deleted file mode 100644

@@ -1,96 +0,0 @@

-From 404ef011c300207cdb1e531670384564aae04bdc Mon Sep 17 00:00:00 2001

-From: Panu Matilainen <pmatilai@redhat.com>

-Date: Tue, 19 Sep 2017 14:46:36 +0300

-Subject: [PATCH] Don't follow symlinks on file creation (CVE-2017-7501)

-

-Open newly created files with O_EXCL to prevent symlink tricks.

-When reopening hardlinks for writing the actual content, use append

-mode instead. This is compatible with the write-only permissions but

-is not destructive in case we got redirected to somebody elses file,

-verify the target before actually writing anything.

-

-As these are files with the temporary suffix, errors mean a local

-user with sufficient privileges to break the installation of the package

-anyway is trying to goof us on purpose, don't bother trying to mend it

-(we couldn't fix the hardlink case anyhow) but just bail out.

-

-Based on a patch by Florian Festi.

- lib/fsm.c | 29 +++++++++++++++++++++++------

- 1 file changed, 23 insertions(+), 6 deletions(-)

-

-diff --git a/lib/fsm.c b/lib/fsm.c

-index 553774b30..e0e9d03a1 100644

-+++ b/lib/fsm.c

-@@ -206,11 +206,22 @@ static int fsmSetFCaps(const char *path, const char *captxt)

-     return rc;

- }

- 

-+/* Check dest is the same, empty and regular file with writeonly permissions */

-+static int linkSane(FD_t wfd, const char *dest)

-+{

-+    struct stat sb, lsb;

-+

-+    return (fstat(Fileno(wfd), &sb) == 0 && sb.st_size == 0 &&

-+	    (sb.st_mode & ~S_IFMT) == S_IWUSR &&

-+	    lstat(dest, &lsb) == 0 && S_ISREG(lsb.st_mode) &&

-+	    sb.st_dev == lsb.st_dev && sb.st_ino == lsb.st_ino);

-+}

-+

- /** \ingroup payload

-  * Create file from payload stream.

-  * @return		0 on success

-  */

--static int expandRegular(rpmfi fi, const char *dest, rpmpsm psm, int nodigest, int nocontent)

-+static int expandRegular(rpmfi fi, const char *dest, rpmpsm psm, int exclusive, int nodigest, int nocontent)

- {

-     FD_t wfd = NULL;

-     int rc = 0;

-@@ -218,8 +229,14 @@ static int expandRegular(rpmfi fi, const char *dest, rpmpsm psm, int nodigest, i

-     /* Create the file with 0200 permissions (write by owner). */

-     {

- 	mode_t old_umask = umask(0577);

--	wfd = Fopen(dest, "w.ufdio");

-+	wfd = Fopen(dest, exclusive ? "wx.ufdio" : "a.ufdio");

- 	umask(old_umask);

-+

-+	/* If reopening, make sure the file is what we expect */

-+	if (!exclusive && wfd != NULL && !linkSane(wfd, dest)) {

-+	    rc = RPMERR_OPEN_FAILED;

-+	    goto exit;

-+	}

-     }

-     if (Ferror(wfd)) {

- 	rc = RPMERR_OPEN_FAILED;

-@@ -248,7 +265,7 @@ static int fsmMkfile(rpmfi fi, const char *dest, rpmfiles files,

- 	/* Create first hardlinked file empty */

- 	if (*firsthardlink < 0) {

- 	    *firsthardlink = rpmfiFX(fi);

--	    rc = expandRegular(fi, dest, psm, nodigest, 1);

-+	    rc = expandRegular(fi, dest, psm, 1, nodigest, 1);

- 	} else {

- 	    /* Create hard links for others */

- 	    char *fn = rpmfilesFN(files, *firsthardlink);

-@@ -263,10 +280,10 @@ static int fsmMkfile(rpmfi fi, const char *dest, rpmfiles files,

-        existing) file with content */

-     if (numHardlinks<=1) {

- 	if (!rc)

--	    rc = expandRegular(fi, dest, psm, nodigest, 0);

-+	    rc = expandRegular(fi, dest, psm, 1, nodigest, 0);

-     } else if (rpmfiArchiveHasContent(fi)) {

- 	if (!rc)

--	    rc = expandRegular(fi, dest, psm, nodigest, 0);

-+	    rc = expandRegular(fi, dest, psm, 0, nodigest, 0);

- 	*firsthardlink = -1;

-     } else {

- 	*setmeta = 0;

-@@ -939,7 +956,7 @@ int rpmPackageFilesInstall(rpmts ts, rpmte te, rpmfiles files,

- 	    /* we skip the hard linked file containing the content */

- 	    /* write the content to the first used instead */

- 	    char *fn = rpmfilesFN(files, firsthardlink);

--	    rc = expandRegular(fi, fn, psm, nodigest, 0);

-+	    rc = expandRegular(fi, fn, psm, 0, nodigest, 0);

- 	    firsthardlink = -1;

- 	    free(fn);

- 	}

@@ -3,22 +3,21 @@

 Summary:        Package manager

 Name:           rpm

-Version:        4.13.0.1

-Release:        4%{?dist}

+Version:        4.13.0.2

+Release:        1%{?dist}

 License:        GPLv2+

 URL:            http://rpm.org

 Group:          Applications/System

 Vendor:         VMware, Inc.

 Distribution:   Photon

-Source0:        https://github.com/rpm-software-management/rpm/archive/%{name}-%{version}-release.tar.gz

-%define sha1    rpm=2119489397d7e4da19320ef9330ab717ac05587d

+Source0:        http://ftp.rpm.org/releases/rpm-4.13.x/%{name}-%{version}.tar.bz2

+%define sha1    rpm=9d6da0750184d8d077b4c28bb0ce171aef4da70b

 Source1:        http://download.oracle.com/berkeley-db/db-5.3.28.tar.gz

 %define sha1    db=fa3f8a41ad5101f43d08bc0efb6241c9b6fc1ae9

 Source2:        rpm-system-configuring-scripts-2.2.tar.gz

 %define sha1 rpm-system-configuring-scripts=9461cdc0b65f7ecc244bfa09886b4123e55ab5a8

 Patch1:         find-debuginfo-do-not-generate-non-existing-build-id.patch

 Patch2:         find-debuginfo-do-not-generate-dir-entries.patch

-Patch3:         rpm-CVE-2017-7501.patch

 #Requires:      nspr

 Requires:       nss 

 Requires:       popt

@@ -73,13 +72,12 @@ Requires:       python3

 Python3 rpm.

 %prep

-%setup -n rpm-%{name}-%{version}-release

-%setup -n rpm-%{name}-%{version}-release -T -D -a 1

-%setup -n rpm-%{name}-%{version}-release -T -D -a 2

+%setup -n %{name}-%{version}

+%setup -n %{name}-%{version} -T -D -a 1

+%setup -n %{name}-%{version} -T -D -a 2

 mv db-5.3.28 db

 %patch1 -p1

 %patch2 -p1

-%patch3 -p1

 %build

 sed -i '/define _GNU_SOURCE/a #include "../config.h"' tools/sepdebugcrcfix.c

@@ -240,6 +238,9 @@ rm -rf %{buildroot}

 %{python3_sitelib}/*

 %changelog

+*   Sat Nov 03 2018 Tapas Kundu <tkundu@vmware.com> 4.13.0.2-1

+-   Updated to 4.13.0.2

+-   Fix CVE-2017-7501 and CVE-2017-7500

 *   Thu Dec 21 2017 Xiaolin Li <xiaolinl@vmware.com> 4.13.0.1-4

 -   Fix CVE-2017-7501

 *    Mon Dec 04 2017 Kumar Kaushik <kaushikk@vmware.com> 4.13.0.1-3