rpms/hal/devel hal-fix-mount-options.patch, NONE, 1.1 hal.spec, 1.73, 1.74
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Tue Jan 10 00:32:55 UTC 2006
Author: johnp
Update of /cvs/dist/rpms/hal/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv17719
Modified Files:
hal.spec
Added Files:
hal-fix-mount-options.patch
Log Message:
- Add patch to escape mount options
hal-fix-mount-options.patch:
hal-system-storage-mount | 8 ++++----
1 files changed, 4 insertions(+), 4 deletions(-)
--- NEW FILE hal-fix-mount-options.patch ---
Index: tools/hal-system-storage-mount
===================================================================
RCS file: /cvs/hal/hal/tools/hal-system-storage-mount,v
retrieving revision 1.9
diff -u -r1.9 hal-system-storage-mount
--- tools/hal-system-storage-mount 8 Jan 2006 22:27:03 -0000 1.9
+++ tools/hal-system-storage-mount 10 Jan 2006 00:12:50 -0000
@@ -106,10 +106,10 @@
fi
fi
- # make sure the part after the '=' don't contain any commas otherwise an attacker may
- # pass e.g. umask=0600,suid,dev and this will get merged into $MOUNTOPTIONS - just replace
- # ',' with '_'
- MODIFIED_OPTION=${OPTION//,/_}
+ # Only allow ^a-zA-Z0-9_= in the string because otherwise an attacker may
+ # pass e.g. umask=0600,suid,dev or umask=`/bin/evil` and this will get merged
+ # into $MOUNTOPTIONS - Simply replace illegal characters with an underscore
+ MODIFIED_OPTION=${OPTION//[^a-zA-Z0-9_=]/_}
MOUNTOPTIONS="$MOUNTOPTIONS,$MODIFIED_OPTION"
OPTION_WAS_OK="1"
fi
Index: hal.spec
===================================================================
RCS file: /cvs/dist/rpms/hal/devel/hal.spec,v
retrieving revision 1.73
retrieving revision 1.74
diff -u -r1.73 -r1.74
--- hal.spec 9 Jan 2006 16:59:13 -0000 1.73
+++ hal.spec 10 Jan 2006 00:32:49 -0000 1.74
@@ -18,10 +18,11 @@
Summary: Hardware Abstraction Layer
Name: hal
Version: 0.5.5.1.cvs20060109
-Release: 1
+Release: 2
URL: http://www.freedesktop.org/Software/hal
Source0: %{name}-%{version}.tar.gz
Patch0: hal-0.5.4-match-on-capabilities.patch
+Patch1: hal-fix-mount-options.patch
License: AFL/GPL
Group: System Environment/Libraries
BuildRoot: %{_tmppath}/%{name}-root
@@ -81,6 +82,7 @@
%prep
%setup -q
%patch0 -p1 -b .match-on-capabilities
+%patch1 -p0 -b .mount-options
%build
%configure --disable-docbook-docs --with-os-type=redhat --enable-pcmcia-support --with-stab-file=/var/lib/pcmcia/stab
@@ -169,6 +171,9 @@
%{_bindir}/hal-device-manager
%changelog
+* Mon Jan 09 2006 John (J5) Palmieri <johnp at redhat.com> - 0.5.5.1.cvs20060109-2
+- Add patch to escape mount options
+
* Mon Jan 09 2006 John (J5) Palmieri <johnp at redhat.com> - 0.5.5.1.cvs20060109-1
- Update to a new CVS snapshot
More information about the fedora-cvs-commits
mailing list