Package: python-rtslib-fb / 2.1.71-3

Metadata

Package Version Patches format
python-rtslib-fb 2.1.71-3 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
fix path of etc saveconfig.json.patch | (download)

rtslib/root.py | 8 4 + 4 - 0 !
scripts/targetctl | 2 1 + 1 - 0 !
2 files changed, 5 insertions(+), 5 deletions(-)

 fix path for the /etc/target/saveconfig.json
 The default path is /etc/target, which IMO is a way too generic. So I changed
 this to /etc/rtslib-fb-target/saveconfig.json
CVE 2020 14019_1_saveconfig_copy_temp_configfile_with_permissions.patch | (download)

rtslib/root.py | 3 2 + 1 - 0 !
1 file changed, 2 insertions(+), 1 deletion(-)

 cve-2020-14019 saveconfig: copy temp configfile with permissions
 shutil.copyfile() will not copy permissions, so all the perms that we
 set on tempfile will go for a toss, and will be reset to default
 .
 ┌──────────────────┬────────┬───────────┬───────┬────────────────┐
 │     Function     │ Copies │   Copies  │Can use│   Destination  │
 │                  │metadata│permissions│buffer │may be directory│
 ├──────────────────┼────────┼───────────┼───────┼────────────────┤
 │shutil.copy       │   No   │    Yes    │   No  │      Yes       │
 │shutil.copyfile   │   No   │     No    │   No  │       No       │
 │shutil.copy2      │  Yes   │    Yes    │   No  │      Yes       │
 │shutil.copyfileobj│   No   │     No    │  Yes  │       No       │
 └──────────────────┴────────┴───────────┴───────┴────────────────┘
 .
 Without this fix:
 
CVE 2020 14019_2_saveconfig_open_the_temp_configfile_with_modes_set.patch | (download)

rtslib/root.py | 21 19 + 2 - 0 !
1 file changed, 19 insertions(+), 2 deletions(-)

 cve-2020-14019 saveconfig: open the temp configfile with modes set