aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLeonardo Arena <rnalrd@alpinelinux.org>2019-08-20 13:19:38 +0000
committerLeonardo Arena <rnalrd@alpinelinux.org>2019-08-20 13:21:23 +0000
commit10fc00b3dbc9a5c90dd9c54ae5c6f94975e6b63b (patch)
tree44dbbd67be4da2abb258cfa095a75bb5209b1dd7
parent93e3be01c591ba6e7311e581ba65aae4a8cb3de2 (diff)
downloadaports-10fc00b3dbc9a5c90dd9c54ae5c6f94975e6b63b.tar.gz
aports-10fc00b3dbc9a5c90dd9c54ae5c6f94975e6b63b.tar.bz2
aports-10fc00b3dbc9a5c90dd9c54ae5c6f94975e6b63b.tar.xz
main/freeradius: security fix (CVE-2019-10143)
Ref #10744
-rw-r--r--main/freeradius/APKBUILD8
-rw-r--r--main/freeradius/CVE-2019-10143.patch94
2 files changed, 100 insertions, 2 deletions
diff --git a/main/freeradius/APKBUILD b/main/freeradius/APKBUILD
index 8d365112f9..174b16f69e 100644
--- a/main/freeradius/APKBUILD
+++ b/main/freeradius/APKBUILD
@@ -5,7 +5,7 @@
pkgname=freeradius
_realname=freeradius
pkgver=3.0.19
-pkgrel=2
+pkgrel=3
pkgdesc="RADIUS (Remote Authentication Dial-In User Service) server"
url="https://freeradius.org/"
arch="all"
@@ -30,10 +30,13 @@ source="ftp://ftp.freeradius.org/pub/freeradius/$_realname-server-$pkgver.tar.gz
musl-fix-headers.patch
fix-scopeid.patch
freeradius-313-default-config.patch
+ CVE-2019-10143.patch
"
builddir="$srcdir"/$_realname-server-$pkgver
# secfixes:
+# 3.0.19-r3:
+# - CVE-2019-10143
# 3.0.19-r0:
# - CVE-2019-11234
# - CVE-2019-11235
@@ -286,4 +289,5 @@ e248159c0a44f722e405c51c8015d9ad672e42ad0d38ca28f8a051ff911aa4d3e630b9bd4543e9d6
ba3c424d4eabb147c7aa3e31575a87ddb26b6a792d2a8714e73d8763e07854326a03a83991a7420246ca06bf0b93d0a6f23ec198f5e48647f9d25b40067e852a freeradius.initd
c49e5eec7497fccde5fd09dba1ea9b846e57bc88015bd81640aa531fb5c9b449f37136f42c85fe1d7940c5963aed664b85da28442b388c9fb8cc27873df03b2d musl-fix-headers.patch
41d478c0e40ff82fc36232964037c1ab8ffca9fdbb7dca02ed49319906e751c133b5d7bc7773c645cec6d9d39d1de69cba25e8d59afa8d6662563dd17f35f234 fix-scopeid.patch
-666e15a3c3e5b98ff8c3168de85b341606af5e2790af379ddec46464e9d7de14a715876a34ba1eb7fa47ddead23f7134128d591db32309db0e4acbdb6f21ef5e freeradius-313-default-config.patch"
+666e15a3c3e5b98ff8c3168de85b341606af5e2790af379ddec46464e9d7de14a715876a34ba1eb7fa47ddead23f7134128d591db32309db0e4acbdb6f21ef5e freeradius-313-default-config.patch
+5506cc095553c2024319f0818fd317c02c0aa52f306b506e44f661f2f600874426118decdc2313a2da8313bff3578d364262f947faa9198595a830764a336b57 CVE-2019-10143.patch"
diff --git a/main/freeradius/CVE-2019-10143.patch b/main/freeradius/CVE-2019-10143.patch
new file mode 100644
index 0000000000..528550aa82
--- /dev/null
+++ b/main/freeradius/CVE-2019-10143.patch
@@ -0,0 +1,94 @@
+From 1f233773962bf1a9c2d228a180eacddb9db2d574 Mon Sep 17 00:00:00 2001
+From: Alexander Scheel <ascheel@redhat.com>
+Date: Tue, 7 May 2019 16:04:29 -0400
+Subject: [PATCH] su to radiusd user/group when rotating logs
+
+The su directive to logrotate ensures that log rotation happens under the
+owner of the logs. Otherwise, logrotate runs as root:root, potentially
+enabling privilege escalation if a RCE is discovered against the
+FreeRADIUS daemon.
+
+Signed-off-by: Alexander Scheel <ascheel@redhat.com>
+---
+ debian/freeradius.logrotate | 3 +++
+ redhat/freeradius-logrotate | 1 +
+ scripts/logrotate/freeradius | 3 +++
+ suse/radiusd-logrotate | 1 +
+ 4 files changed, 8 insertions(+)
+
+diff --git a/debian/freeradius.logrotate b/debian/freeradius.logrotate
+index 7d837d53bd..a8d29b7adf 100644
+--- a/debian/freeradius.logrotate
++++ b/debian/freeradius.logrotate
+@@ -9,6 +9,7 @@
+ notifempty
+
+ copytruncate
++ su freerad freerad
+ }
+
+ # (in order)
+@@ -26,6 +27,7 @@
+ notifempty
+
+ nocreate
++ su freerad freerad
+ }
+
+ # There are different detail-rotating strategies you can use. One is
+@@ -45,4 +47,5 @@
+ notifempty
+
+ nocreate
++ su freerad freerad
+ }
+diff --git a/redhat/freeradius-logrotate b/redhat/freeradius-logrotate
+index 360765ddc4..bb97ca5547 100644
+--- a/redhat/freeradius-logrotate
++++ b/redhat/freeradius-logrotate
+@@ -9,6 +9,7 @@ rotate 4
+ missingok
+ compress
+ delaycompress
++su radiusd radiusd
+
+ #
+ # The main server log
+diff --git a/scripts/logrotate/freeradius b/scripts/logrotate/freeradius
+index 3de435e76e..eecf63175a 100644
+--- a/scripts/logrotate/freeradius
++++ b/scripts/logrotate/freeradius
+@@ -17,6 +17,7 @@
+ notifempty
+
+ copytruncate
++ su radiusd radiusd
+ }
+
+ # (in order)
+@@ -34,6 +35,7 @@
+ notifempty
+
+ nocreate
++ su radiusd radiusd
+ }
+
+ # There are different detail-rotating strategies you can use. One is
+@@ -53,4 +55,5 @@
+ notifempty
+
+ nocreate
++ su radiusd radiusd
+ }
+diff --git a/suse/radiusd-logrotate b/suse/radiusd-logrotate
+index 24d56be1a9..be5a797684 100644
+--- a/suse/radiusd-logrotate
++++ b/suse/radiusd-logrotate
+@@ -11,6 +11,7 @@ missingok
+ compress
+ delaycompress
+ notifempty
++su radiusd radiusd
+
+ #
+ # The main server log