From d4914dfff88179293c67034f1e52d9a659bb1198 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20=C5=A0abata?= <contyk@redhat.com>
Date: Thu, 1 Mar 2012 10:40:39 +0100
Subject: [PATCH] Address dangerous /tmp files security issue (CVE-2012-1088,
 #797881, #797878)

---
 iproute.spec                                  |  10 +-
 ....2.0-Dont-put-configure-files-in-tmp.patch | 165 ++++++++++++++++++
 ....2.0-dhcp-client-script-dont-use-tmp.patch |  27 +++
 3 files changed, 200 insertions(+), 2 deletions(-)
 create mode 100644 iproute2-3.2.0-Dont-put-configure-files-in-tmp.patch
 create mode 100644 iproute2-3.2.0-dhcp-client-script-dont-use-tmp.patch

diff --git a/iproute.spec b/iproute.spec
index d0c742d..fb013e2 100644
--- a/iproute.spec
+++ b/iproute.spec
@@ -2,7 +2,7 @@
 Summary:            Advanced IP routing and network device configuration tools
 Name:               iproute
 Version:            3.2.0
-Release:            2%{?dist}
+Release:            3%{?dist}
 Group:              Applications/System
 URL:                http://kernel.org/pub/linux/utils/networking/%{name}2/
 Source0:            http://kernel.org/pub/linux/utils/networking/%{name}2/%{name}2-%{version}.tar.bz2
@@ -19,7 +19,8 @@ Patch7:             iproute2-2.6.35-print-route.patch
 Patch8:             iproute2-print-route-u32.patch
 Patch9:             iproute2-2.6.39-create-peer-veth-without-a-name.patch
 Patch10:            iproute2-2.6.39-lnstat-dump-to-stdout.patch
-
+Patch11:            iproute2-3.2.0-Dont-put-configure-files-in-tmp.patch
+Patch12:            iproute2-3.2.0-dhcp-client-script-dont-use-tmp.patch
 License:            GPLv2+ and Public Domain
 BuildRequires:      tex(latex) tex(dvips) linuxdoc-tools
 BuildRequires:      flex linux-atm-libs-devel psutils db4-devel bison
@@ -66,6 +67,8 @@ sed -i "s/_VERSION_/%{version}/" man/man8/ss.8
 %patch8 -p1 -b .print-route-u32
 %patch9 -p1 -b .peer-veth-without-name
 %patch10 -p1 -b .lnstat-dump-to-stdout
+%patch11 -p1 -b .tmp
+%patch12 -p1 -b .tmp-dhcp
 
 %build
 export LIBDIR=/%{_libdir}
@@ -175,6 +178,9 @@ done
 %{_includedir}/libnetlink.h
 
 %changelog
+* Mon Feb 27 2012 Petr Šabata <contyk@redhat.com> - 3.2.0-3
+- Address dangerous /tmp files security issue (CVE-2012-1088, #797881, #797878)
+
 * Fri Jan 27 2012 Petr Šabata <contyk@redhat.com> - 3.2.0-2
 - Simplify the spec a bit thanks to the UsrMove feature
 
diff --git a/iproute2-3.2.0-Dont-put-configure-files-in-tmp.patch b/iproute2-3.2.0-Dont-put-configure-files-in-tmp.patch
new file mode 100644
index 0000000..6b81f33
--- /dev/null
+++ b/iproute2-3.2.0-Dont-put-configure-files-in-tmp.patch
@@ -0,0 +1,165 @@
+From e557d1ac3a156ba7521ba44b0b412af4542f83f8 Mon Sep 17 00:00:00 2001
+From: Stephen Hemminger <shemminger@vyatta.com>
+Date: Wed, 15 Feb 2012 10:03:39 -0800
+Subject: [PATCH] Don't put configure files in /tmp
+
+Based on patch by Vasiliy Kulikov <segoon@openwall.com>
+Don't use /tmp since it is dangerous, instead put temporary files
+from configure script in build directory. This is what autoconf
+generated configure does.
+---
+ .gitignore |    1 +
+ configure  |   34 +++++++++++++++++++---------------
+ 2 files changed, 20 insertions(+), 15 deletions(-)
+
+diff --git a/.gitignore b/.gitignore
+index c784159..3ba2632 100644
+--- a/.gitignore
++++ b/.gitignore
+@@ -1,4 +1,5 @@
+ static-syms.h
++config.*
+ Config
+ *.o
+ *.a
+diff --git a/configure b/configure
+index 09a6987..0f4444f 100755
+--- a/configure
++++ b/configure
+@@ -3,9 +3,13 @@
+ #
+ INCLUDE=${1:-"$PWD/include"}
+ 
++# Make a temp directory in build tree.
++TMPDIR=$(mktemp -d config.XXXXXX)
++trap 'status=$?; rm -rf $TMPDIRa; exit $status' EXIT HUP INT QUIT TERM
++
+ check_atm()
+ {
+-cat >/tmp/atmtest.c <<EOF
++cat >$TMPDIR/atmtest.c <<EOF
+ #include <atm.h>
+ int main(int argc, char **argv) {
+ 	struct atm_qos qos;
+@@ -13,7 +17,7 @@ int main(int argc, char **argv) {
+ 	return 0;
+ }
+ EOF
+-gcc -I$INCLUDE -o /tmp/atmtest /tmp/atmtest.c -latm >/dev/null 2>&1 
++gcc -I$INCLUDE -o $TMPDIR/atmtest $TMPDIR/atmtest.c -latm >/dev/null 2>&1 
+ if [ $? -eq 0 ]
+ then
+     echo "TC_CONFIG_ATM:=y" >>Config
+@@ -21,13 +25,13 @@ then
+ else
+     echo no
+ fi
+-rm -f /tmp/atmtest.c /tmp/atmtest
++rm -f $TMPDIR/atmtest.c $TMPDIR/atmtest
+ }
+ 
+ check_xt()
+ {
+ #check if we have xtables from iptables >= 1.4.5.
+-cat >/tmp/ipttest.c <<EOF
++cat >$TMPDIR/ipttest.c <<EOF
+ #include <xtables.h>
+ #include <linux/netfilter.h>
+ static struct xtables_globals test_globals = {
+@@ -47,12 +51,12 @@ int main(int argc, char **argv)
+ 
+ EOF
+ 
+-if gcc -I$INCLUDE $IPTC -o /tmp/ipttest /tmp/ipttest.c $IPTL $(pkg-config xtables --cflags --libs) -ldl >/dev/null 2>&1
++if gcc -I$INCLUDE $IPTC -o $TMPDIR/ipttest $TMPDIR/ipttest.c $IPTL $(pkg-config xtables --cflags --libs) -ldl >/dev/null 2>&1
+ then
+ 	echo "TC_CONFIG_XT:=y" >>Config
+ 	echo "using xtables"
+ fi
+-rm -f /tmp/ipttest.c /tmp/ipttest
++rm -f $TMPDIR/ipttest.c $TMPDIR/ipttest
+ }
+ 
+ check_xt_old()
+@@ -64,7 +68,7 @@ then
+ fi
+ 
+ #check if we dont need our internal header ..
+-cat >/tmp/ipttest.c <<EOF
++cat >$TMPDIR/ipttest.c <<EOF
+ #include <xtables.h>
+ char *lib_dir;
+ unsigned int global_option_offset = 0;
+@@ -84,14 +88,14 @@ int main(int argc, char **argv) {
+ }
+ 
+ EOF
+-gcc -I$INCLUDE $IPTC -o /tmp/ipttest /tmp/ipttest.c $IPTL -ldl >/dev/null 2>&1
++gcc -I$INCLUDE $IPTC -o $TMPDIR/ipttest $TMPDIR/ipttest.c $IPTL -ldl >/dev/null 2>&1
+ 
+ if [ $? -eq 0 ]
+ then
+ 	echo "TC_CONFIG_XT_OLD:=y" >>Config
+ 	echo "using old xtables (no need for xt-internal.h)"
+ fi
+-rm -f /tmp/ipttest.c /tmp/ipttest
++rm -f $TMPDIR/ipttest.c $TMPDIR/ipttest
+ }
+ 
+ check_xt_old_internal_h()
+@@ -103,7 +107,7 @@ then
+ fi
+ 
+ #check if we need our own internal.h
+-cat >/tmp/ipttest.c <<EOF
++cat >$TMPDIR/ipttest.c <<EOF
+ #include <xtables.h>
+ #include "xt-internal.h"
+ char *lib_dir;
+@@ -124,14 +128,14 @@ int main(int argc, char **argv) {
+ }
+ 
+ EOF
+-gcc -I$INCLUDE $IPTC -o /tmp/ipttest /tmp/ipttest.c $IPTL -ldl >/dev/null 2>&1
++gcc -I$INCLUDE $IPTC -o $TMPDIR/ipttest $TMPDIR/ipttest.c $IPTL -ldl >/dev/null 2>&1
+ 
+ if [ $? -eq 0 ]
+ then
+ 	echo "using old xtables with xt-internal.h"
+ 	echo "TC_CONFIG_XT_OLD_H:=y" >>Config
+ fi
+-rm -f /tmp/ipttest.c /tmp/ipttest
++rm -f $TMPDIR/ipttest.c $TMPDIR/ipttest
+ }
+ 
+ check_ipt()
+@@ -160,7 +164,7 @@ check_ipt_lib_dir()
+ 
+ check_setns()
+ {
+-cat >/tmp/setnstest.c <<EOF
++cat >$TMPDIR/setnstest.c <<EOF
+ #include <sched.h>
+ int main(int argc, char **argv) 
+ {
+@@ -168,7 +172,7 @@ int main(int argc, char **argv)
+ 	return 0;
+ }
+ EOF
+-gcc -I$INCLUDE -o /tmp/setnstest /tmp/setnstest.c >/dev/null 2>&1
++gcc -I$INCLUDE -o $TMPDIR/setnstest $TMPDIR/setnstest.c >/dev/null 2>&1
+ if [ $? -eq 0 ]
+ then
+ 	echo "IP_CONFIG_SETNS:=y" >>Config
+@@ -176,7 +180,7 @@ then
+ else
+ 	echo "no"
+ fi
+-rm -f /tmp/setnstest.c /tmp/setnstest
++rm -f $TMPDIR/setnstest.c $TMPDIR/setnstest
+ }
+ 
+ echo "# Generated config based on" $INCLUDE >Config
+-- 
+1.7.6.5
+
diff --git a/iproute2-3.2.0-dhcp-client-script-dont-use-tmp.patch b/iproute2-3.2.0-dhcp-client-script-dont-use-tmp.patch
new file mode 100644
index 0000000..2145791
--- /dev/null
+++ b/iproute2-3.2.0-dhcp-client-script-dont-use-tmp.patch
@@ -0,0 +1,27 @@
+From 20ed7b24df05eadf83168d1d0ce0052a31380928 Mon Sep 17 00:00:00 2001
+From: Stephen Hemminger <shemminger@vyatta.com>
+Date: Wed, 15 Feb 2012 10:05:45 -0800
+Subject: [PATCH] dhcp-client-script: don't use /tmp
+
+/tmp is a dangerous place and better to put log files in /var/log.
+Based on patch by Vasiliy Kulikov <segoon@openwall.com>
+---
+ examples/dhcp-client-script |    2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/examples/dhcp-client-script b/examples/dhcp-client-script
+index 7207b57..f39bc10 100644
+--- a/examples/dhcp-client-script
++++ b/examples/dhcp-client-script
+@@ -14,7 +14,7 @@
+ # we should install and preserve.
+ #
+ 
+-exec >> /tmp/DHS.log 2>&1
++exec >> /var/log/DHS.log 2>&1
+ 
+ echo dhc-script $* reason=$reason
+ set | grep "^\(old_\|new_\|check_\)"
+-- 
+1.7.6.5
+