rpms/rpm
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix regression in new code

Browse Source 
CVE-2005-4889-rpm-fails-to-drop-SUID-SGID-bits-on-package fails with the
new code as older glibc versions don't support AT_SYMLINK_NOFOLLOW for
fchmodat. Fixed upstream as

https://github.com/rpm-software-management/rpm/pull/2759

Resolves: RHEL-9561 RHEL-9563 RHEL-9565
This commit is contained in:
Florian Festi 2023-11-10 10:39:39 +01:00
parent e91f7f791b
commit 284b6bc6f8
2 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
0001-Use-file-state-machine-from-rpm-4.19.patch
View File

@ -513,7 +513,7 @@ index daf572cf4..e74bb2201 100644
if (rc < 0) if (rc < 0)
switch (errno) { switch (errno) {
case ENOENT: rc = RPMERR_ENOENT; break; case ENOENT: rc = RPMERR_ENOENT; break;
@@ -365,172 +288,193 @@ @@ -365,172 +288,194 @@
return rc; return rc;
} }
@ -819,9 +819,10 @@ index daf572cf4..e74bb2201 100644
- if (lstat(path, &stb) == 0 && S_ISREG(stb.st_mode)) { - if (lstat(path, &stb) == 0 && S_ISREG(stb.st_mode)) {
+ int flags = AT_SYMLINK_NOFOLLOW; + int flags = AT_SYMLINK_NOFOLLOW;
+ if (fstatat(dirfd, path, &stb, flags) == 0 && S_ISREG(stb.st_mode)) { + if (fstatat(dirfd, path, &stb, flags) == 0 && S_ISREG(stb.st_mode)) {
+ /* We now know it's not a link so no need to worry about following */
if ((stb.st_mode & 06000) != 0) { if ((stb.st_mode & 06000) != 0) {
- (void) chmod(path, stb.st_mode & 0777); - (void) chmod(path, stb.st_mode & 0777);
+ (void) fchmodat(dirfd, path, stb.st_mode & 0777, flags); + (void) fchmodat(dirfd, path, stb.st_mode & 0777, 0);
} }
-#if WITH_CAP -#if WITH_CAP
+#ifdef WITH_CAP +#ifdef WITH_CAP

4
rpm.spec
View File

@ -32,7 +32,7 @@
%global rpmver 4.14.3 %global rpmver 4.14.3
#global snapver rc2 #global snapver rc2
%global rel 29 %global rel 30
%global srcver %{version}%{?snapver:-%{snapver}} %global srcver %{version}%{?snapver:-%{snapver}}
%global srcdir %{?snapver:testing}%{!?snapver:%{name}-%(echo %{version} | cut -d'.' -f1-2).x} %global srcdir %{?snapver:testing}%{!?snapver:%{name}-%(echo %{version} | cut -d'.' -f1-2).x}
@ -707,7 +707,7 @@ make check || cat tests/rpmtests.log
%doc doc/librpm/html/* %doc doc/librpm/html/*
%changelog %changelog
* Tue Nov 07 2023 Florian Festi <ffesti@redhat.com> - 4.14.3-29 * Fri Nov 10 2023 Florian Festi <ffesti@redhat.com> - 4.14.3-30
- Backport file handling code from rpm-4.19 to fix CVE-2021-35937, - Backport file handling code from rpm-4.19 to fix CVE-2021-35937,
CVE-2021-35938 and CVE-2021-35939 CVE-2021-35938 and CVE-2021-35939