Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package targetcli-fb for openSUSE:Factory
checked in at 2023-05-02 16:18:41
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/targetcli-fb (Old)
and /work/SRC/openSUSE:Factory/.targetcli-fb.new.1533 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "targetcli-fb"
Tue May 2 16:18:41 2023 rev:23 rq:1083880 version:2.1.54
Changes:
--------
--- /work/SRC/openSUSE:Factory/targetcli-fb/targetcli-fb.changes
2021-06-11 00:19:37.033415276 +0200
+++ /work/SRC/openSUSE:Factory/.targetcli-fb.new.1533/targetcli-fb.changes
2023-05-02 16:21:46.714789685 +0200
@@ -1,0 +2,8 @@
+Tue Apr 25 17:20:02 UTC 2023 - Lee Duncan <ldun...@suse.com>
+
+- Added one upstream commit for CVE-2020-13867 (bsc#1172743),
+ part 2. This time, only modify permisssions on directory where
+ config is stored if it is /etc/target, adding patch:
+ * Fix-changing-savedir-directory-mode.patch
+
+-------------------------------------------------------------------
New:
----
Fix-changing-savedir-directory-mode.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ targetcli-fb.spec ++++++
--- /var/tmp/diff_new_pack.VNSoKF/_old 2023-05-02 16:21:49.258804770 +0200
+++ /var/tmp/diff_new_pack.VNSoKF/_new 2023-05-02 16:21:49.262804794 +0200
@@ -1,7 +1,7 @@
#
# spec file for package targetcli-fb
#
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -41,7 +41,7 @@
Requires: python-six
Requires: targetcli-fb-common
Requires(post): update-alternatives
-Requires(postun): update-alternatives
+Requires(postun):update-alternatives
%if "%{python_flavor}" == "python3" || "%{?python_provides}" == "python3"
Provides: targetcli = %{version}-%{release}
Provides: targetcli-fb = %{version}-%{release}
@@ -60,6 +60,9 @@
Patch1: Split-out-blockdev-readonly-state-detection-helper.patch
Patch2: rbd-support.patch
+# upstream
+Patch3: Fix-changing-savedir-directory-mode.patch
+
%python_subpackages
%description
@@ -88,6 +91,7 @@
# RBD support is dependent on LIO changes present in the SLE/Leap kernel
%patch2 -p1
%endif
+%patch3 -p1
%build
%python_build
++++++ Fix-changing-savedir-directory-mode.patch ++++++
>From b8eb1933d4fdcbe806edead8cfa94879d0fc2015 Mon Sep 17 00:00:00 2001
From: Lee Duncan <ldun...@suse.com>
Date: Mon, 24 Apr 2023 10:34:39 -0700
Subject: [PATCH] Fix changing savedir directory mode
Commit 9f5764dac39b ("saveconfig: set right perms on /etc/target/ dir")
fixed CVE-2020-13867 by ensuring that the mode of the target
meta-data directory (/etc/target) was always mode 0600. But users
can specify a different directory, such as "/tmp", and we don't
want targetcli changing the mode of such directories to 0600. So
only change the mode of the directory, when saving a config file,
if the directory is /etc/target.
---
targetcli/ui_root.py | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/targetcli/ui_root.py b/targetcli/ui_root.py
index 39e5ee99c342..79ee985ba935 100644
--- a/targetcli/ui_root.py
+++ b/targetcli/ui_root.py
@@ -34,8 +34,9 @@ from .ui_backstore import complete_path, UIBackstores
from .ui_node import UINode
from .ui_target import UIFabricModule
-default_save_file = "/etc/target/saveconfig.json"
-universal_prefs_file = "/etc/target/targetcli.conf"
+default_target_dir = "/etc/target"
+default_save_file = os.path.join(default_target_dir, "saveconfig.json")
+universal_prefs_file = os.path.join(default_target_dir, "targetcli.conf")
class UIRoot(UINode):
'''
@@ -112,8 +113,9 @@ class UIRoot(UINode):
finally:
os.umask(umask_original)
else:
- if (os.stat(dirname).st_mode & 0o777) != mode:
- os.chmod(dirname, mode)
+ if dirname == default_target_dir:
+ if (os.stat(dirname).st_mode & 0o777) != mode:
+ os.chmod(dirname, mode)
def _save_backups(self, savefile):
'''
--
2.35.3
