diff options
author | Mark H Weaver <mhw@netris.org> | 2015-05-22 00:09:26 -0400 |
---|---|---|
committer | Mark H Weaver <mhw@netris.org> | 2015-05-22 00:10:43 -0400 |
commit | 4de02f36ac00af722c8f693ab5823fc1a870d58f (patch) | |
tree | 4270b0cde6edfb91f194d4e5ac6d2ae320f904c5 | |
parent | c2ee19e6850960ee613c43af3937b1ce11d663f3 (diff) | |
download | gnu-guix-4de02f36ac00af722c8f693ab5823fc1a870d58f.tar gnu-guix-4de02f36ac00af722c8f693ab5823fc1a870d58f.tar.gz |
gnu: fuse: Add fix for CVE-2015-3202.
* gnu/packages/patches/fuse-CVE-2015-3202.patch: New file.
* gnu-system.am (dist_patch_DATA): Add it.
* gnu/packages/linux.scm (fuse): Add patch.
-rw-r--r-- | gnu-system.am | 1 | ||||
-rw-r--r-- | gnu/packages/linux.scm | 3 | ||||
-rw-r--r-- | gnu/packages/patches/fuse-CVE-2015-3202.patch | 65 |
3 files changed, 68 insertions, 1 deletions
diff --git a/gnu-system.am b/gnu-system.am index 297c8bcf6a..23113bb16c 100644 --- a/gnu-system.am +++ b/gnu-system.am @@ -421,6 +421,7 @@ dist_patch_DATA = \ gnu/packages/patches/flashrom-use-libftdi1.patch \ gnu/packages/patches/flex-bison-tests.patch \ gnu/packages/patches/fltk-shared-lib-defines.patch \ + gnu/packages/patches/fuse-CVE-2015-3202.patch \ gnu/packages/patches/gawk-shell.patch \ gnu/packages/patches/gcc-arm-link-spec-fix.patch \ gnu/packages/patches/gcc-cross-environment-variables.patch \ diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index b5f4b55c6b..26e9aa9000 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -1212,7 +1212,8 @@ processes currently causing I/O.") version ".tar.gz")) (sha256 (base32 - "071r6xjgssy8vwdn6m28qq1bqxsd2bphcd2mzhq0grf5ybm87sqb")))) + "071r6xjgssy8vwdn6m28qq1bqxsd2bphcd2mzhq0grf5ybm87sqb")) + (patches (list (search-patch "fuse-CVE-2015-3202.patch"))))) (build-system gnu-build-system) (inputs `(("util-linux" ,util-linux))) (arguments diff --git a/gnu/packages/patches/fuse-CVE-2015-3202.patch b/gnu/packages/patches/fuse-CVE-2015-3202.patch new file mode 100644 index 0000000000..7c64de7683 --- /dev/null +++ b/gnu/packages/patches/fuse-CVE-2015-3202.patch @@ -0,0 +1,65 @@ +The following patch was copied from Debian. + +Description: Fix CVE-2015-3202 + Missing scrubbing of the environment before executing a mount or umount + of a filesystem. +Origin: upstream +Author: Miklos Szeredi <miklos@szeredi.hu> +Last-Update: 2015-05-19 + +--- + lib/mount_util.c | 23 +++++++++++++++++------ + 1 file changed, 17 insertions(+), 6 deletions(-) + +--- a/lib/mount_util.c ++++ b/lib/mount_util.c +@@ -95,10 +95,12 @@ static int add_mount(const char *prognam + goto out_restore; + } + if (res == 0) { ++ char *env = NULL; ++ + sigprocmask(SIG_SETMASK, &oldmask, NULL); + setuid(geteuid()); +- execl("/bin/mount", "/bin/mount", "--no-canonicalize", "-i", +- "-f", "-t", type, "-o", opts, fsname, mnt, NULL); ++ execle("/bin/mount", "/bin/mount", "--no-canonicalize", "-i", ++ "-f", "-t", type, "-o", opts, fsname, mnt, NULL, &env); + fprintf(stderr, "%s: failed to execute /bin/mount: %s\n", + progname, strerror(errno)); + exit(1); +@@ -146,10 +148,17 @@ static int exec_umount(const char *progn + goto out_restore; + } + if (res == 0) { ++ char *env = NULL; ++ + sigprocmask(SIG_SETMASK, &oldmask, NULL); + setuid(geteuid()); +- execl("/bin/umount", "/bin/umount", "-i", rel_mnt, +- lazy ? "-l" : NULL, NULL); ++ if (lazy) { ++ execle("/bin/umount", "/bin/umount", "-i", rel_mnt, ++ "-l", NULL, &env); ++ } else { ++ execle("/bin/umount", "/bin/umount", "-i", rel_mnt, ++ NULL, &env); ++ } + fprintf(stderr, "%s: failed to execute /bin/umount: %s\n", + progname, strerror(errno)); + exit(1); +@@ -205,10 +214,12 @@ static int remove_mount(const char *prog + goto out_restore; + } + if (res == 0) { ++ char *env = NULL; ++ + sigprocmask(SIG_SETMASK, &oldmask, NULL); + setuid(geteuid()); +- execl("/bin/umount", "/bin/umount", "--no-canonicalize", "-i", +- "--fake", mnt, NULL); ++ execle("/bin/umount", "/bin/umount", "--no-canonicalize", "-i", ++ "--fake", mnt, NULL, &env); + fprintf(stderr, "%s: failed to execute /bin/umount: %s\n", + progname, strerror(errno)); + exit(1); |