aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorprspkt <prspkt@protonmail.com>2020-08-23 20:12:12 +0300
committerprspkt <prspkt@protonmail.com>2020-08-23 23:56:48 +0300
commitfd001906e5e2199df6a434d83c94d30ce696cec7 (patch)
treefe42762a04c8106bdc531f4fdb1310a7c766755d
parentc66cfb2c1f37cb1d5799b4f2cc502f38da014189 (diff)
downloadaports-fd001906e5e2199df6a434d83c94d30ce696cec7.tar.gz
aports-fd001906e5e2199df6a434d83c94d30ce696cec7.tar.bz2
aports-fd001906e5e2199df6a434d83c94d30ce696cec7.tar.xz
main/chrony: add upstream patch for CVE-2020-14367
* Fixes: CVE-2020-14367. * Test suite fails on all arches with: Testing util FAIL (on line 82), disable.
-rw-r--r--main/chrony/APKBUILD13
-rw-r--r--main/chrony/CVE-2020-14367.patch204
2 files changed, 215 insertions, 2 deletions
diff --git a/main/chrony/APKBUILD b/main/chrony/APKBUILD
index 8327c29f69..d4e0add148 100644
--- a/main/chrony/APKBUILD
+++ b/main/chrony/APKBUILD
@@ -3,7 +3,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=chrony
pkgver=3.4
-pkgrel=1
+pkgrel=2
_ver=${pkgver/_/-}
pkgdesc="NTP client and server programs"
url="https://chrony.tuxfamily.org"
@@ -26,8 +26,16 @@ source="https://download.tuxfamily.org/$pkgname/$pkgname-$_ver.tar.gz
chrony.logrotate
chrony.conf
timepps.h
+
+ CVE-2020-14367.patch
"
builddir="$srcdir/$pkgname-$_ver"
+options="!check" # line 82 of test/unit/util.c fails on all arches
+
+# secfixes:
+# 3.4-r2:
+# - CVE-2020-14367
+
prepare() {
default_prepare
@@ -91,4 +99,5 @@ b26581ed32680585edea5b8163a0062a87f648394c0f363c77a7d01a36608fcf4d005d9e6ab179ed
60d6aab60132b11e82888b755a47aa6ae2949db07016b475e7bce53ed5083c888ab88f3b53e87bfa7396f0559f6870c28816b395361645dda157ab7649b28236 chronyd.initd
ab38f06bf45888846778ad935e24abb30d13b6805e9a750bc694ff953695fa8c5b33aac560f5f7f96dc46031c1a38660e5c418b6fce6fb34a87908a9a3c99357 chrony.logrotate
0ae453fca3461b6e56a32a9eb6be0d448c39bf0279583222ab2fecef307e1113f082d4e86f957e4baac4f223c5c57804cdea97322678009f3413ab99d54694b6 chrony.conf
-eb11fc19243d1789016d88eb7645bfe67c46304547781489bf36eb1dd4c252d523681ff835a6488fa0ef62b6b9e2f781c672279f4439f5d5640a3f214a113048 timepps.h"
+eb11fc19243d1789016d88eb7645bfe67c46304547781489bf36eb1dd4c252d523681ff835a6488fa0ef62b6b9e2f781c672279f4439f5d5640a3f214a113048 timepps.h
+777c5b83fac51424eaaf5e348e138389c449fcb03e382deebab727c6d265332ef3e1b7a168740b18ca669add05ba02c21a7c52edfdd442ed2b3893706098c343 CVE-2020-14367.patch"
diff --git a/main/chrony/CVE-2020-14367.patch b/main/chrony/CVE-2020-14367.patch
new file mode 100644
index 0000000000..f0e331bd97
--- /dev/null
+++ b/main/chrony/CVE-2020-14367.patch
@@ -0,0 +1,204 @@
+From f00fed20092b6a42283f29c6ee1f58244d74b545 Mon Sep 17 00:00:00 2001
+From: Miroslav Lichvar <mlichvar@redhat.com>
+Date: Thu, 6 Aug 2020 09:31:11 +0200
+Subject: [PATCH] main: create new file when writing pidfile
+
+When writing the pidfile, open the file with the O_CREAT|O_EXCL flags
+to avoid following a symlink and writing the PID to an unexpected file,
+when chronyd still has the root privileges.
+
+The Linux open(2) man page warns about O_EXCL not working as expected on
+NFS versions before 3 and Linux versions before 2.6. Saving pidfiles on
+a distributed filesystem like NFS is not generally expected, but if
+there is a reason to do that, these old kernel and NFS versions are not
+considered to be supported for saving files by chronyd.
+
+This is a minimal backport specific to this issue of the following
+commits:
+- commit 2fc8edacb810 ("use PATH_MAX")
+- commit f4c6a00b2a11 ("logging: call exit() in LOG_Message()")
+- commit 7a4c396bba8f ("util: add functions for common file operations")
+- commit e18903a6b563 ("switch to new util file functions")
+
+Reported-by: Matthias Gerstner <mgerstner@suse.de>
+---
+ logging.c | 1 +
+ main.c | 10 ++----
+ sysincl.h | 1 +
+ util.c | 95 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ util.h | 11 +++++++
+ 5 files changed, 111 insertions(+), 7 deletions(-)
+
+diff --git a/logging.c b/logging.c
+index d2296e0..fd7f900 100644
+--- a/logging.c
++++ b/logging.c
+@@ -171,6 +171,7 @@ void LOG_Message(LOG_Severity severity,
+ system_log = 0;
+ log_message(1, severity, buf);
+ }
++ exit(1);
+ break;
+ default:
+ assert(0);
+diff --git a/main.c b/main.c
+index 6ccf32e..8edb2e1 100644
+--- a/main.c
++++ b/main.c
+@@ -281,13 +281,9 @@ write_pidfile(void)
+ if (!pidfile[0])
+ return;
+
+- out = fopen(pidfile, "w");
+- if (!out) {
+- LOG_FATAL("Could not open %s : %s", pidfile, strerror(errno));
+- } else {
+- fprintf(out, "%d\n", (int)getpid());
+- fclose(out);
+- }
++ out = UTI_OpenFile(NULL, pidfile, NULL, 'W', 0644);
++ fprintf(out, "%d\n", (int)getpid());
++ fclose(out);
+ }
+
+ /* ================================================== */
+diff --git a/sysincl.h b/sysincl.h
+index 296c5e6..873a3bd 100644
+--- a/sysincl.h
++++ b/sysincl.h
+@@ -37,6 +37,7 @@
+ #include <glob.h>
+ #include <grp.h>
+ #include <inttypes.h>
++#include <limits.h>
+ #include <math.h>
+ #include <netinet/in.h>
+ #include <pwd.h>
+diff --git a/util.c b/util.c
+index e7e3442..83b3b20 100644
+--- a/util.c
++++ b/util.c
+@@ -1179,6 +1179,101 @@ UTI_CheckDirPermissions(const char *path, mode_t perm, uid_t uid, gid_t gid)
+
+ /* ================================================== */
+
++static int
++join_path(const char *basedir, const char *name, const char *suffix,
++ char *buffer, size_t length, LOG_Severity severity)
++{
++ const char *sep;
++
++ if (!basedir) {
++ basedir = "";
++ sep = "";
++ } else {
++ sep = "/";
++ }
++
++ if (!suffix)
++ suffix = "";
++
++ if (snprintf(buffer, length, "%s%s%s%s", basedir, sep, name, suffix) >= length) {
++ LOG(severity, "File path %s%s%s%s too long", basedir, sep, name, suffix);
++ return 0;
++ }
++
++ return 1;
++}
++
++/* ================================================== */
++
++FILE *
++UTI_OpenFile(const char *basedir, const char *name, const char *suffix,
++ char mode, mode_t perm)
++{
++ const char *file_mode;
++ char path[PATH_MAX];
++ LOG_Severity severity;
++ int fd, flags;
++ FILE *file;
++
++ severity = mode >= 'A' && mode <= 'Z' ? LOGS_FATAL : LOGS_ERR;
++
++ if (!join_path(basedir, name, suffix, path, sizeof (path), severity))
++ return NULL;
++
++ switch (mode) {
++ case 'r':
++ case 'R':
++ flags = O_RDONLY;
++ file_mode = "r";
++ if (severity != LOGS_FATAL)
++ severity = LOGS_DEBUG;
++ break;
++ case 'w':
++ case 'W':
++ flags = O_WRONLY | O_CREAT | O_EXCL;
++ file_mode = "w";
++ break;
++ case 'a':
++ case 'A':
++ flags = O_WRONLY | O_CREAT | O_APPEND;
++ file_mode = "a";
++ break;
++ default:
++ assert(0);
++ return NULL;
++ }
++
++try_again:
++ fd = open(path, flags, perm);
++ if (fd < 0) {
++ if (errno == EEXIST) {
++ if (unlink(path) < 0) {
++ LOG(severity, "Could not remove %s : %s", path, strerror(errno));
++ return NULL;
++ }
++ DEBUG_LOG("Removed %s", path);
++ goto try_again;
++ }
++ LOG(severity, "Could not open %s : %s", path, strerror(errno));
++ return NULL;
++ }
++
++ UTI_FdSetCloexec(fd);
++
++ file = fdopen(fd, file_mode);
++ if (!file) {
++ LOG(severity, "Could not open %s : %s", path, strerror(errno));
++ close(fd);
++ return NULL;
++ }
++
++ DEBUG_LOG("Opened %s fd=%d mode=%c", path, fd, mode);
++
++ return file;
++}
++
++/* ================================================== */
++
+ void
+ UTI_DropRoot(uid_t uid, gid_t gid)
+ {
+diff --git a/util.h b/util.h
+index e3d6767..a2481cc 100644
+--- a/util.h
++++ b/util.h
+@@ -176,6 +176,17 @@ extern int UTI_CreateDirAndParents(const char *path, mode_t mode, uid_t uid, gid
+ permissions and its uid/gid must match the specified values. */
+ extern int UTI_CheckDirPermissions(const char *path, mode_t perm, uid_t uid, gid_t gid);
+
++/* Open a file. The full path of the file is constructed from the basedir
++ (may be NULL), '/' (if basedir is not NULL), name, and suffix (may be NULL).
++ Created files have specified permissions (umasked). Returns NULL on error.
++ The following modes are supported (if the mode is an uppercase character,
++ errors are fatal):
++ r/R - open an existing file for reading
++ w/W - open a new file for writing (remove existing file)
++ a/A - open an existing file for appending (create if does not exist) */
++extern FILE *UTI_OpenFile(const char *basedir, const char *name, const char *suffix,
++ char mode, mode_t perm);
++
+ /* Set process user/group IDs and drop supplementary groups */
+ extern void UTI_DropRoot(uid_t uid, gid_t gid);
+