Package: augeas / 0.7.2-1+deb6u1
Metadata
Package | Version | Patches format |
---|---|---|
augeas | 0.7.2-1+deb6u1 | 3.0 (quilt) |
Patch series
view the series filePatch | File delta | Description |
---|---|---|
CVE 2012 0786.1.patch | (download) |
src/internal.c |
15 12 + 3 - 0 ! |
[patch] prevent symlink attacks via .augnew during saving Instead of saving into a predictable PATH.augnew file, save into a securely created PATH.augnew.XXXXXX * src/transform.c (transform_save): write changes to a temporary file in the same directory as the destination (either the file's canonical path or the path of .augnew), before renaming * src/transform.c (transfer_file_attrs): use fchown, fchmod etc. on the same file handles to ensure consistent permission changes * bootstrap: add mkstemp gnulib module * tests/ test-put-symlink-augnew.sh: test symlink attack when writing .augnew test-put-symlink-augsave.sh: test symlink attack when writing .augsave test-put-symlink-augtemp.sh: test symlink attack via temp .augnew test-put-symlink.sh: also test file modification Fixes BZ 772257 |
CVE 2012 0786.2.patch | (download) |
src/internal.c |
5 4 + 1 - 0 ! |
[patch] * src/transform.c (xread_file): catch failed fopen, e.g. EACCES |
CVE 2012 0786.3.patch | (download) |
src/transform.c |
10 10 + 0 - 0 ! |
[patch] fix regression in permissions of created files Commit 16387744 changed temporary file creation to use mkstemp, resulting in new files being created with 0600 permissions. For brand new files created through Augeas, their permissions stayed at 0600 rather than being set by the umask as before. * src/transform.c (transform_save): chmod after creating new files to permissions implied by the umask |
CVE 2012 0787.patch | (download) |
src/transform.c |
40 34 + 6 - 0 ! |
[patch] prevent cross-mountpoint attacks via .augsave during saving Previously Augeas would open PATH.augsave for writing if a rename from PATH to PATH.augsave failed, then write the file contents in. Now if the rename fails, it tries to unlink PATH.augsave and open it with O_EXCL first. Mountpoints remain permitted at either PATH or PATH.augnew provided /augeas/save/copy_if_rename_fails exists. * src/transform.c (clone_file): add argument to perform unlink and O_EXCL on destination filename after a rename failure to prevent PATH.augsave being a mountpoint * src/transform.c (transform_save, remove_file): always try to unlink PATH.augsave if rename fails, only allowing PATH to be a mountpoint; allow PATH or PATH.augnew to be mountpoints * tests/ test-put-mount: check PATH being a mountpoint is supported test-put-mount-augnew.sh: check PATH.augnew being a mountpoint is supported test-put-mount-augsave.sh: check unlink error when PATH.augsave is a mount Fixes BZ 772261 |
CVE 2013 6412.patch | (download) |
src/transform.c |
2 1 + 1 - 0 ! |
[patch] fix umask handling when creating new files * src/transform.c (transform_save): faulty umask arithmetic would cause overly-open file modes when the umask contains "7", as the umask was incorrectly subtracted from the target file mode Fixes CVE-2013-6412, RHBZ#1034261 |
cutest macros.patch | (download) |
tests/test-save.c |
4 4 + 0 - 0 ! |
--- |