From f1a8cd5699d45e56d23be056f992803b0d4d07c2d1e4ad99ce1829cffd70ed6b Mon Sep 17 00:00:00 2001
From: Takashi Iwai <tiwai@suse.com>
Date: Mon, 16 Jan 2017 15:36:03 +0000
Subject: [PATCH] - Update to version 0.9.44.4:   * --bandwidth root shell
 found by Martin Carpenter (CVE-2017-5207)   * disabled --allow-debuggers when
 running on kernel versions prior     to 4.8; a kernel bug in ptrace system
 call allows a full bypass     of seccomp filter; problem reported by Lizzie
 Dixon (CVE-2017-5206)   * root exploit found by Sebastian Krahmer
 (CVE-2017-5180) - Update to version 0.9.44.6:   * new fix for CVE-2017-5180
 reported by Sebastian Krahmer last week   * major cleanup of file copying
 code   * tightening the rules for --chroot and --overlay features   * ported
 Gentoo compile patch   * Nvidia drivers bug in --private-dev   * fix
 ASSERT_PERMS_FD macro   * allow local customization using .local files under
 /etc/firejail     backported from our development branch   * spoof machine-id
 backported from our development branch - Remove obsoleted patches:  
 firejail-CVE-2017-5180-fix1.patch   firejail-CVE-2017-5180-fix2.patch

OBS-URL: https://build.opensuse.org/package/show/Virtualization/firejail?expand=0&rev=6
---
 firejail-0.9.44.2.tar.xz          |   3 -
 firejail-0.9.44.6.tar.xz          |   3 +
 firejail-CVE-2017-5180-fix1.patch |  72 --------
 firejail-CVE-2017-5180-fix2.patch | 268 ------------------------------
 firejail.changes                  |  23 +++
 firejail.spec                     |   6 +-
 6 files changed, 27 insertions(+), 348 deletions(-)
 delete mode 100644 firejail-0.9.44.2.tar.xz
 create mode 100644 firejail-0.9.44.6.tar.xz
 delete mode 100644 firejail-CVE-2017-5180-fix1.patch
 delete mode 100644 firejail-CVE-2017-5180-fix2.patch

diff --git a/firejail-0.9.44.2.tar.xz b/firejail-0.9.44.2.tar.xz
deleted file mode 100644
index a34a708..0000000
--- a/firejail-0.9.44.2.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:c5adef1943daa33049c4c39e5a19a0d02b897f1b1581be094ec600490dde8851
-size 213092
diff --git a/firejail-0.9.44.6.tar.xz b/firejail-0.9.44.6.tar.xz
new file mode 100644
index 0000000..339e29c
--- /dev/null
+++ b/firejail-0.9.44.6.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:6f7b1c3e497d90a5ed21465991727a8099af3839b8642cc17c0664962cd55787
+size 214564
diff --git a/firejail-CVE-2017-5180-fix1.patch b/firejail-CVE-2017-5180-fix1.patch
deleted file mode 100644
index 1b38475..0000000
--- a/firejail-CVE-2017-5180-fix1.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-From 60d4b478f65c60bcc825bb56f85fd6c4fd48b250 Mon Sep 17 00:00:00 2001
-From: netblue30 <netblue30@yahoo.com>
-Date: Wed, 4 Jan 2017 11:59:46 -0500
-Subject: [PATCH] security fix
-
----
- src/firejail/fs_home.c    |   14 ++++++++++++++
- src/firejail/pulseaudio.c |   15 +++++++++++++++
- 2 files changed, 29 insertions(+)
-
---- a/src/firejail/fs_home.c
-+++ b/src/firejail/fs_home.c
-@@ -171,6 +171,13 @@ static void copy_xauthority(void) {
- 	char *dest;
- 	if (asprintf(&dest, "%s/.Xauthority", cfg.homedir) == -1)
- 		errExit("asprintf");
-+	
-+	// if destination is a symbolic link, exit the sandbox!!!
-+	if (is_link(dest)) {
-+		fprintf(stderr, "Error: %s is a symbolic link\n", dest);
-+		exit(1);
-+	}
-+
- 	// copy, set permissions and ownership
- 	int rv = copy_file(src, dest, getuid(), getgid(), S_IRUSR | S_IWUSR);
- 	if (rv)
-@@ -189,6 +196,13 @@ static void copy_asoundrc(void) {
- 	char *dest;
- 	if (asprintf(&dest, "%s/.asoundrc", cfg.homedir) == -1)
- 		errExit("asprintf");
-+	
-+	// if destination is a symbolic link, exit the sandbox!!!
-+	if (is_link(dest)) {
-+		fprintf(stderr, "Error: %s is a symbolic link\n", dest);
-+		exit(1);
-+	}
-+
- 	// copy, set permissions and ownership
- 	int rv = copy_file(src, dest, getuid(), getgid(), S_IRUSR | S_IWUSR);
- 	if (rv)
---- a/src/firejail/pulseaudio.c
-+++ b/src/firejail/pulseaudio.c
-@@ -138,7 +138,15 @@ void pulseaudio_init(void) {
- 			(void) rv;
- 		}
- 	}
-+	else {
-+		// make sure the directory is owned by the user
-+		if (s.st_uid != getuid()) {
-+			fprintf(stderr, "Error: user .config directory is not owned by the current user\n");
-+			exit(1);
-+		}
-+	}
- 	free(dir1);
-+	
- 	if (asprintf(&dir1, "%s/.config/pulse", cfg.homedir) == -1)
- 		errExit("asprintf");
- 	if (stat(dir1, &s) == -1) {
-@@ -150,6 +158,13 @@ void pulseaudio_init(void) {
- 			(void) rv;
- 		}
- 	}
-+	else {
-+		// make sure the directory is owned by the user
-+		if (s.st_uid != getuid()) {
-+			fprintf(stderr, "Error: user .config/pulse directory is not owned by the current user\n");
-+			exit(1);
-+		}
-+	}
- 	free(dir1);
- 	
- 	
diff --git a/firejail-CVE-2017-5180-fix2.patch b/firejail-CVE-2017-5180-fix2.patch
deleted file mode 100644
index 9062d12..0000000
--- a/firejail-CVE-2017-5180-fix2.patch
+++ /dev/null
@@ -1,268 +0,0 @@
-From e74fdab5d2125ce8f058c1630ce7cce19cbdac16 Mon Sep 17 00:00:00 2001
-From: netblue30 <netblue30@yahoo.com>
-Date: Wed, 4 Jan 2017 18:13:45 -0500
-Subject: [PATCH] security fixes
-
----
- src/firejail/fs_home.c    |  118 +++++++++++++++++++++++++++++++++++++---------
- src/firejail/pulseaudio.c |   47 +++++++++++++-----
- src/firejail/util.c       |    4 -
- 3 files changed, 134 insertions(+), 35 deletions(-)
-
---- a/src/firejail/fs_home.c
-+++ b/src/firejail/fs_home.c
-@@ -108,6 +108,14 @@ static int store_xauthority(void) {
- 
- 	char *src;
- 	char *dest = RUN_XAUTHORITY_FILE;
-+	// create an empty file 
-+	FILE *fp = fopen(dest, "w");
-+	if (fp) {
-+		fprintf(fp, "\n");
-+		SET_PERMS_STREAM(fp, getuid(), getgid(), 0600);
-+		fclose(fp);
-+	}
-+	
- 	if (asprintf(&src, "%s/.Xauthority", cfg.homedir) == -1)
- 		errExit("asprintf");
- 	
-@@ -117,12 +125,28 @@ static int store_xauthority(void) {
- 			fprintf(stderr, "Warning: invalid .Xauthority file\n");
- 			return 0;
- 		}
--			
--		int rv = copy_file(src, dest, -1, -1, 0600);
--		if (rv) {
--			fprintf(stderr, "Warning: cannot transfer .Xauthority in private home directory\n");
--			return 0;
-+
-+		pid_t child = fork();
-+		if (child < 0)
-+			errExit("fork");
-+		if (child == 0) {
-+			// drop privileges
-+			drop_privs(0);
-+	
-+			// copy, set permissions and ownership
-+			int rv = copy_file(src, dest, getuid(), getgid(), 0600);
-+			if (rv)
-+				fprintf(stderr, "Warning: cannot transfer .Xauthority in private home directory\n");
-+			else {
-+				fs_logger2("clone", dest);
-+			}
-+#ifdef HAVE_GCOV
-+			__gcov_flush();
-+#endif
-+			_exit(0);
- 		}
-+		// wait for the child to finish
-+		waitpid(child, NULL, 0);
- 		return 1; // file copied
- 	}
- 	
-@@ -135,6 +159,14 @@ static int store_asoundrc(void) {
- 
- 	char *src;
- 	char *dest = RUN_ASOUNDRC_FILE;
-+	// create an empty file 
-+	FILE *fp = fopen(dest, "w");
-+	if (fp) {
-+		fprintf(fp, "\n");
-+		SET_PERMS_STREAM(fp, getuid(), getgid(), 0644);
-+		fclose(fp);
-+	}
-+	
- 	if (asprintf(&src, "%s/.asoundrc", cfg.homedir) == -1)
- 		errExit("asprintf");
- 	
-@@ -154,11 +186,27 @@ static int store_asoundrc(void) {
- 			free(rp);
- 		}
- 
--		int rv = copy_file(src, dest, -1, -1, -0644);
--		if (rv) {
--			fprintf(stderr, "Warning: cannot transfer .asoundrc in private home directory\n");
--			return 0;
-+		pid_t child = fork();
-+		if (child < 0)
-+			errExit("fork");
-+		if (child == 0) {
-+			// drop privileges
-+			drop_privs(0);
-+	
-+			// copy, set permissions and ownership
-+			int rv = copy_file(src, dest, getuid(), getgid(), 0644);
-+			if (rv)
-+				fprintf(stderr, "Warning: cannot transfer .asoundrc in private home directory\n");
-+			else {
-+				fs_logger2("clone", dest);
-+			}
-+#ifdef HAVE_GCOV
-+			__gcov_flush();
-+#endif
-+			_exit(0);
- 		}
-+		// wait for the child to finish
-+		waitpid(child, NULL, 0);
- 		return 1; // file copied
- 	}
- 	
-@@ -178,13 +226,27 @@ static void copy_xauthority(void) {
- 		exit(1);
- 	}
- 
--	// copy, set permissions and ownership
--	int rv = copy_file(src, dest, getuid(), getgid(), S_IRUSR | S_IWUSR);
--	if (rv)
--		fprintf(stderr, "Warning: cannot transfer .Xauthority in private home directory\n");
--	else {
--		fs_logger2("clone", dest);
-+	pid_t child = fork();
-+	if (child < 0)
-+		errExit("fork");
-+	if (child == 0) {
-+		// drop privileges
-+		drop_privs(0);
-+
-+		// copy, set permissions and ownership
-+		int rv = copy_file(src, dest, getuid(), getgid(), S_IRUSR | S_IWUSR);
-+		if (rv)
-+			fprintf(stderr, "Warning: cannot transfer .Xauthority in private home directory\n");
-+		else {
-+			fs_logger2("clone", dest);
-+		}
-+#ifdef HAVE_GCOV
-+		__gcov_flush();
-+#endif
-+		_exit(0);
- 	}
-+	// wait for the child to finish
-+	waitpid(child, NULL, 0);
- 	
- 	// delete the temporary file
- 	unlink(src);
-@@ -203,13 +265,27 @@ static void copy_asoundrc(void) {
- 		exit(1);
- 	}
- 
--	// copy, set permissions and ownership
--	int rv = copy_file(src, dest, getuid(), getgid(), S_IRUSR | S_IWUSR);
--	if (rv)
--		fprintf(stderr, "Warning: cannot transfer .asoundrc in private home directory\n");
--	else {
--		fs_logger2("clone", dest);
-+	pid_t child = fork();
-+	if (child < 0)
-+		errExit("fork");
-+	if (child == 0) {
-+		// drop privileges
-+		drop_privs(0);
-+
-+		// copy, set permissions and ownership
-+		int rv = copy_file(src, dest, getuid(), getgid(), S_IRUSR | S_IWUSR);
-+		if (rv)
-+			fprintf(stderr, "Warning: cannot transfer .asoundrc in private home directory\n");
-+		else {
-+			fs_logger2("clone", dest);
-+		}
-+#ifdef HAVE_GCOV
-+		__gcov_flush();
-+#endif
-+		_exit(0);
- 	}
-+	// wait for the child to finish
-+	waitpid(child, NULL, 0);
- 
- 	// delete the temporary file
- 	unlink(src);
---- a/src/firejail/pulseaudio.c
-+++ b/src/firejail/pulseaudio.c
-@@ -21,6 +21,7 @@
- #include <sys/types.h>
- #include <sys/stat.h>
- #include <sys/mount.h>
-+#include <sys/wait.h>
- #include <dirent.h>
- 
- static void disable_file(const char *path, const char *file) {
-@@ -130,13 +131,24 @@ void pulseaudio_init(void) {
- 	if (asprintf(&dir1, "%s/.config", cfg.homedir) == -1)
- 		errExit("asprintf");
- 	if (stat(dir1, &s) == -1) {
--		int rv = mkdir(dir1, 0755);
--		if (rv == 0) {
--			rv = chown(dir1, getuid(), getgid());
--			(void) rv;
--			rv = chmod(dir1, 0755);
--			(void) rv;
-+		pid_t child = fork();
-+		if (child < 0)
-+			errExit("fork");
-+		if (child == 0) {
-+			// drop privileges
-+			drop_privs(0);
-+	
-+			int rv = mkdir(dir1, 0755);
-+			if (rv == 0) {
-+				rv = chown(dir1, getuid(), getgid());
-+				(void) rv;
-+				rv = chmod(dir1, 0755);
-+				(void) rv;
-+			}
-+			_exit(0);
- 		}
-+		// wait for the child to finish
-+		waitpid(child, NULL, 0);
- 	}
- 	else {
- 		// make sure the directory is owned by the user
-@@ -150,13 +162,24 @@ void pulseaudio_init(void) {
- 	if (asprintf(&dir1, "%s/.config/pulse", cfg.homedir) == -1)
- 		errExit("asprintf");
- 	if (stat(dir1, &s) == -1) {
--		int rv = mkdir(dir1, 0700);
--		if (rv == 0) {
--			rv = chown(dir1, getuid(), getgid());
--			(void) rv;
--			rv = chmod(dir1, 0700);
--			(void) rv;
-+		pid_t child = fork();
-+		if (child < 0)
-+			errExit("fork");
-+		if (child == 0) {
-+			// drop privileges
-+			drop_privs(0);
-+	
-+			int rv = mkdir(dir1, 0700);
-+			if (rv == 0) {
-+				rv = chown(dir1, getuid(), getgid());
-+				(void) rv;
-+				rv = chmod(dir1, 0700);
-+				(void) rv;
-+			}
-+			_exit(0);
- 		}
-+		// wait for the child to finish
-+		waitpid(child, NULL, 0);
- 	}
- 	else {
- 		// make sure the directory is owned by the user
---- a/src/firejail/util.c
-+++ b/src/firejail/util.c
-@@ -179,14 +179,14 @@ int copy_file(const char *srcname, const
- 	// open source
- 	int src = open(srcname, O_RDONLY);
- 	if (src < 0) {
--		fprintf(stderr, "Warning: cannot open %s, file not copied\n", srcname);
-+		fprintf(stderr, "Warning: cannot open source file %s, file not copied\n", srcname);
- 		return -1;
- 	}
- 
- 	// open destination
- 	int dst = open(destname, O_CREAT|O_WRONLY|O_TRUNC, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
- 	if (dst < 0) {
--		fprintf(stderr, "Warning: cannot open %s, file not copied\n", destname);
-+		fprintf(stderr, "Warning: cannot open destination file %s, file not copied\n", destname);
- 		close(src);
- 		return -1;
- 	}
diff --git a/firejail.changes b/firejail.changes
index c7b44e6..1546c36 100644
--- a/firejail.changes
+++ b/firejail.changes
@@ -1,3 +1,26 @@
+-------------------------------------------------------------------
+Mon Jan 16 16:33:59 CET 2017 - tiwai@suse.de
+
+- Update to version 0.9.44.4:
+  * --bandwidth root shell found by Martin Carpenter (CVE-2017-5207)
+  * disabled --allow-debuggers when running on kernel versions prior
+    to 4.8; a kernel bug in ptrace system call allows a full bypass
+    of seccomp filter; problem reported by Lizzie Dixon (CVE-2017-5206)
+  * root exploit found by Sebastian Krahmer (CVE-2017-5180)
+- Update to version 0.9.44.6:
+  * new fix for CVE-2017-5180 reported by Sebastian Krahmer last week
+  * major cleanup of file copying code
+  * tightening the rules for --chroot and --overlay features
+  * ported Gentoo compile patch
+  * Nvidia drivers bug in --private-dev
+  * fix ASSERT_PERMS_FD macro
+  * allow local customization using .local files under /etc/firejail
+    backported from our development branch
+  * spoof machine-id backported from our development branch
+- Remove obsoleted patches:
+  firejail-CVE-2017-5180-fix1.patch
+  firejail-CVE-2017-5180-fix2.patch
+
 -------------------------------------------------------------------
 Thu Jan  5 10:38:43 CET 2017 - tiwai@suse.de
 
diff --git a/firejail.spec b/firejail.spec
index e47d03d..3cbed43 100644
--- a/firejail.spec
+++ b/firejail.spec
@@ -17,7 +17,7 @@
 
 
 Name:           firejail
-Version:        0.9.44.2
+Version:        0.9.44.6
 Release:        0
 Summary:        Linux namepaces sandbox program
 License:        GPL-2.0
@@ -25,8 +25,6 @@ Group:          Productivity/Security
 Url:            https://firejail.wordpress.com/
 Source0:        %{name}-%{version}.tar.xz
 Source1:        %{name}.rpmlintrc
-Patch1:         firejail-CVE-2017-5180-fix1.patch
-Patch2:         firejail-CVE-2017-5180-fix2.patch
 BuildRequires:  libapparmor-devel
 BuildRequires:  gcc-c++
 Requires(pre):  permissions
@@ -42,8 +40,6 @@ Linux namespace support. It supports sandboxing specific users upon login.
 
 %prep
 %setup -q
-%patch1 -p1
-%patch2 -p1
 
 %build
 %configure --docdir=%{_docdir}/%{name} \