fix CVE-2023-29491
This commit is contained in:
yangl777
parent
43d7ab13ef
commit
18ee66f2f2
@ -0,0 +1,50 @@
|
||||
From 49d07be98e591d2df1d5b8d55fc9ecac3185fb70 Mon Sep 17 00:00:00 2001
|
||||
From: Sven Joachim <svenjoac@gmx.de>
|
||||
Date: Mon, 1 May 2023 11:31:39 +0200
|
||||
Subject: [PATCH] Fix the --disable-root-args and --disable-root-environ
|
||||
options
|
||||
|
||||
Due to a copy/paste error, the "--disable-root-environ" configure
|
||||
option performed the actions of the "--disable-root-access" option,
|
||||
while the latter option had no effect at all.
|
||||
|
||||
Conflict:add configure file changes based on community
|
||||
Reference:https://salsa.debian.org/debian/ncurses/-/commit/49d07be98e591d2df1d5b8d55fc9ecac3185fb70
|
||||
---
|
||||
configure | 6 +++---
|
||||
configure.in | 2 +-
|
||||
2 files changed, 4 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/configure b/configure
|
||||
index 4c39d24..a8e683e 100755
|
||||
--- a/configure
|
||||
+++ b/configure
|
||||
@@ -9501,9 +9501,9 @@ EOF
|
||||
echo "$as_me:9501: checking if you want to permit setuid programs to access all files" >&5
|
||||
echo $ECHO_N "checking if you want to permit setuid programs to access all files... $ECHO_C" >&6
|
||||
|
||||
-# Check whether --enable-root-environ or --disable-root-environ was given.
|
||||
-if test "${enable_root_environ+set}" = set; then
|
||||
- enableval="$enable_root_environ"
|
||||
+# Check whether --enable-root-access or --disable-root-access was given.
|
||||
+if test "${enable_root_access+set}" = set; then
|
||||
+ enableval="$enable_root_access"
|
||||
with_root_access=$enableval
|
||||
else
|
||||
with_root_access=yes
|
||||
diff --git a/configure.in b/configure.in
|
||||
index 093dd47..a63cdf7 100644
|
||||
--- a/configure.in
|
||||
+++ b/configure.in
|
||||
@@ -868,7 +868,7 @@ AC_MSG_RESULT($with_root_environ)
|
||||
test "x$with_root_environ" = xyes && AC_DEFINE(USE_ROOT_ENVIRON,1,[Define to 1 if root is allowed to use ncurses environment])
|
||||
|
||||
AC_MSG_CHECKING(if you want to permit setuid programs to access all files)
|
||||
-AC_ARG_ENABLE(root-environ,
|
||||
+AC_ARG_ENABLE(root-access,
|
||||
[ --disable-root-access restrict file-access when running setuid],
|
||||
[with_root_access=$enableval],
|
||||
[with_root_access=yes])
|
||||
--
|
||||
2.33.0
|
||||
|
||||
32
backport-0002-CVE-2023-29491-env-access.patch
Normal file
32
backport-0002-CVE-2023-29491-env-access.patch
Normal file
@ -0,0 +1,32 @@
|
||||
From 94240194a58b15e7fc3a015ed123ebb124f4e869 Mon Sep 17 00:00:00 2001
|
||||
From: Sven Joachim <svenjoac@gmx.de>
|
||||
Date: Mon, 1 May 2023 11:32:01 +0200
|
||||
Subject: [PATCH] Change the behavior of the "--disable-root-environ" option
|
||||
|
||||
The new patch debian-env-access.diff makes the
|
||||
"--disable-root-environ" configure option functionally equivalent to
|
||||
the --disable-setuid-environ" option that has been added in the
|
||||
20230425 upstream patchlevel.
|
||||
|
||||
Conflict:NA
|
||||
Reference:https://salsa.debian.org/debian/ncurses/-/commit/94240194a58b15e7fc3a015ed123ebb124f4e869
|
||||
---
|
||||
ncurses/tinfo/access.c | 2 --
|
||||
1 file changed, 2 deletions(-)
|
||||
|
||||
diff --git a/ncurses/tinfo/access.c b/ncurses/tinfo/access.c
|
||||
index a735db2..c9f8660 100644
|
||||
--- a/ncurses/tinfo/access.c
|
||||
+++ b/ncurses/tinfo/access.c
|
||||
@@ -215,8 +215,6 @@ _nc_env_access(void)
|
||||
|
||||
if (is_elevated()) {
|
||||
result = FALSE;
|
||||
- } else if ((getuid() == ROOT_UID) || (geteuid() == ROOT_UID)) {
|
||||
- result = FALSE;
|
||||
}
|
||||
return result;
|
||||
}
|
||||
--
|
||||
2.33.0
|
||||
|
||||
12
ncurses.spec
12
ncurses.spec
@ -1,6 +1,6 @@
|
||||
Name: ncurses
|
||||
Version: 6.4
|
||||
Release: 2
|
||||
Release: 3
|
||||
Summary: Terminal control library
|
||||
License: MIT
|
||||
URL: https://invisible-island.net/ncurses/ncurses.html
|
||||
@ -10,6 +10,8 @@ Patch8: ncurses-config.patch
|
||||
Patch9: ncurses-libs.patch
|
||||
Patch11: ncurses-urxvt.patch
|
||||
Patch12: ncurses-kbs.patch
|
||||
Patch13: backport-0001-CVE-2023-29491-fix-configure-root-args-option.patch
|
||||
Patch14: backport-0002-CVE-2023-29491-env-access.patch
|
||||
|
||||
BuildRequires: make gcc gcc-c++ gpm-devel pkgconfig
|
||||
|
||||
@ -96,7 +98,7 @@ done
|
||||
|
||||
%build
|
||||
common_options="--enable-colorfgbg --enable-hard-tabs --enable-overwrite \
|
||||
--enable-pc-files --enable-xmc-glitch --disable-wattr-macros \
|
||||
--enable-pc-files --enable-xmc-glitch --disable-wattr-macros --disable-root-environ \
|
||||
--with-cxx-shared --with-ospeed=unsigned \
|
||||
--with-pkg-config-libdir=%{_libdir}/pkgconfig \
|
||||
--with-shared \
|
||||
@ -244,6 +246,12 @@ xz NEWS
|
||||
%{_mandir}/man7/*
|
||||
|
||||
%changelog
|
||||
* Mon Jul 03 2023 yanglu <yanglu72@h-partners.com> - 6.4-3
|
||||
- Type:CVE
|
||||
- CVE:CVE-2023-29491
|
||||
- SUG:NA
|
||||
- DESC:fix CVE-2023-29491
|
||||
|
||||
* Tue Feb 28 2023 zhujunhao <zhujunhao11@huawei.com> - 6.4-2
|
||||
- Type:requirement
|
||||
- CVE:NA
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user