开源软件构建与测试

Changes of Revision 5

_service:tar_scm:ncurses.spec Changed

@@ -1,6 +1,6 @@
 Name:          ncurses
 Version:       6.4
-Release:       2
+Release:       3
 Summary:       Terminal control library
 License:       MIT
 URL:           https://invisible-island.net/ncurses/ncurses.html
@@ -10,6 +10,8 @@
 Patch9:        ncurses-libs.patch
 Patch11:       ncurses-urxvt.patch
 Patch12:       ncurses-kbs.patch
+Patch13:       backport-0001-CVE-2023-29491-fix-configure-root-args-option.patch
+Patch14:       backport-0002-CVE-2023-29491-env-access.patch
 
 BuildRequires: make gcc gcc-c++ gpm-devel pkgconfig
 
@@ -96,7 +98,7 @@
 
 %build
 common_options="--enable-colorfgbg --enable-hard-tabs --enable-overwrite \
-    --enable-pc-files --enable-xmc-glitch --disable-wattr-macros \
+    --enable-pc-files --enable-xmc-glitch --disable-wattr-macros --disable-root-environ \
     --with-cxx-shared --with-ospeed=unsigned \
     --with-pkg-config-libdir=%{_libdir}/pkgconfig \
     --with-shared \
@@ -244,6 +246,12 @@
 %{_mandir}/man7/*
 
 %changelog
+* Mon Jul 03 2023 yanglu <yanglu72@h-partners.com> - 6.4-3
+- Type:CVE
+- CVE:CVE-2023-29491
+- SUG:NA
+- DESC:fix CVE-2023-29491
+
 * Tue Feb 28 2023 zhujunhao <zhujunhao11@huawei.com> - 6.4-2
 - Type:requirement
 - CVE:NA

_service:tar_scm:backport-0001-CVE-2023-29491-fix-configure-root-args-option.patch Added

@@ -0,0 +1,50 @@
+From 49d07be98e591d2df1d5b8d55fc9ecac3185fb70 Mon Sep 17 00:00:00 2001
+From: Sven Joachim <svenjoac@gmx.de>
+Date: Mon, 1 May 2023 11:31:39 +0200
+Subject: PATCH Fix the --disable-root-args and --disable-root-environ
+ options
+
+Due to a copy/paste error, the "--disable-root-environ" configure
+option performed the actions of the "--disable-root-access" option,
+while the latter option had no effect at all.
+
+Conflict:add configure file changes based on community
+Reference:https://salsa.debian.org/debian/ncurses/-/commit/49d07be98e591d2df1d5b8d55fc9ecac3185fb70
+---
+ configure    | 6 +++---
+ configure.in | 2 +-
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/configure b/configure
+index 4c39d24..a8e683e 100755
+--- a/configure
++++ b/configure
+@@ -9501,9 +9501,9 @@ EOF
+ echo "$as_me:9501: checking if you want to permit setuid programs to access all files" >&5
+ echo $ECHO_N "checking if you want to permit setuid programs to access all files... $ECHO_C" >&6
+ 
+-# Check whether --enable-root-environ or --disable-root-environ was given.
+-if test "${enable_root_environ+set}" = set; then
+-  enableval="$enable_root_environ"
++# Check whether --enable-root-access or --disable-root-access was given.
++if test "${enable_root_access+set}" = set; then
++  enableval="$enable_root_access"
+   with_root_access=$enableval
+ else
+   with_root_access=yes
+diff --git a/configure.in b/configure.in
+index 093dd47..a63cdf7 100644
+--- a/configure.in
++++ b/configure.in
+@@ -868,7 +868,7 @@ AC_MSG_RESULT($with_root_environ)
+ test "x$with_root_environ" = xyes && AC_DEFINE(USE_ROOT_ENVIRON,1,Define to 1 if root is allowed to use ncurses environment)
+ 
+ AC_MSG_CHECKING(if you want to permit setuid programs to access all files)
+-AC_ARG_ENABLE(root-environ,
++AC_ARG_ENABLE(root-access,
+ 	  --disable-root-access   restrict file-access when running setuid,
+ 	with_root_access=$enableval,
+ 	with_root_access=yes)
+-- 
+2.33.0
+

_service:tar_scm:backport-0002-CVE-2023-29491-env-access.patch Added

@@ -0,0 +1,32 @@
+From 94240194a58b15e7fc3a015ed123ebb124f4e869 Mon Sep 17 00:00:00 2001
+From: Sven Joachim <svenjoac@gmx.de>
+Date: Mon, 1 May 2023 11:32:01 +0200
+Subject: PATCH Change the behavior of the "--disable-root-environ" option
+
+The new patch debian-env-access.diff makes the
+"--disable-root-environ" configure option functionally equivalent to
+the --disable-setuid-environ" option that has been added in the
+20230425 upstream patchlevel.
+
+Conflict:NA
+Reference:https://salsa.debian.org/debian/ncurses/-/commit/94240194a58b15e7fc3a015ed123ebb124f4e869
+---
+ ncurses/tinfo/access.c | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/ncurses/tinfo/access.c b/ncurses/tinfo/access.c
+index a735db2..c9f8660 100644
+--- a/ncurses/tinfo/access.c
++++ b/ncurses/tinfo/access.c
+@@ -215,8 +215,6 @@ _nc_env_access(void)
+ 
+     if (is_elevated()) {
+ 	result = FALSE;
+-    } else if ((getuid() == ROOT_UID) || (geteuid() == ROOT_UID)) {
+-	result = FALSE;
+     }
+     return result;
+ }
+-- 
+2.33.0
+