From: Scott James Remnant Date: Mon, 8 Mar 2004 17:23:59 +0000 (+0000) Subject: Retro-actively apply patch for the 1.10.18.1 release: X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cdfa62158ff59e305e41334540d37f2b6c71725c;p=dpkg Retro-actively apply patch for the 1.10.18.1 release: * main/processarc.c (process_archive): Copy code from main/remove.c to ensure that hardlinks to devices, setuid files or setgid files cannot be stashed away in the hope that they become compromisable in the future. This was handled when removing a package, but not when upgrading one. * main/remove.c: Terminate string buffer correctly. * dpkg-deb/main.c: Don't use multiline strings (a removed GCC extension). --- diff --git a/ChangeLog b/ChangeLog index df7f476d..3fd8e31b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,28 @@ +Thu Feb 26 01:48:15 GMT 2004 Scott James Remnant + + * main/processarc.c (process_archive): Copy code from main/remove.c + to ensure that hardlinks to devices, setuid files or setgid files + cannot be stashed away in the hope that they become compromisable + in the future. This was handled when removing a package, but not + when upgrading one. + +Thu Feb 26 01:23:13 GMT 2004 Scott James Remnant + + * version-nr: Bump to 1.10.18.1 + +Mon Feb 23 22:46:21 GMT 2004 Scott James Remnant + + * dpkg-deb/main.c: Clean up previous badly applied multiline string + patch. + +Mon Feb 23 01:30:13 CET 2004 Steinar H. Gunderson + + * main/remove.c: Terminate string buffer correctly. + +Fri Feb 20 10:22:24 CET 2004 Colin Watson + + * dpkg-deb/main.c: Don't use multiline strings (a removed GCC extension). + Tue Jan 27 20:08:12 CST 2003 Adam Heath * debian/control: Update dpkg conflicts to << 1.10, instead of 1.9. diff --git a/debian/changelog b/debian/changelog index 3e2a5f07..2a47de10 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,8 +1,14 @@ -dpkg (1.10.19) unstable; urgency=medium +dpkg (1.10.18.1) unstable; urgency=medium - * Update dpkg conflicts to << 1.10, instead of 1.9. Closes: #190611. + * Non-maintainer upload to fix release-critical bugs. + * Terminate string buffer in main/remove.c. Closes: #228379. + * Prevent stashing of hardlinked devices and setuid or setgid binaries + by removing permissions on upgrade as well as on remove. + Closes: #225692. + * Update dpkg conflicts to << 1.10, instead of 1.9. + Closes: #190611, #221989, #222760. - -- Adam Heath UNRELEASED + -- Scott James Remnant Thu, 26 Feb 2004 01:17:27 +0000 dpkg (1.10.18) unstable; urgency=medium diff --git a/dpkg-deb/main.c b/dpkg-deb/main.c index 9bf1f663..2cb8f290 100644 --- a/dpkg-deb/main.c +++ b/dpkg-deb/main.c @@ -54,42 +54,42 @@ static void printversion(void) { } static void usage(void) { - if (fputs(_("\ -Command:\n\ - -b|--build [] build an archive.\n\ - -c|--contents list contents.\n\ - -I|--info [...] show info to stdout.\n\ - -W|--show show information on package(s)\n\ - -f|--field [...] show field(s) to stdout.\n\ - -e|--control [] extract control info.\n\ - -x|--extract extract files.\n\ - -X|--vextract extract & list files.\n\ - --fsys-tarfile output filesystem tarfile.\n\ - -h|--help display this message.\n\ - --version | --licence show version/licence.\n\ -\n\ - is the filename of a Debian format archive.\n\ - is the name of an administrative file component.\n\ - is the name of a field in the main `control' file.\n\ -\n\ -Options:\n\ - --showformat= use alternative format for --show\n\ - -D enable debugging output\n\ - --old, --new select archive format\n\ - --nocheck suppress control file check (build bad package).\n\ - -z# to set the compression when building\n\ -\n\ -Format syntax:\n\ - A format is a string that will be output for each package. The format\n\ - can include the standard escape sequences \\n (newline), \\r (carriage\n\ - return) or \\\\ (plain backslash). Package information can be included\n\ - by inserting variable references to package fields using the ${var[;width]}\n\ - syntax. Fields will be right-aligned unless the width is negative in which\n\ - case left alignment will be used. \n\ -\n\ -Use `dpkg' to install and remove packages from your system, or\n\ -`dselect' for user-friendly package management. Packages unpacked\n\ -using `dpkg-deb --extract' will be incorrectly installed !\n"), + if (fputs(_( +"Command:\n" +" -b|--build [] build an archive.\n" +" -c|--contents list contents.\n" +" -I|--info [...] show info to stdout.\n" +" -W|--show show information on package(s)\n" +" -f|--field [...] show field(s) to stdout.\n" +" -e|--control [] extract control info.\n" +" -x|--extract extract files.\n" +" -X|--vextract extract & list files.\n" +" --fsys-tarfile output filesystem tarfile.\n" +" -h|--help display this message.\n" +" --version | --licence show version/licence.\n" +"\n" +" is the filename of a Debian format archive.\n" +" is the name of an administrative file component.\n" +" is the name of a field in the main `control' file.\n" +"\n" +"Options:\n" +" --showformat= use alternative format for --show\n" +" -D enable debugging output\n" +" --old, --new select archive format\n" +" --nocheck suppress control file check (build bad package).\n" +" -z# to set the compression when building\n" +"\n" +"Format syntax:\n" +" A format is a string that will be output for each package. The format\n" +" can include the standard escape sequences \\n (newline), \\r (carriage\n" +" return) or \\\\ (plain backslash). Package information can be included\n" +" by inserting variable references to package fields using the ${var[;width]}\n" +" syntax. Fields will be right-aligned unless the width is negative in which\n" +" case left alignment will be used. \n" +"\n" +"Use `dpkg' to install and remove packages from your system, or\n" +"`dselect' for user-friendly package management. Packages unpacked\n" +"using `dpkg-deb --extract' will be incorrectly installed !\n"), stdout) < 0) werr("stdout"); } diff --git a/main/processarc.c b/main/processarc.c index 2eedfb5e..c1d5669b 100644 --- a/main/processarc.c +++ b/main/processarc.c @@ -639,6 +639,20 @@ void process_archive(const char *filename) { } else debug(dbg_eachfile, "process_archive: could not stat %s, skipping", fnamevb.buf); if (donotrm) continue; + { + /* + * If file to remove is a device or s[gu]id, change its mode + * so that a malicious user cannot use it even if it's linked + * to another file. + */ + struct stat stat_buf; + if (stat(fnamevb.buf,&stat_buf)==0) { + if (S_ISCHR(stat_buf.st_mode) || S_ISBLK(stat_buf.st_mode)) + chmod(fnamevb.buf, 0); + if (stat_buf.st_mode & (S_ISUID|S_ISGID)) + chmod(fnamevb.buf, stat_buf.st_mode & ~(S_ISUID|S_ISGID)); + } + } if (!unlink(fnamevb.buf)) continue; if (errno == ENOTDIR) continue; } diff --git a/main/remove.c b/main/remove.c index f764ead6..c40f219c 100644 --- a/main/remove.c +++ b/main/remove.c @@ -339,6 +339,7 @@ static void removal_bulk_remove_leftover_dirs(struct pkginfo *pkg) { varbufreset(&fnvb); varbufaddstr(&fnvb,instdir); varbufaddstr(&fnvb,namenodetouse(namenode,pkg)->name); + varbufaddc(&fnvb,0); if (!stat(fnvb.buf,&stab) && S_ISDIR(stab.st_mode)) { debug(dbg_eachfiledetail, "removal_bulk is a directory"); diff --git a/version-nr b/version-nr index e5c453e2..77c7fec3 100644 --- a/version-nr +++ b/version-nr @@ -1 +1 @@ -1.10.18 +1.10.18.1