Fix regression in new code
CVE-2005-4889-rpm-fails-to-drop-SUID-SGID-bits-on-package fails with the new code as older glibc versions don't support AT_SYMLINK_NOFOLLOW for fchmodat. Fixed upstream as https://github.com/rpm-software-management/rpm/pull/2759 Resolves: RHEL-9561 RHEL-9563 RHEL-9565
This commit is contained in:
Florian Festi
parent
e91f7f791b
commit
284b6bc6f8
@ -513,7 +513,7 @@ index daf572cf4..e74bb2201 100644
|
||||
if (rc < 0)
|
||||
switch (errno) {
|
||||
case ENOENT: rc = RPMERR_ENOENT; break;
|
||||
@@ -365,172 +288,193 @@
|
||||
@@ -365,172 +288,194 @@
|
||||
return rc;
|
||||
}
|
||||
|
||||
@ -819,9 +819,10 @@ index daf572cf4..e74bb2201 100644
|
||||
- if (lstat(path, &stb) == 0 && S_ISREG(stb.st_mode)) {
|
||||
+ int flags = AT_SYMLINK_NOFOLLOW;
|
||||
+ if (fstatat(dirfd, path, &stb, flags) == 0 && S_ISREG(stb.st_mode)) {
|
||||
+ /* We now know it's not a link so no need to worry about following */
|
||||
if ((stb.st_mode & 06000) != 0) {
|
||||
- (void) chmod(path, stb.st_mode & 0777);
|
||||
+ (void) fchmodat(dirfd, path, stb.st_mode & 0777, flags);
|
||||
+ (void) fchmodat(dirfd, path, stb.st_mode & 0777, 0);
|
||||
}
|
||||
-#if WITH_CAP
|
||||
+#ifdef WITH_CAP
|
||||
|
||||
4
rpm.spec
4
rpm.spec
@ -32,7 +32,7 @@
|
||||
|
||||
%global rpmver 4.14.3
|
||||
#global snapver rc2
|
||||
%global rel 29
|
||||
%global rel 30
|
||||
|
||||
%global srcver %{version}%{?snapver:-%{snapver}}
|
||||
%global srcdir %{?snapver:testing}%{!?snapver:%{name}-%(echo %{version} | cut -d'.' -f1-2).x}
|
||||
@ -707,7 +707,7 @@ make check || cat tests/rpmtests.log
|
||||
%doc doc/librpm/html/*
|
||||
|
||||
%changelog
|
||||
* Tue Nov 07 2023 Florian Festi <ffesti@redhat.com> - 4.14.3-29
|
||||
* Fri Nov 10 2023 Florian Festi <ffesti@redhat.com> - 4.14.3-30
|
||||
- Backport file handling code from rpm-4.19 to fix CVE-2021-35937,
|
||||
CVE-2021-35938 and CVE-2021-35939
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user