From 284b6bc6f8eb245e100790783a5251cc7964381b Mon Sep 17 00:00:00 2001 From: Florian Festi Date: Nov 10 2023 09:39:39 +0000 Subject: Fix regression in new code CVE-2005-4889-rpm-fails-to-drop-SUID-SGID-bits-on-package fails with the new code as older glibc versions don't support AT_SYMLINK_NOFOLLOW for fchmodat. Fixed upstream as https://github.com/rpm-software-management/rpm/pull/2759 Resolves: RHEL-9561 RHEL-9563 RHEL-9565 --- diff --git a/0001-Use-file-state-machine-from-rpm-4.19.patch b/0001-Use-file-state-machine-from-rpm-4.19.patch index 19c2bdd..5b6653e 100644 --- a/0001-Use-file-state-machine-from-rpm-4.19.patch +++ b/0001-Use-file-state-machine-from-rpm-4.19.patch @@ -513,7 +513,7 @@ index daf572cf4..e74bb2201 100644 if (rc < 0) switch (errno) { case ENOENT: rc = RPMERR_ENOENT; break; -@@ -365,172 +288,193 @@ +@@ -365,172 +288,194 @@ return rc; } @@ -819,9 +819,10 @@ index daf572cf4..e74bb2201 100644 - if (lstat(path, &stb) == 0 && S_ISREG(stb.st_mode)) { + int flags = AT_SYMLINK_NOFOLLOW; + if (fstatat(dirfd, path, &stb, flags) == 0 && S_ISREG(stb.st_mode)) { ++ /* We now know it's not a link so no need to worry about following */ if ((stb.st_mode & 06000) != 0) { - (void) chmod(path, stb.st_mode & 0777); -+ (void) fchmodat(dirfd, path, stb.st_mode & 0777, flags); ++ (void) fchmodat(dirfd, path, stb.st_mode & 0777, 0); } -#if WITH_CAP +#ifdef WITH_CAP diff --git a/rpm.spec b/rpm.spec index 79e818a..aa07aea 100644 --- a/rpm.spec +++ b/rpm.spec @@ -32,7 +32,7 @@ %global rpmver 4.14.3 #global snapver rc2 -%global rel 29 +%global rel 30 %global srcver %{version}%{?snapver:-%{snapver}} %global srcdir %{?snapver:testing}%{!?snapver:%{name}-%(echo %{version} | cut -d'.' -f1-2).x} @@ -707,7 +707,7 @@ make check || cat tests/rpmtests.log %doc doc/librpm/html/* %changelog -* Tue Nov 07 2023 Florian Festi - 4.14.3-29 +* Fri Nov 10 2023 Florian Festi - 4.14.3-30 - Backport file handling code from rpm-4.19 to fix CVE-2021-35937, CVE-2021-35938 and CVE-2021-35939