
emacs.spec
@ -4,7 +4,7 @@ Summary: GNU Emacs text editor
|
||||
Name: emacs
|
||||
Epoch: 1
|
||||
Version: 23.1.94
|
||||
Release: 5%{?dist}
|
||||
Release: 6%{?dist}
|
||||
License: GPLv3+
|
||||
URL: http://www.gnu.org/software/emacs/
|
||||
Group: Applications/Editors
|
||||
@ -29,6 +29,10 @@ Patch2: po-mode-auto-replace-date-71264.patch
|
||||
Patch3: rpm-spec-mode-utc.patch
|
||||
Patch4: emacs-23.1-xdg.patch
|
||||
|
||||
# Fix https://bugzilla.redhat.com/show_bug.cgi?id=578272
|
||||
# CVE-2010-0825
|
||||
Patch5: emacs-23.1-movemail.patch
|
||||
|
||||
BuildRequires: atk-devel, cairo-devel, desktop-file-utils, freetype-devel, fontconfig-devel, dbus-devel, giflib-devel, glibc-devel, gtk2-devel, libpng-devel
|
||||
BuildRequires: libjpeg-devel, libtiff-devel, libX11-devel, libXau-devel, libXdmcp-devel, libXrender-devel, libXt-devel
|
||||
BuildRequires: libXpm-devel, ncurses-devel, xorg-x11-proto-devel, zlib-devel
|
||||
@ -140,6 +144,8 @@ pushd site-lisp
|
||||
%patch3 -p0
|
||||
popd
|
||||
|
||||
%patch5 -p1
|
||||
|
||||
# we prefer our emacs.desktop file
|
||||
cp %SOURCE1 etc/emacs.desktop
|
||||
|
||||
@ -391,6 +397,10 @@ alternatives --install %{_bindir}/etags emacs.etags %{_bindir}/etags.emacs 80 \
|
||||
%dir %{_datadir}/emacs/%{version}
|
||||
|
||||
%changelog
|
||||
* Thu Apr 1 2010 Jonathan G. Underwood <jonathan.underwood@gmail.com> - 1:23.1.94-6
|
||||
- Add patch to fix RHBZ #578272 - security vulnerability with movemail
|
||||
(CVE-2010-0825)
|
||||
|
||||
* Tue Mar 30 2010 Jonathan G. Underwood <jonathan.underwood@gmail.com> - 1:23.1.94-5
|
||||
- Fix typo in spec file changelog
|
||||
- Use standard %%patch macro to apply all patches to silent rpmlint warnings
|
||||
|
Loading…
Reference in New Issue
Block a user