iconv: Do not create executable output files (RHEL-104151)

Resolves: RHEL-104151
2025-07-23 09:14:49 +02:00 · 2025-07-23 09:14:49 +02:00 · e8f76ede2b
commit e8f76ede2b
parent 4e827a476b
2 changed files with 56 additions and 1 deletions
--- a/glibc-RHEL-104151.patch
+++ b/glibc-RHEL-104151.patch
@ -0,0 +1,51 @@
+commit cdcf24ee14c27b77744ff52ab3ae852821207eb0
+Author: Florian Weimer <fweimer@redhat.com>
+Date:   Thu Jul 17 14:44:05 2025 +0200
+
+    iconv: iconv -o should not create executable files (bug 33164)
+    
+    The mistake is that open must use 0666 to pick up the umask,
+    and not 0777 (which is required by mkdir).
+    
+    Fixes commit 8ef3cff9d1ceafe369f982d980678d749fb93bd2
+    ("iconv: Support in-place conversions (bug 10460, bug 32033)").
+    
+    Reviewed-by: H.J. Lu <hjl.tools@gmail.com>
+
+diff --git a/iconv/iconv_prog.c b/iconv/iconv_prog.c
+index a2f1d34e4579f80f..30ebfa0696db1635 100644
+--- a/iconv/iconv_prog.c
+++ b/iconv/iconv_prog.c
+@@ -436,7 +436,7 @@ input_error (const char *path)
+ static void
+ open_output_direct (void)
+ {
+-  output_fd = open64 (output_file, O_WRONLY | O_CREAT | O_TRUNC, 0777);
+  output_fd = open64 (output_file, O_WRONLY | O_CREAT | O_TRUNC, 0666);
+   if (output_fd < 0)
+     output_error ();
+ }
+@@ -457,7 +457,7 @@ prepare_output_file (char **argv)
+   else
+     {
+       /* If iconv creates the output file, no overlap is possible.  */
+-      output_fd = open64 (output_file, O_WRONLY | O_CREAT | O_EXCL, 0777);
+      output_fd = open64 (output_file, O_WRONLY | O_CREAT | O_EXCL, 0666);
+       if (output_fd >= 0)
+ 	output_buffer_size = copy_buffer_size;
+       else
+diff --git a/iconv/tst-iconv_prog-buffer.sh b/iconv/tst-iconv_prog-buffer.sh
+index 23098ac56a344c48..562f90fe513e94d7 100644
+--- a/iconv/tst-iconv_prog-buffer.sh
+++ b/iconv/tst-iconv_prog-buffer.sh
+@@ -75,6 +75,10 @@ run_iconv () {
+ }
+ 
+ check_out_expected () {
+    if test -x "$tmp/out" ; then
+	echo "error: iconv output file is executable"
+	failure=true
+    fi
+     if ! cmp -s "$tmp/out" "$tmp/expected" ; then
+         echo "error: iconv output difference" >&$logfd
+         echo "*** expected ***" >&$logfd
--- a/glibc.spec
+++ b/glibc.spec
@ -145,7 +145,7 @@ Version: %{glibcversion}
 # - It allows using the Release number without the %%dist tag in the dependency
 #   generator to make the generated requires interchangeable between Rawhide
 #   and ELN (.elnYY < .fcXX).
-%global baserelease 43
+%global baserelease 44
 Release: %{baserelease}%{?dist}

 # Licenses:
@ -576,6 +576,7 @@ Patch258: glibc-upstream-2.39-211.patch
 Patch259: glibc-RHEL-82285.patch
 Patch260: glibc-RHEL-101754-1.patch
 Patch261: glibc-RHEL-101754-2.patch
+Patch262: glibc-RHEL-104151.patch

 ##############################################################################
 # Continued list of core "glibc" package information:
@ -2573,6 +2574,9 @@ update_gconv_modules_cache ()
 %endif

 %changelog
+* Wed Jul 23 2025 Florian Weimer  <fweimer@redhat.com> - 2.39-44
+- iconv: Do not create executable output files (RHEL-104151)
+
 * Wed Jul 09 2025 Florian Weimer <fweimer@redhat.com> - 2.39-43
 - Rebuild due to SIGNSERVER-1997 (RHEL-102555)