packages/ncurses
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!60 fix CVE-2023-29491

Browse Source 
From: @yangl777 
Reviewed-by: @dillon_chen 
Signed-off-by: @dillon_chen
This commit is contained in:
openeuler-ci-bot 2023-07-03 09:31:05 +00:00 committed by Gitee
commit 4b2f80d4ad
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
3 changed files with 92 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
backport-0001-CVE-2023-29491-fix-configure-root-args-option.patch Normal file
View File

@ -0,0 +1,50 @@
From 49d07be98e591d2df1d5b8d55fc9ecac3185fb70 Mon Sep 17 00:00:00 2001
From: Sven Joachim <svenjoac@gmx.de>
Date: Mon, 1 May 2023 11:31:39 +0200
Subject: [PATCH] Fix the --disable-root-args and --disable-root-environ
options
Due to a copy/paste error, the "--disable-root-environ" configure
option performed the actions of the "--disable-root-access" option,
while the latter option had no effect at all.
Conflict:add configure file changes based on community
Reference:https://salsa.debian.org/debian/ncurses/-/commit/49d07be98e591d2df1d5b8d55fc9ecac3185fb70
---
configure | 6 +++---
configure.in | 2 +-
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/configure b/configure
index 4c39d24..a8e683e 100755
--- a/configure
+++ b/configure
@@ -9501,9 +9501,9 @@ EOF
echo "$as_me:9501: checking if you want to permit setuid programs to access all files" >&5
echo $ECHO_N "checking if you want to permit setuid programs to access all files... $ECHO_C" >&6
-# Check whether --enable-root-environ or --disable-root-environ was given.
-if test "${enable_root_environ+set}" = set; then
- enableval="$enable_root_environ"
+# Check whether --enable-root-access or --disable-root-access was given.
+if test "${enable_root_access+set}" = set; then
+ enableval="$enable_root_access"
with_root_access=$enableval
else
with_root_access=yes
diff --git a/configure.in b/configure.in
index 093dd47..a63cdf7 100644
--- a/configure.in
+++ b/configure.in
@@ -868,7 +868,7 @@ AC_MSG_RESULT($with_root_environ)
test "x$with_root_environ" = xyes && AC_DEFINE(USE_ROOT_ENVIRON,1,[Define to 1 if root is allowed to use ncurses environment])
AC_MSG_CHECKING(if you want to permit setuid programs to access all files)
-AC_ARG_ENABLE(root-environ,
+AC_ARG_ENABLE(root-access,
[ --disable-root-access restrict file-access when running setuid],
[with_root_access=$enableval],
[with_root_access=yes])
--
2.33.0

32
backport-0002-CVE-2023-29491-env-access.patch Normal file
View File

@ -0,0 +1,32 @@
From 94240194a58b15e7fc3a015ed123ebb124f4e869 Mon Sep 17 00:00:00 2001
From: Sven Joachim <svenjoac@gmx.de>
Date: Mon, 1 May 2023 11:32:01 +0200
Subject: [PATCH] Change the behavior of the "--disable-root-environ" option
The new patch debian-env-access.diff makes the
"--disable-root-environ" configure option functionally equivalent to
the --disable-setuid-environ" option that has been added in the
20230425 upstream patchlevel.
Conflict:NA
Reference:https://salsa.debian.org/debian/ncurses/-/commit/94240194a58b15e7fc3a015ed123ebb124f4e869
---
ncurses/tinfo/access.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/ncurses/tinfo/access.c b/ncurses/tinfo/access.c
index a735db2..c9f8660 100644
--- a/ncurses/tinfo/access.c
+++ b/ncurses/tinfo/access.c
@@ -215,8 +215,6 @@ _nc_env_access(void)
if (is_elevated()) {
result = FALSE;
- } else if ((getuid() == ROOT_UID) || (geteuid() == ROOT_UID)) {
- result = FALSE;
}
return result;
}
--
2.33.0

12
ncurses.spec
View File

@ -1,6 +1,6 @@
Name: ncurses Name: ncurses
Version: 6.4 Version: 6.4
Release: 2 Release: 3
Summary: Terminal control library Summary: Terminal control library
License: MIT License: MIT
URL: https://invisible-island.net/ncurses/ncurses.html URL: https://invisible-island.net/ncurses/ncurses.html
@ -10,6 +10,8 @@ Patch8: ncurses-config.patch
Patch9: ncurses-libs.patch Patch9: ncurses-libs.patch
Patch11: ncurses-urxvt.patch Patch11: ncurses-urxvt.patch
Patch12: ncurses-kbs.patch Patch12: ncurses-kbs.patch
Patch13: backport-0001-CVE-2023-29491-fix-configure-root-args-option.patch
Patch14: backport-0002-CVE-2023-29491-env-access.patch
BuildRequires: make gcc gcc-c++ gpm-devel pkgconfig BuildRequires: make gcc gcc-c++ gpm-devel pkgconfig
@ -96,7 +98,7 @@ done
%build %build
common_options="--enable-colorfgbg --enable-hard-tabs --enable-overwrite \ common_options="--enable-colorfgbg --enable-hard-tabs --enable-overwrite \
--enable-pc-files --enable-xmc-glitch --disable-wattr-macros \ --enable-pc-files --enable-xmc-glitch --disable-wattr-macros --disable-root-environ \
--with-cxx-shared --with-ospeed=unsigned \ --with-cxx-shared --with-ospeed=unsigned \
--with-pkg-config-libdir=%{_libdir}/pkgconfig \ --with-pkg-config-libdir=%{_libdir}/pkgconfig \
--with-shared \ --with-shared \
@ -244,6 +246,12 @@ xz NEWS
%{_mandir}/man7/* %{_mandir}/man7/*
%changelog %changelog
* Mon Jul 03 2023 yanglu <yanglu72@h-partners.com> - 6.4-3
- Type:CVE
- CVE:CVE-2023-29491
- SUG:NA
- DESC:fix CVE-2023-29491
* Tue Feb 28 2023 zhujunhao <zhujunhao11@huawei.com> - 6.4-2 * Tue Feb 28 2023 zhujunhao <zhujunhao11@huawei.com> - 6.4-2
- Type:requirement - Type:requirement
- CVE:NA - CVE:NA