rpms/pesign
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix chmod invocation

Browse Source 
Resolves: CVE-2022-3560
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
This commit is contained in:
Robbie Harwood 2023-01-18 19:27:39 +00:00
parent 4774e9d249
commit 5365f3ac5d
2 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
0006-Use-normal-file-permissions-instead-of-ACLs.patch
View File

@ -15,7 +15,7 @@ Signed-off-by: Robbie Harwood <rharwood@redhat.com>
1 file changed, 3 insertions(+), 47 deletions(-)
diff --git a/src/pesign-authorize.in b/src/pesign-authorize.in
index 69797d5..d98657c 100644
index 69797d5..b4e89e0 100644
--- a/src/pesign-authorize.in
+++ b/src/pesign-authorize.in
@@ -2,56 +2,12 @@
@ -76,5 +76,5 @@ index 69797d5..d98657c 100644
- :;
- fi
+ chown -R pesign:pesign "${x}" || true
+ chmod ug+rwX "${x}" || true
+ chmod -R ug+rwX "${x}" || true
done

6
pesign.spec
View File

@ -3,7 +3,7 @@
Name: pesign
Summary: Signing utility for UEFI binaries
Version: 115
Release: 5%{?dist}
Release: 6%{?dist}
License: GPL-2.0-only
URL: https://github.com/rhboot/pesign
@ -162,6 +162,10 @@ certutil -d %{_sysconfdir}/pki/pesign/ -X -L > /dev/null
%{python3_sitelib}/mockbuild/plugins/pesign.*
%changelog
* Wed Jan 18 2023 Robbie Harwood <rharwood@redhat.com> - 115-6
- Fix chmod invocation
- Resolves: CVE-2022-3560
* Wed Jan 18 2023 Robbie Harwood <rharwood@redhat.com> - 115-5
- Deprecate pesign-authorize and drop ACL use
- Resolves: CVE-2022-3560