Fix chmod invocation

Resolves: CVE-2022-3560 Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2023-01-18 19:27:39 +00:00 · 2023-01-18 19:27:39 +00:00 · 5365f3ac5d
commit 5365f3ac5d
parent 4774e9d249
2 changed files with 7 additions and 3 deletions
--- a/0006-Use-normal-file-permissions-instead-of-ACLs.patch
+++ b/0006-Use-normal-file-permissions-instead-of-ACLs.patch
@ -15,7 +15,7 @@ Signed-off-by: Robbie Harwood <rharwood@redhat.com>
 1 file changed, 3 insertions(+), 47 deletions(-)

 diff --git a/src/pesign-authorize.in b/src/pesign-authorize.in
-index 69797d5..d98657c 100644
+index 69797d5..b4e89e0 100644
 --- a/src/pesign-authorize.in
 +++ b/src/pesign-authorize.in
@@ -2,56 +2,12 @@
@ -76,5 +76,5 @@ index 69797d5..d98657c 100644
 -		:;
 -	fi
 +	chown -R pesign:pesign "${x}" || true
-+	chmod ug+rwX "${x}" || true
+	chmod -R ug+rwX "${x}" || true
 done
--- a/pesign.spec
+++ b/pesign.spec
@ -3,7 +3,7 @@
 Name:    pesign
 Summary: Signing utility for UEFI binaries
 Version: 115
-Release: 5%{?dist}
+Release: 6%{?dist}
 License: GPL-2.0-only
 URL:     https://github.com/rhboot/pesign

@ -162,6 +162,10 @@ certutil -d %{_sysconfdir}/pki/pesign/ -X -L > /dev/null
 %{python3_sitelib}/mockbuild/plugins/pesign.*

 %changelog
+* Wed Jan 18 2023 Robbie Harwood <rharwood@redhat.com> - 115-6
+- Fix chmod invocation
+- Resolves: CVE-2022-3560
+
 * Wed Jan 18 2023 Robbie Harwood <rharwood@redhat.com> - 115-5
 - Deprecate pesign-authorize and drop ACL use
 - Resolves: CVE-2022-3560