From 33218c81059225c33b2dd433214852b74bedad25 Mon Sep 17 00:00:00 2001 From: DongHun Kwak Date: Fri, 27 Nov 2020 15:45:30 +0900 Subject: [PATCH] Imported Upstream version 17.19.0 --- VERSION.cmake | 6 ++-- package/libzypp.changes | 6 ++++ tests/parser/HistoryLogReader_test.cc | 3 +- tests/parser/HistoryLogReader_test.dat | 1 + zypp/HistoryLog.cc | 26 +++++++++++++++--- zypp/HistoryLog.h | 8 ++++++ zypp/HistoryLogData.cc | 20 ++++++++++++++ zypp/HistoryLogData.h | 50 +++++++++++++++++++++++++++++++++- zypp/PathInfo.cc | 27 ++++++++++++++++++ zypp/PathInfo.h | 4 +++ zypp/PoolItem.cc | 13 +++++++++ zypp/PoolItem.h | 3 ++ zypp/media/MediaCurl.cc | 1 + 13 files changed, 159 insertions(+), 9 deletions(-) diff --git a/VERSION.cmake b/VERSION.cmake index 388f2ec..c83385e 100644 --- a/VERSION.cmake +++ b/VERSION.cmake @@ -60,9 +60,9 @@ # SET(LIBZYPP_MAJOR "17") SET(LIBZYPP_COMPATMINOR "12") -SET(LIBZYPP_MINOR "18") -SET(LIBZYPP_PATCH "1") +SET(LIBZYPP_MINOR "19") +SET(LIBZYPP_PATCH "0") # -# LAST RELEASED: 17.18.1 (12) +# LAST RELEASED: 17.19.0 (12) # (The number in parenthesis is LIBZYPP_COMPATMINOR) #======= diff --git a/package/libzypp.changes b/package/libzypp.changes index 056f98a..f5eeaca 100644 --- a/package/libzypp.changes +++ b/package/libzypp.changes @@ -1,4 +1,10 @@ ------------------------------------------------------------------- +Wed Dec 11 09:51:10 CET 2019 - ma@suse.de + +- MediaCurl: assert cookie file has mode 0600 (bsc#1158763, CVE-2019-18900) +- version 17.19.0 (12) + +------------------------------------------------------------------- Mon Dec 9 10:22:56 CET 2019 - ma@suse.de - dup: fix removing orphaned packages dropped by to-be-installed diff --git a/tests/parser/HistoryLogReader_test.cc b/tests/parser/HistoryLogReader_test.cc index 0226cc5..09e8136 100644 --- a/tests/parser/HistoryLogReader_test.cc +++ b/tests/parser/HistoryLogReader_test.cc @@ -34,7 +34,7 @@ BOOST_AUTO_TEST_CASE(basic) history.clear(); parser.readAll(); - BOOST_CHECK_EQUAL( history.size(), 8 ); + BOOST_CHECK_EQUAL( history.size(), 9 ); BOOST_CHECK( dynamic_pointer_cast ( history[0] ) ); BOOST_CHECK( dynamic_pointer_cast ( history[1] ) ); BOOST_CHECK( dynamic_pointer_cast ( history[2] ) ); @@ -43,6 +43,7 @@ BOOST_AUTO_TEST_CASE(basic) BOOST_CHECK( dynamic_pointer_cast ( history[5] ) ); BOOST_CHECK( dynamic_pointer_cast ( history[6] ) ); BOOST_CHECK( dynamic_pointer_cast ( history[7] ) ); + BOOST_CHECK( dynamic_pointer_cast ( history[8] ) ); BOOST_CHECK_EQUAL( (*history[1])[HistoryLogDataInstall::USERDATA_INDEX], "trans|ID" ); // properly (un)escaped? HistoryLogDataInstall::Ptr p = dynamic_pointer_cast( history[1] ); diff --git a/tests/parser/HistoryLogReader_test.dat b/tests/parser/HistoryLogReader_test.dat index a3f9845..1732b8a 100644 --- a/tests/parser/HistoryLogReader_test.dat +++ b/tests/parser/HistoryLogReader_test.dat @@ -11,3 +11,4 @@ discard\|one field discard|to fields but bad date 2015-08-11 18:42:49|command|root@fibonacci|'/Local/ma/zypp/BUILD/zypper/src/zypper' 'in' '-f' 'xteddy'| +2011-07-18 18:08:09|pstate|patch-name|2.6.37.6-0.5.1|noarch|repo-update|moderate|security|needed|satisfied diff --git a/zypp/HistoryLog.cc b/zypp/HistoryLog.cc index c85c46d..7911326 100644 --- a/zypp/HistoryLog.cc +++ b/zypp/HistoryLog.cc @@ -231,9 +231,8 @@ namespace zypp void HistoryLog::install( const PoolItem & pi ) { + if ( ! pi.isKind() ) return; const Package::constPtr p = asKind(pi.resolvable()); - if (!p) - return; _log << timestamp() // 1 timestamp @@ -260,9 +259,8 @@ namespace zypp void HistoryLog::remove( const PoolItem & pi ) { + if ( ! pi.isKind() ) return; const Package::constPtr p = asKind(pi.resolvable()); - if (!p) - return; _log << timestamp() // 1 timestamp @@ -334,6 +332,26 @@ namespace zypp } } + void HistoryLog::patchStateChange( const PoolItem & pi, const std::string &oldstate ) + { + if ( ! pi.isKind() ) return; + const Patch::constPtr p = asKind(pi.resolvable()); + + _log + << timestamp() // 1 timestamp + << _sep << HistoryActionID::PATCH_STATE_CHANGE.asString(true) // 2 action + << _sep << p->name() // 3 name + << _sep << p->edition() // 4 evr + << _sep << p->arch() // 5 arch + << _sep << p->repoInfo().alias() // 6 repo alias + << _sep << p->severity() // 7 severity + << _sep << p->category() // 8 category + << _sep << oldstate // 9 old state + << _sep << pi.patchStatusAsString() // 10 new state + << _sep << str::escape(ZConfig::instance().userData(), _sep) // 11 userdata + << endl; + } + /////////////////////////////////////////////////////////////////// } // namespace zypp diff --git a/zypp/HistoryLog.h b/zypp/HistoryLog.h index de18f23..d956a39 100644 --- a/zypp/HistoryLog.h +++ b/zypp/HistoryLog.h @@ -122,6 +122,14 @@ namespace zypp * \param newrepo info about the new repository */ void modifyRepository( const RepoInfo & oldrepo, const RepoInfo & newrepo ); + + /** + * Log state changes in patches + * + * \param oldstate info about the old state + */ + void patchStateChange ( const PoolItem & pi, const std::string &oldstate ); + }; /////////////////////////////////////////////////////////////////// diff --git a/zypp/HistoryLogData.cc b/zypp/HistoryLogData.cc index e5e44fd..bc9e396 100644 --- a/zypp/HistoryLogData.cc +++ b/zypp/HistoryLogData.cc @@ -40,6 +40,7 @@ namespace zypp const HistoryActionID HistoryActionID::REPO_CHANGE_ALIAS (HistoryActionID::REPO_CHANGE_ALIAS_e); const HistoryActionID HistoryActionID::REPO_CHANGE_URL (HistoryActionID::REPO_CHANGE_URL_e); const HistoryActionID HistoryActionID::STAMP_COMMAND (HistoryActionID::STAMP_COMMAND_e); + const HistoryActionID HistoryActionID::PATCH_STATE_CHANGE (HistoryActionID::PATCH_STATE_CHANGE_e); HistoryActionID::HistoryActionID(const std::string & strval_r) : _id(parse(strval_r)) @@ -59,6 +60,7 @@ namespace zypp _table["ralias"] = REPO_CHANGE_ALIAS_e; _table["rurl"] = REPO_CHANGE_URL_e; _table["command"] = STAMP_COMMAND_e; + _table["pstate"] = PATCH_STATE_CHANGE_e; _table["NONE"] = _table["none"] = NONE_e; } @@ -86,6 +88,7 @@ namespace zypp _table[REPO_CHANGE_ALIAS_e] = PairType( "ralias" , "ralias " ); _table[REPO_CHANGE_URL_e] = PairType( "rurl" , "rurl " ); _table[STAMP_COMMAND_e] = PairType( "command" , "command" ); + _table[PATCH_STATE_CHANGE_e]= PairType( "pstate" , "pstate " ); _table[NONE_e] = PairType( "NONE" , "NONE " ); } @@ -192,6 +195,7 @@ namespace zypp OUTS( REPO_CHANGE_ALIAS_e, HistoryLogDataRepoAliasChange ); OUTS( REPO_CHANGE_URL_e, HistoryLogDataRepoUrlChange ); OUTS( STAMP_COMMAND_e, HistoryLogDataStampCommand ); + OUTS( PATCH_STATE_CHANGE_e, HistoryLogPatchStateChange ); #undef OUTS // intentionally no default: case HistoryActionID::NONE_e: @@ -248,6 +252,22 @@ namespace zypp CheckSum HistoryLogDataInstall::checksum() const { return optionalAt( CHEKSUM_INDEX ); } std::string HistoryLogDataInstall::userdata() const { return optionalAt( USERDATA_INDEX ); } + /////////////////////////////////////////////////////////////////// + // class HistoryLogPatchStateChange + /////////////////////////////////////////////////////////////////// + HistoryLogPatchStateChange::HistoryLogPatchStateChange( FieldVector & fields_r ) + : HistoryLogData( fields_r ) + {} + std::string HistoryLogPatchStateChange::name() const { return optionalAt( NAME_INDEX ); } + Edition HistoryLogPatchStateChange::edition() const { return Edition( optionalAt( EDITION_INDEX ) ); } + Arch HistoryLogPatchStateChange::arch() const { return Arch( optionalAt( ARCH_INDEX ) ); } + std::string HistoryLogPatchStateChange::repoAlias() const { return optionalAt( REPOALIAS_INDEX ); } + Patch::SeverityFlag HistoryLogPatchStateChange::severity() const { return Patch::severityFlag( optionalAt( SEVERITY_INDEX ) ); } + Patch::Category HistoryLogPatchStateChange::category() const { return Patch::categoryEnum( optionalAt( CATEGORY_INDEX ) ); } + string HistoryLogPatchStateChange::oldstate() const { return optionalAt( OLDSTATE_INDEX ); } + string HistoryLogPatchStateChange::newstate() const { return optionalAt( NEWSTATE_INDEX ); } + std::string HistoryLogPatchStateChange::userdata() const { return optionalAt( USERDATA_INDEX ); } + /////////////////////////////////////////////////////////////////// // class HistoryLogDataRemove /////////////////////////////////////////////////////////////////// diff --git a/zypp/HistoryLogData.h b/zypp/HistoryLogData.h index 515acb8..dcdce91 100644 --- a/zypp/HistoryLogData.h +++ b/zypp/HistoryLogData.h @@ -21,6 +21,7 @@ #include "zypp/Arch.h" #include "zypp/CheckSum.h" #include "zypp/Url.h" +#include "zypp/Patch.h" #define HISTORY_LOG_DATE_FORMAT "%Y-%m-%d %H:%M:%S" @@ -44,6 +45,7 @@ namespace zypp static const HistoryActionID REPO_CHANGE_ALIAS; static const HistoryActionID REPO_CHANGE_URL; static const HistoryActionID STAMP_COMMAND; + static const HistoryActionID PATCH_STATE_CHANGE; enum ID { @@ -55,7 +57,8 @@ namespace zypp REPO_REMOVE_e, REPO_CHANGE_ALIAS_e, REPO_CHANGE_URL_e, - STAMP_COMMAND_e + STAMP_COMMAND_e, + PATCH_STATE_CHANGE_e }; HistoryActionID() : _id(NONE_e) {} @@ -227,6 +230,51 @@ namespace zypp std::string userdata() const; ///< userdata/transactionID }; + //PATCH SEVERITY CATEGORY OLDSTATE NEWSTATE + /////////////////////////////////////////////////////////////////// + /// \class HistoryLogPatchStateChange + /// \brief A zypp history log line for an installed packaged. + /// \ingroup g_ZyppHistory + /////////////////////////////////////////////////////////////////// + class HistoryLogPatchStateChange : public HistoryLogData + { + public: + typedef shared_ptr Ptr; + typedef shared_ptr constPtr; + /** Ctor \b moving \a FieldVector (via swap). + * \throws ParseException if \a fields_r has the wrong \ref HistoryActionID or number of fields. + */ + HistoryLogPatchStateChange( FieldVector & fields_r ); + + public: + enum Index ///< indices of known fields + { + DATE_INDEX = HistoryLogData::DATE_INDEX, + ACTION_INDEX = HistoryLogData::ACTION_INDEX, + NAME_INDEX, ///< patch name + EDITION_INDEX, ///< patch edition + ARCH_INDEX, ///< patch architecture + REPOALIAS_INDEX, ///< repository providing the patch + SEVERITY_INDEX, ///< patch severity + CATEGORY_INDEX, ///< patch category + OLDSTATE_INDEX, ///< the state of the patch before the change + NEWSTATE_INDEX, ///< the state of the patch after the change + USERDATA_INDEX, ///< userdata/transactionID + }; + + public: + std::string name() const; ///< package name + Edition edition() const; ///< package edition + Arch arch() const; ///< package architecture + std::string repoAlias() const; ///< repository providing the package + Patch::SeverityFlag severity() const; + Patch::Category category() const; + std::string oldstate() const; + std::string newstate() const; + std::string userdata() const; ///< userdata/transactionID + }; + + /////////////////////////////////////////////////////////////////// /// \class HistoryLogDataRemove /// \brief A zypp history log line for a removed packge. diff --git a/zypp/PathInfo.cc b/zypp/PathInfo.cc index cf1efa7..add273e 100644 --- a/zypp/PathInfo.cc +++ b/zypp/PathInfo.cc @@ -1149,6 +1149,33 @@ namespace zypp return logResult( 0 ); } + int assert_file_mode( const Pathname & path, unsigned mode ) + { + int ret = assert_dir( path.dirname() ); + MIL << "assert_file_mode " << str::octstring( mode ) << " " << path; + if ( ret != 0 ) + return logResult( ret ); + + PathInfo pi( path ); + if ( pi.isExist() ) + { + if ( ! pi.isFile() ) + return logResult( EEXIST ); + + mode = applyUmaskTo( mode ); + if ( pi.st_mode() != mode ) + return chmod( path, mode ); + + return logResult( 0 ); + } + + int fd = ::creat( path.c_str(), mode ); + if ( fd == -1 ) + return logResult( errno ); + ::close( fd ); + return logResult( 0 ); + } + /////////////////////////////////////////////////////////////////// // // METHOD NAME : touch diff --git a/zypp/PathInfo.h b/zypp/PathInfo.h index 74baf03..3324897 100644 --- a/zypp/PathInfo.h +++ b/zypp/PathInfo.h @@ -581,6 +581,10 @@ namespace zypp * @return 0 on success, errno on failure **/ int assert_file( const Pathname & path, unsigned mode = 0644 ); + /** + * Like \ref assert_file but enforce \a mode even if the file already exists. + */ + int assert_file_mode( const Pathname & path, unsigned mode = 0644 ); /** * Change file's modification and access times. diff --git a/zypp/PoolItem.cc b/zypp/PoolItem.cc index b5dad75..5efda63 100644 --- a/zypp/PoolItem.cc +++ b/zypp/PoolItem.cc @@ -100,6 +100,17 @@ namespace zypp return isBroken() && status().isLocked(); } + std::string patchStatusAsString() const + { + if ( isUndetermined() ) return "undetermined"; + if ( isRelevant() ) return "relevant"; + if ( isSatisfied() ) return "satisfied"; + if ( isBroken() ) return "broken"; + if ( isNeeded() ) return "needed"; + if ( isUnwanted() ) return "unwanted"; + return "none"; + } + private: mutable ResStatus _status; ResObject::constPtr _resolvable; @@ -211,6 +222,8 @@ namespace zypp bool PoolItem::isBroken() const { return _pimpl->isBroken(); } bool PoolItem::isNeeded() const { return _pimpl->isNeeded(); } bool PoolItem::isUnwanted() const { return _pimpl->isUnwanted(); } + std::string PoolItem::patchStatusAsString() const { return _pimpl->patchStatusAsString(); } + void PoolItem::saveState() const { _pimpl->saveState(); } void PoolItem::restoreState() const { _pimpl->restoreState(); } bool PoolItem::sameState() const { return _pimpl->sameState(); } diff --git a/zypp/PoolItem.h b/zypp/PoolItem.h index 8b5e946..e137832 100644 --- a/zypp/PoolItem.h +++ b/zypp/PoolItem.h @@ -104,6 +104,9 @@ namespace zypp /** Broken (needed) but locked patches. */ bool isUnwanted() const; + + std::string patchStatusAsString () const; + //@} //@} diff --git a/zypp/media/MediaCurl.cc b/zypp/media/MediaCurl.cc index 0ec85c6..c244896 100644 --- a/zypp/media/MediaCurl.cc +++ b/zypp/media/MediaCurl.cc @@ -847,6 +847,7 @@ void MediaCurl::setupEasy() *---------------------------------------------------------------*/ _currentCookieFile = _cookieFile.asString(); + filesystem::assert_file_mode( _currentCookieFile, 0600 ); if ( str::strToBool( _url.getQueryParam( "cookies" ), true ) ) SET_OPTION(CURLOPT_COOKIEFILE, _currentCookieFile.c_str() ); else -- 2.7.4