diff options
| author | 宋文武 <iyzsong@gmail.com> | 2015-05-23 09:43:12 +0800 |
|---|---|---|
| committer | 宋文武 <iyzsong@gmail.com> | 2015-05-23 09:43:12 +0800 |
| commit | 86a81222cad9841c67e9d9bcd46c567383e9a34f (patch) | |
| tree | d976896cba87c5de65d8fdc4bf0be85880c04153 /gnu/packages/patches/fuse-CVE-2015-3202.patch | |
| parent | 3e3d47fc5347a5032fd2039831be1dc1d80576ed (diff) | |
| parent | 8605321dd6f3c42590046be9d69112a8c8cf7cbf (diff) | |
| download | guix-86a81222cad9841c67e9d9bcd46c567383e9a34f.tar.gz | |
Merge branch 'master' into gtk-rebuild
Conflicts: gnu/packages/gtk.scm
Diffstat (limited to 'gnu/packages/patches/fuse-CVE-2015-3202.patch')
| -rw-r--r-- | gnu/packages/patches/fuse-CVE-2015-3202.patch | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/gnu/packages/patches/fuse-CVE-2015-3202.patch b/gnu/packages/patches/fuse-CVE-2015-3202.patch new file mode 100644 index 0000000000..7c64de7683 --- /dev/null +++ b/gnu/packages/patches/fuse-CVE-2015-3202.patch @@ -0,0 +1,65 @@ +The following patch was copied from Debian. + +Description: Fix CVE-2015-3202 + Missing scrubbing of the environment before executing a mount or umount + of a filesystem. +Origin: upstream +Author: Miklos Szeredi <miklos@szeredi.hu> +Last-Update: 2015-05-19 + +--- + lib/mount_util.c | 23 +++++++++++++++++------ + 1 file changed, 17 insertions(+), 6 deletions(-) + +--- a/lib/mount_util.c ++++ b/lib/mount_util.c +@@ -95,10 +95,12 @@ static int add_mount(const char *prognam + goto out_restore; + } + if (res == 0) { ++ char *env = NULL; ++ + sigprocmask(SIG_SETMASK, &oldmask, NULL); + setuid(geteuid()); +- execl("/bin/mount", "/bin/mount", "--no-canonicalize", "-i", +- "-f", "-t", type, "-o", opts, fsname, mnt, NULL); ++ execle("/bin/mount", "/bin/mount", "--no-canonicalize", "-i", ++ "-f", "-t", type, "-o", opts, fsname, mnt, NULL, &env); + fprintf(stderr, "%s: failed to execute /bin/mount: %s\n", + progname, strerror(errno)); + exit(1); +@@ -146,10 +148,17 @@ static int exec_umount(const char *progn + goto out_restore; + } + if (res == 0) { ++ char *env = NULL; ++ + sigprocmask(SIG_SETMASK, &oldmask, NULL); + setuid(geteuid()); +- execl("/bin/umount", "/bin/umount", "-i", rel_mnt, +- lazy ? "-l" : NULL, NULL); ++ if (lazy) { ++ execle("/bin/umount", "/bin/umount", "-i", rel_mnt, ++ "-l", NULL, &env); ++ } else { ++ execle("/bin/umount", "/bin/umount", "-i", rel_mnt, ++ NULL, &env); ++ } + fprintf(stderr, "%s: failed to execute /bin/umount: %s\n", + progname, strerror(errno)); + exit(1); +@@ -205,10 +214,12 @@ static int remove_mount(const char *prog + goto out_restore; + } + if (res == 0) { ++ char *env = NULL; ++ + sigprocmask(SIG_SETMASK, &oldmask, NULL); + setuid(geteuid()); +- execl("/bin/umount", "/bin/umount", "--no-canonicalize", "-i", +- "--fake", mnt, NULL); ++ execle("/bin/umount", "/bin/umount", "--no-canonicalize", "-i", ++ "--fake", mnt, NULL, &env); + fprintf(stderr, "%s: failed to execute /bin/umount: %s\n", + progname, strerror(errno)); + exit(1); |