Mailinglist Archive: opensuse-commit (1400 mails)

[root@xxxxxxxxxxxxxxx (h_root)]

Hello community,

here is the log from the commit of package libcap for openSUSE:11.4
checked in at Fri Nov 4 15:10:15 CET 2011.



--------
--- old-versions/11.4/all/libcap/libcap.changes 2010-12-02 15:48:24.000000000 
+0100
+++ 11.4/libcap/libcap.changes  2011-11-02 11:41:47.000000000 +0100
@@ -1,0 +2,6 @@
+Wed Nov  2 11:41:28 CET 2011 - tiwai@xxxxxxx
+
+- Fix VUL-0: libcap2: capsh does not chdir after chroot
+  (CVE-2011-4099, bnc#727715)
+
+-------------------------------------------------------------------

Package does not exist at destination yet. Using Fallback 
old-versions/11.4/all/libcap
Destination is old-versions/11.4/UPDATES/all/libcap
calling whatdependson for 11.4-i586


New:
----
  libcap-CVE-2011-4099.diff

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ libcap.spec ++++++
--- /var/tmp/diff_new_pack.WI2pTp/_old  2011-11-04 15:08:38.000000000 +0100
+++ /var/tmp/diff_new_pack.WI2pTp/_new  2011-11-04 15:08:38.000000000 +0100
@@ -1,5 +1,5 @@
 #
-# spec file for package libcap (Version 2.19)
+# spec file for package libcap
 #
 # Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
@@ -24,9 +24,10 @@
 AutoReqProv:    on
 Summary:        Library for Capabilities (linux-privs) Support
 Version:        2.19
-Release:        1
+Release:        9.<RELEASE10>
 Source:         
ftp://ftp.de.kernel.org/pub/linux/libs/security/linux-privs/libcap2/libcap-%{version}.tar.bz2
 Source2:        baselibs.conf
+Patch:          libcap-CVE-2011-4099.diff
 #URL:          http://www.kernel.org/
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  libattr-devel
@@ -91,6 +92,7 @@
 
 %prep
 %setup -q
+%patch -p1
 
 %build
 # lib=%{_lib} make %{?_smp_mflags} COPTFLAG="$RPM_OPT_FLAGS"

++++++ libcap-CVE-2011-4099.diff ++++++
> From af725c50c2930485947bd958dbdf984faf8fc1ba Mon Sep 17 00:00:00 2001
From: "Andrew G. Morgan" <morgan@xxxxxxxxxx>
Date: Sun, 24 Jul 2011 19:17:25 -0700
Subject: [PATCH] Change directory to "/" after --chroot operation.

Thanks to Steve Grubb for suggesting this. He wrote:
=========
I was reviewing something recently and discovered a problem in capsh. The capsh
program has a --chroot command line option. Inspecting the code shows that it 
does not
do a chdir("/") after calling chroot. This means that '.' is outside the chroot.

Additional info:
http://cwe.mitre.org/data/definitions/243.html
=========

Signed-off-by: Andrew G. Morgan <morgan@xxxxxxxxxx>
---
 progs/capsh.c |    8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

--- a/progs/capsh.c
+++ b/progs/capsh.c
@@ -243,10 +243,16 @@
                perror("unable to lower CAP_SYS_CHROOT");
                exit(1);
            }
+           /*
+            * Given we are now in a new directory tree, its good practice
+            * to start off in a sane location
+            */
+           status = chdir("/");
+
            cap_free(orig);
 
            if (status != 0) {
-               fprintf(stderr, "Unable to chroot to [%s]", argv[i]+9);
+               fprintf(stderr, "Unable to chroot/chdir to [%s]", argv[i]+9);
                exit(1);
            }
        } else if (!memcmp("--secbits=", argv[i], 10)) {
continue with "q"...



Remember to have fun...

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-commit+help@xxxxxxxxxxxx