debian/patches/CVE-2017-5188.patch: update

Drop part of the patch which is not related to CVE and causes
obsworker regression, as it cannot fetch worker code from server.
Signed-off-by: Héctor Orón Martínez's avatarHéctor Orón Martínez <hector.oron@collabora.com>
parent f3d060d5
......@@ -2,10 +2,8 @@ Author: Michael Schroeder <mls@suse.de>
Date: Mon Mar 20 10:28:41 2017 +0100
[backend] ignore symlinks in build result
[backend] only allow plain files in cpio_sender
No devices, sockets, directories, symlinks please...
Origin: upstream, https://github.com/openSUSE/open-build-service/commit/00ec3c6f4132422f00d5c15e854755c331ef1661, https://github.com/openSUSE/open-build-service/commit/ba27c91351878bc297ec4baba0bd488a2f3b568d
Origin: upstream, https://github.com/openSUSE/open-build-service/commit/00ec3c6f4132422f00d5c15e854755c331ef1661
Bug: https://bugzilla.suse.com/show_bug.cgi?id=1029824
Bug-Debian: https://bugs.debian.org/900133
--- a/src/backend/bs_worker
......@@ -19,34 +17,3 @@ Bug-Debian: https://bugs.debian.org/900133
push @send, map {"$buildroot/.build.packages/$d/$_"} @files;
}
@send = map {{name => (split('/', $_))[-1], filename => $_}} @send;
--- a/src/backend/BSHTTP.pm
+++ b/src/backend/BSHTTP.pm
@@ -357,13 +357,24 @@ sub cpio_sender {
my $filename = $file->{'filename'};
if (ref($filename)) {
*F = $filename;
- } elsif (!open(F, '<', $filename)) {
- $errors->{'data'} .= "$file->{'name'}: $filename: $!\n";
- next;
+ } else {
+ @s = lstat($filename);
+ if (!@s) {
+ $errors->{'data'} .= "$file->{'name'}: $filename: $!\n";
+ next;
+ }
+ if (-l _ || ! -f _) {
+ $errors->{'data'} .= "$file->{'name'}: $filename: not a plain file\n";
+ next;
+ }
+ if (!open(F, '<', $filename)) {
+ $errors->{'data'} .= "$file->{'name'}: $filename: $!\n";
+ next;
+ }
}
@s = stat(F);
if (!@s) {
- $errors->{'data'} .= "$file->{'name'}: stat: $!\n";
+ $errors->{'data'} .= "$file->{'name'}: fstat: $!\n";
close F unless ref $filename;
next;
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment