iconv: Do not create executable output files (RHEL-103952)

2025-07-23 09:09:13 +02:00 · 2025-07-23 09:09:13 +02:00 · 3ac034a90b
commit 3ac034a90b
parent bec6dd40c6
2 changed files with 56 additions and 1 deletions
--- a/glibc-RHEL-103952.patch
+++ b/glibc-RHEL-103952.patch
@ -0,0 +1,51 @@
+commit cdcf24ee14c27b77744ff52ab3ae852821207eb0
+Author: Florian Weimer <fweimer@redhat.com>
+Date:   Thu Jul 17 14:44:05 2025 +0200
+
+    iconv: iconv -o should not create executable files (bug 33164)
+    
+    The mistake is that open must use 0666 to pick up the umask,
+    and not 0777 (which is required by mkdir).
+    
+    Fixes commit 8ef3cff9d1ceafe369f982d980678d749fb93bd2
+    ("iconv: Support in-place conversions (bug 10460, bug 32033)").
+    
+    Reviewed-by: H.J. Lu <hjl.tools@gmail.com>
+
+diff --git a/iconv/iconv_prog.c b/iconv/iconv_prog.c
+index e3b051a309ff142b..08ea99d6adf6ea86 100644
+--- a/iconv/iconv_prog.c
+++ b/iconv/iconv_prog.c
+@@ -437,7 +437,7 @@ input_error (const char *path)
+ static void
+ open_output_direct (void)
+ {
+-  output_fd = open64 (output_file, O_WRONLY | O_CREAT | O_TRUNC, 0777);
+  output_fd = open64 (output_file, O_WRONLY | O_CREAT | O_TRUNC, 0666);
+   if (output_fd < 0)
+     output_error ();
+ }
+@@ -458,7 +458,7 @@ prepare_output_file (char **argv)
+   else
+     {
+       /* If iconv creates the output file, no overlap is possible.  */
+-      output_fd = open64 (output_file, O_WRONLY | O_CREAT | O_EXCL, 0777);
+      output_fd = open64 (output_file, O_WRONLY | O_CREAT | O_EXCL, 0666);
+       if (output_fd >= 0)
+ 	output_buffer_size = copy_buffer_size;
+       else
+diff --git a/iconv/tst-iconv_prog-buffer.sh b/iconv/tst-iconv_prog-buffer.sh
+index 23098ac56a344c48..562f90fe513e94d7 100644
+--- a/iconv/tst-iconv_prog-buffer.sh
+++ b/iconv/tst-iconv_prog-buffer.sh
+@@ -75,6 +75,10 @@ run_iconv () {
+ }
+ 
+ check_out_expected () {
+    if test -x "$tmp/out" ; then
+	echo "error: iconv output file is executable"
+	failure=true
+    fi
+     if ! cmp -s "$tmp/out" "$tmp/expected" ; then
+         echo "error: iconv output difference" >&$logfd
+         echo "*** expected ***" >&$logfd
--- a/glibc.spec
+++ b/glibc.spec
@ -157,7 +157,7 @@ end \
 Summary: The GNU libc libraries
 Name: glibc
 Version: %{glibcversion}
-Release: 216%{?dist}
+Release: 217%{?dist}

 # In general, GPLv2+ is used by programs, LGPLv2+ is used for
 # libraries.
@ -1321,6 +1321,7 @@ Patch1011: glibc-RHEL-93320-16.patch
 Patch1012: glibc-RHEL-93320-17.patch
 Patch1013: glibc-RHEL-93320-18.patch
 Patch1014: glibc-RHEL-93320-19.patch
+Patch1015: glibc-RHEL-103952.patch

 ##############################################################################
 # Continued list of core "glibc" package information:
@ -3318,6 +3319,9 @@ update_gconv_modules_cache ()
 %endif

 %changelog
+* Wed Jul 23 2025 Florian Weimer  <fweimer@redhat.com> - 2.34-217
+- iconv: Do not create executable output files (RHEL-103952)
+
 * Mon Jul 14 2025 Benjamin Herrenschmidt <benh@amazon.com> - 2.34-216
 - Backport GLIBC_2.35 libc symbols incl. _dl_find_object (RHEL-93320)