commit ecryptfs-utils for openSUSE:Factory
Hello community, here is the log from the commit of package ecryptfs-utils for openSUSE:Factory checked in at 2016-01-23 01:16:28 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ecryptfs-utils (Old) and /work/SRC/openSUSE:Factory/.ecryptfs-utils.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "ecryptfs-utils" Changes: -------- --- /work/SRC/openSUSE:Factory/ecryptfs-utils/ecryptfs-utils.changes 2015-10-20 00:06:15.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.ecryptfs-utils.new/ecryptfs-utils.changes 2016-01-23 01:16:34.000000000 +0100 @@ -1,0 +2,7 @@ +Wed Jan 20 16:31:19 UTC 2016 - meissner@suse.com + +- validate-mount-destination-fs-type.patch: A local user could have + escalated privileges by mounting over special filesystems (bsc#962052 + CVE-2016-1572) + +------------------------------------------------------------------- New: ---- validate-mount-destination-fs-type.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ecryptfs-utils.spec ++++++ --- /var/tmp/diff_new_pack.Q3W7rU/_old 2016-01-23 01:16:35.000000000 +0100 +++ /var/tmp/diff_new_pack.Q3W7rU/_new 2016-01-23 01:16:35.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package ecryptfs-utils # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -31,6 +31,7 @@ Patch0: ecryptfs-setup-swap-SuSE.patch # PATCH-FIX-OPENSUSE build with -fpie/-pie Patch1: ecryptfs-utils-src-utils-Makefile.patch +Patch2: validate-mount-destination-fs-type.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: fdupes @@ -76,6 +77,7 @@ %setup -q %patch0 -p1 %patch1 -p1 +%patch2 -p1 %build export RPM_OPT_FLAGS="%{optflags} -fno-strict-aliasing" ++++++ validate-mount-destination-fs-type.patch ++++++
From 8fcdb9ef8406cd05c45acef6210a3bfa0831e857 Mon Sep 17 00:00:00 2001 From: Tyler Hicks
Date: Thu, 7 Jan 2016 19:39:14 -0600 Subject: [PATCH] mount.ecryptfs_private: Validate mount destination fs type
Refuse to mount over non-standard filesystems. Mounting over
certain types filesystems is a red flag that the user is doing
something devious, such as mounting over the /proc/self symlink
target with malicious content in order to confuse programs that may
attempt to parse those files. (LP: #1530566)
https://launchpad.net/bugs/1530566
---
debian/changelog | 8 +++++
src/utils/mount.ecryptfs_private.c | 61 ++++++++++++++++++++++++++++++++++++++
2 files changed, 69 insertions(+)
Index: ecryptfs-utils-108/src/utils/mount.ecryptfs_private.c
===================================================================
--- ecryptfs-utils-108.orig/src/utils/mount.ecryptfs_private.c
+++ ecryptfs-utils-108/src/utils/mount.ecryptfs_private.c
@@ -30,6 +30,7 @@
#include
participants (1)
-
root@hilbert.suse.de