rebase to 2.6.0 to fix the following CVEs
- CVE-2026-54371 - Symlink Traversal Privilege Escalation via getfattr Resolves: RHEL-186129
This commit is contained in:
parent
4b5ba62b0b
commit
cc2e000746
6
.gitignore
vendored
6
.gitignore
vendored
@ -1,3 +1,3 @@
|
||||
/attr-2.[45].*.tar.gz
|
||||
/attr-2.5.*.tar.xz
|
||||
/attr-2.5.*.tar.xz.sig
|
||||
/attr-2.*.*.tar.gz
|
||||
/attr-2.*.*.tar.xz
|
||||
/attr-2.*.*.tar.xz.sig
|
||||
|
||||
@ -24,7 +24,7 @@ index dcbc12c..7361fbd 100644
|
||||
+# regardless of the specified action.
|
||||
|
||||
system.nfs4_acl permissions
|
||||
system.nfs4acl permissions
|
||||
system.posix_acl_access permissions
|
||||
--
|
||||
2.20.1
|
||||
|
||||
@ -50,12 +50,11 @@ diff --git a/xattr.conf b/xattr.conf
|
||||
index 7361fbd..1ac5b2f 100644
|
||||
--- a/xattr.conf
|
||||
+++ b/xattr.conf
|
||||
@@ -11,8 +11,6 @@
|
||||
@@ -11,7 +11,6 @@
|
||||
# skip all extended attributes that are matched by any of the below patterns,
|
||||
# regardless of the specified action.
|
||||
|
||||
-system.nfs4_acl permissions
|
||||
-system.nfs4acl permissions
|
||||
system.posix_acl_access permissions
|
||||
system.posix_acl_default permissions
|
||||
trusted.SGI_ACL_DEFAULT skip # xfs specific
|
||||
|
||||
13
attr.spec
13
attr.spec
@ -1,13 +1,13 @@
|
||||
Summary: Utilities for managing filesystem extended attributes
|
||||
Name: attr
|
||||
Version: 2.5.2
|
||||
Release: 5%{?dist}
|
||||
Version: 2.6.0
|
||||
Release: 2%{?dist}
|
||||
Source0: https://download.savannah.nongnu.org/releases/attr/attr-%{version}.tar.xz
|
||||
Source1: https://download.savannah.nongnu.org/releases/attr/attr-%{version}.tar.xz.sig
|
||||
# Retreived from https://savannah.nongnu.org/people/viewgpg.php?user_id=15000
|
||||
# Source2: agruen-key.gpg
|
||||
Source2: agruen-key.gpg
|
||||
# Retrieved from https://savannah.nongnu.org/people/viewgpg.php?user_id=42032
|
||||
Source2: vapier-key.gpg
|
||||
# Source2: vapier-key.gpg
|
||||
|
||||
# xattr.conf: remove entries for NFSv4 ACLs namespaces (#1031423)
|
||||
# https://lists.nongnu.org/archive/html/acl-devel/2019-03/msg00000.html
|
||||
@ -77,7 +77,6 @@ sed -e 's|test/root/getfattr.test||' \
|
||||
|
||||
%build
|
||||
%configure
|
||||
%make_build -C po ka.gmo
|
||||
%make_build
|
||||
|
||||
%check
|
||||
@ -125,6 +124,10 @@ ln -fs ../sys/xattr.h $RPM_BUILD_ROOT%{_includedir}/attr/xattr.h
|
||||
%config(noreplace) %{_sysconfdir}/xattr.conf
|
||||
|
||||
%changelog
|
||||
* Mon Jul 13 2026 Lukáš Zaoral <lzaoral@redhat.com> - 2.6.0-2
|
||||
- rebase to 2.6.0 to fix the following CVEs:
|
||||
- CVE-2026-54371 - Symlink Traversal Privilege Escalation via getfattr
|
||||
|
||||
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 2.5.2-5
|
||||
- Bump release for October 2024 mass rebuild:
|
||||
Resolves: RHEL-64018
|
||||
|
||||
4
sources
4
sources
@ -1,2 +1,2 @@
|
||||
SHA512 (attr-2.5.2.tar.xz) = f587ea544effb7cfed63b3027bf14baba2c2dbe3a9b6c0c45fc559f7e8cb477b3e9a4a826eae30f929409468c50d11f3e7dc6d2500f41e1af8662a7e96a30ef3
|
||||
SHA512 (attr-2.5.2.tar.xz.sig) = 36a816b8b8bcb392efb153f92a687688526195942011469dca48a317336f7be84cb607d74c5336e7b383a304151a81508606e7ac39731ea50b5f75b8e9102724
|
||||
SHA512 (attr-2.6.0.tar.xz) = 870d0c34fbaa7520aad058ecd6509fe8eddd17430781a16d1e80484d4947307a7c641f0449183cbac1da611a85f82c9bee2d2d7bff76170fc2195b123100d22e
|
||||
SHA512 (attr-2.6.0.tar.xz.sig) = 4db494f751a1c99d100593b7405e419275e5763cb9af335f3a26a098c7fd87710e36df9055148525c4072be77971f41552d7d9a8de09f01807270ea10d40b513
|
||||
|
||||
Loading…
Reference in New Issue
Block a user