From 7c4e1cb30137966f93d72d2a7b57bc31d2f6fcde Mon Sep 17 00:00:00 2001 From: yangl777 Date: Mon, 3 Jul 2023 03:16:45 +0000 Subject: [PATCH] fix CVE-2023-29491 --- backport-CVE-2023-29491-mitigation.patch | 43 ++++++++++++++++++++++++ ncurses.spec | 11 ++++-- 2 files changed, 52 insertions(+), 2 deletions(-) create mode 100644 backport-CVE-2023-29491-mitigation.patch diff --git a/backport-CVE-2023-29491-mitigation.patch b/backport-CVE-2023-29491-mitigation.patch new file mode 100644 index 0000000..224e229 --- /dev/null +++ b/backport-CVE-2023-29491-mitigation.patch @@ -0,0 +1,43 @@ +Backport of: + +Author: Sven Joachim +Description: Change the --disable-root-environ configure option behavior + By default, the --disable-root-environ option forbids program run by + the superuser to load custom terminfo entries. This patch changes + that to only restrict programs running with elevated privileges, + matching the behavior of the --disable-setuid-environ option + introduced in the 20230423 upstream patchlevel. +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372#29 +Bug: https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00018.html +Forwarded: not-needed +Last-Update: 2023-05-01 + +--- + ncurses/tinfo/access.c | 2 -- + 1 file changed, 2 deletions(-) + +Index: ncurses-6.2/ncurses/tinfo/access.c +=================================================================== +--- ncurses-6.2.orig/ncurses/tinfo/access.c ++++ ncurses-6.2/ncurses/tinfo/access.c +@@ -171,15 +171,16 @@ _nc_is_file_path(const char *path) + NCURSES_EXPORT(int) + _nc_env_access(void) + { ++ int result = TRUE; ++ + #if HAVE_ISSETUGID + if (issetugid()) +- return FALSE; ++ result = FALSE; + #elif HAVE_GETEUID && HAVE_GETEGID + if (getuid() != geteuid() + || getgid() != getegid()) +- return FALSE; ++ result = FALSE; + #endif +- /* ...finally, disallow root */ +- return (getuid() != ROOT_UID) && (geteuid() != ROOT_UID); ++ return result; + } + #endif diff --git a/ncurses.spec b/ncurses.spec index cf7f5fc..26c5909 100644 --- a/ncurses.spec +++ b/ncurses.spec @@ -1,7 +1,7 @@ %global revision 20200411 Name: ncurses Version: 6.2 -Release: 3 +Release: 4 Summary: Terminal control library License: MIT URL: https://invisible-island.net/ncurses/ncurses.html @@ -14,6 +14,7 @@ Patch12: ncurses-kbs.patch Patch13: backport-CVE-2021-39537-add-check-for-end-of-string-in-cvtchar-to-handle-a-malformed.patch Patch14: backport-CVE-2022-29458.patch +Patch15: backport-CVE-2023-29491-mitigation.patch BuildRequires: gcc gcc-c++ gpm-devel pkgconfig @@ -84,7 +85,7 @@ done %build common_options="--enable-colorfgbg --enable-hard-tabs --enable-overwrite \ - --enable-pc-files --enable-xmc-glitch --disable-wattr-macros \ + --enable-pc-files --enable-xmc-glitch --disable-wattr-macros --disable-root-environ \ --with-cxx-shared --with-ospeed=unsigned \ --with-pkg-config-libdir=%{_libdir}/pkgconfig \ --with-shared \ @@ -224,6 +225,12 @@ xz NEWS %{_mandir}/man7/* %changelog +* Mon Jul 03 2023 yanglu - 6.2-4 +- Type:CVE +- CVE:CVE-2023-29491 +- SUG:NA +- DESC:fix CVE-2023-29491 + * Thu Apr 28 2022 gaihuiying - 6.2-3 - Type:CVE - CVE:CVE-2022-29458 -- Gitee