aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLeonardo Arena <rnalrd@alpinelinux.org>2019-08-20 14:00:23 +0000
committerLeonardo Arena <rnalrd@alpinelinux.org>2019-08-20 14:01:43 +0000
commit845ceeb84a5356dfef381071a5fcbffff147dd8e (patch)
treedb3c65bd14b30a0110def904b9faa0c31467e16f
parentc2038f0e8020a453038a90b8c532550a7121d923 (diff)
downloadaports-845ceeb84a5356dfef381071a5fcbffff147dd8e.tar.gz
aports-845ceeb84a5356dfef381071a5fcbffff147dd8e.tar.bz2
aports-845ceeb84a5356dfef381071a5fcbffff147dd8e.tar.xz
main/freeradius: security fix (CVE-2019-10143)
Ref #10744
-rw-r--r--main/freeradius/APKBUILD8
-rw-r--r--main/freeradius/CVE-2019-10143.patch94
2 files changed, 100 insertions, 2 deletions
diff --git a/main/freeradius/APKBUILD b/main/freeradius/APKBUILD
index e9cd6a3d67..38ef6fe8a0 100644
--- a/main/freeradius/APKBUILD
+++ b/main/freeradius/APKBUILD
@@ -5,7 +5,7 @@
pkgname=freeradius
_realname=freeradius
pkgver=3.0.17
-pkgrel=5
+pkgrel=6
pkgdesc="RADIUS (Remote Authentication Dial-In User Service) server"
url="http://freeradius.org/"
arch="all"
@@ -33,10 +33,13 @@ source="ftp://ftp.freeradius.org/pub/freeradius/$_realname-server-$pkgver.tar.gz
fix-scopeid.patch
freeradius-313-default-config.patch
CVE-2019-11234-5.patch
+ CVE-2019-10143.patch
"
builddir="$srcdir"/$_realname-server-$pkgver
# secfixes:
+# 3.0.17-r6:
+# - CVE-2019-10143
# 3.0.17-r5:
# - CVE-2019-11234
# - CVE-2019-11235
@@ -290,4 +293,5 @@ ba3c424d4eabb147c7aa3e31575a87ddb26b6a792d2a8714e73d8763e07854326a03a83991a74202
c49e5eec7497fccde5fd09dba1ea9b846e57bc88015bd81640aa531fb5c9b449f37136f42c85fe1d7940c5963aed664b85da28442b388c9fb8cc27873df03b2d musl-fix-headers.patch
41d478c0e40ff82fc36232964037c1ab8ffca9fdbb7dca02ed49319906e751c133b5d7bc7773c645cec6d9d39d1de69cba25e8d59afa8d6662563dd17f35f234 fix-scopeid.patch
666e15a3c3e5b98ff8c3168de85b341606af5e2790af379ddec46464e9d7de14a715876a34ba1eb7fa47ddead23f7134128d591db32309db0e4acbdb6f21ef5e freeradius-313-default-config.patch
-05b19e1b4d43eac3ddb2f1d62a31bedb2e3386bdafc0253506304d46e6ea41f1bf798c28d3b1207341c4c9d17de0775a9ca8aa2b9c27a90c92d21c0a73ee6477 CVE-2019-11234-5.patch"
+05b19e1b4d43eac3ddb2f1d62a31bedb2e3386bdafc0253506304d46e6ea41f1bf798c28d3b1207341c4c9d17de0775a9ca8aa2b9c27a90c92d21c0a73ee6477 CVE-2019-11234-5.patch
+5506cc095553c2024319f0818fd317c02c0aa52f306b506e44f661f2f600874426118decdc2313a2da8313bff3578d364262f947faa9198595a830764a336b57 CVE-2019-10143.patch"
diff --git a/main/freeradius/CVE-2019-10143.patch b/main/freeradius/CVE-2019-10143.patch
new file mode 100644
index 0000000000..528550aa82
--- /dev/null
+++ b/main/freeradius/CVE-2019-10143.patch
@@ -0,0 +1,94 @@
+From 1f233773962bf1a9c2d228a180eacddb9db2d574 Mon Sep 17 00:00:00 2001
+From: Alexander Scheel <ascheel@redhat.com>
+Date: Tue, 7 May 2019 16:04:29 -0400
+Subject: [PATCH] su to radiusd user/group when rotating logs
+
+The su directive to logrotate ensures that log rotation happens under the
+owner of the logs. Otherwise, logrotate runs as root:root, potentially
+enabling privilege escalation if a RCE is discovered against the
+FreeRADIUS daemon.
+
+Signed-off-by: Alexander Scheel <ascheel@redhat.com>
+---
+ debian/freeradius.logrotate | 3 +++
+ redhat/freeradius-logrotate | 1 +
+ scripts/logrotate/freeradius | 3 +++
+ suse/radiusd-logrotate | 1 +
+ 4 files changed, 8 insertions(+)
+
+diff --git a/debian/freeradius.logrotate b/debian/freeradius.logrotate
+index 7d837d53bd..a8d29b7adf 100644
+--- a/debian/freeradius.logrotate
++++ b/debian/freeradius.logrotate
+@@ -9,6 +9,7 @@
+ notifempty
+
+ copytruncate
++ su freerad freerad
+ }
+
+ # (in order)
+@@ -26,6 +27,7 @@
+ notifempty
+
+ nocreate
++ su freerad freerad
+ }
+
+ # There are different detail-rotating strategies you can use. One is
+@@ -45,4 +47,5 @@
+ notifempty
+
+ nocreate
++ su freerad freerad
+ }
+diff --git a/redhat/freeradius-logrotate b/redhat/freeradius-logrotate
+index 360765ddc4..bb97ca5547 100644
+--- a/redhat/freeradius-logrotate
++++ b/redhat/freeradius-logrotate
+@@ -9,6 +9,7 @@ rotate 4
+ missingok
+ compress
+ delaycompress
++su radiusd radiusd
+
+ #
+ # The main server log
+diff --git a/scripts/logrotate/freeradius b/scripts/logrotate/freeradius
+index 3de435e76e..eecf63175a 100644
+--- a/scripts/logrotate/freeradius
++++ b/scripts/logrotate/freeradius
+@@ -17,6 +17,7 @@
+ notifempty
+
+ copytruncate
++ su radiusd radiusd
+ }
+
+ # (in order)
+@@ -34,6 +35,7 @@
+ notifempty
+
+ nocreate
++ su radiusd radiusd
+ }
+
+ # There are different detail-rotating strategies you can use. One is
+@@ -53,4 +55,5 @@
+ notifempty
+
+ nocreate
++ su radiusd radiusd
+ }
+diff --git a/suse/radiusd-logrotate b/suse/radiusd-logrotate
+index 24d56be1a9..be5a797684 100644
+--- a/suse/radiusd-logrotate
++++ b/suse/radiusd-logrotate
+@@ -11,6 +11,7 @@ missingok
+ compress
+ delaycompress
+ notifempty
++su radiusd radiusd
+
+ #
+ # The main server log