From c986512c467e6f9ff65d3ea0a003fd2cc8789bab Mon Sep 17 00:00:00 2001
From: zhaosai <zhaosaisai@kylinos.cn>
Date: Wed, 8 May 2024 18:30:55 +0800
Subject: [PATCH] fix CVE-2024-4030

---
 CVE-2024-4030.patch | 51 +++++++++++++++++++++++++++++++++++++++++++++
 python3.spec        | 12 ++++++++++-
 2 files changed, 62 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2024-4030.patch

diff --git a/CVE-2024-4030.patch b/CVE-2024-4030.patch
new file mode 100644
index 0000000..cf75649
--- /dev/null
+++ b/CVE-2024-4030.patch
@@ -0,0 +1,51 @@
+From 77b83f4f096e4ae00e7db130b8533b2aba9c7171 Mon Sep 17 00:00:00 2001
+From: Steve Dower <steve.dower@python.org>
+Date: Thu, 2 May 2024 18:11:18 +0100
+Subject: [PATCH] gh-118486: Switch mkdir(mode=0o700) on Windows to use OWNER
+ RIGHTS instead of CURRENT_USER
+
+---
+ Modules/posixmodule.c | 19 ++++++++++++++++---
+ 1 file changed, 16 insertions(+), 3 deletions(-)
+
+diff --git a/Modules/posixmodule.c b/Modules/posixmodule.c
+index f9533577a8fa34..e1a14e772c4bd0 100644
+--- a/Modules/posixmodule.c
++++ b/Modules/posixmodule.c
+@@ -5587,6 +5587,7 @@ struct _Py_SECURITY_ATTRIBUTE_DATA {
+     PACL acl;
+     SECURITY_DESCRIPTOR sd;
+     EXPLICIT_ACCESS_W ea[4];
++    char sid[64];
+ };
+ 
+ static int
+@@ -5616,13 +5617,25 @@ initializeMkdir700SecurityAttributes(
+         return GetLastError();
+     }
+ 
++    int use_alias = 0;
++    DWORD cbSid = sizeof(data->sid);
++    if (!CreateWellKnownSid(WinCreatorOwnerRightsSid, NULL, (PSID)data->sid, &cbSid)) {
++        use_alias = 1;
++    }
++
+     data->securityAttributes.nLength = sizeof(SECURITY_ATTRIBUTES);
+     data->ea[0].grfAccessPermissions = GENERIC_ALL;
+     data->ea[0].grfAccessMode = SET_ACCESS;
+     data->ea[0].grfInheritance = SUB_CONTAINERS_AND_OBJECTS_INHERIT;
+-    data->ea[0].Trustee.TrusteeForm = TRUSTEE_IS_NAME;
+-    data->ea[0].Trustee.TrusteeType = TRUSTEE_IS_ALIAS;
+-    data->ea[0].Trustee.ptstrName = L"CURRENT_USER";
++    if (use_alias) {
++        data->ea[0].Trustee.TrusteeForm = TRUSTEE_IS_NAME;
++        data->ea[0].Trustee.TrusteeType = TRUSTEE_IS_ALIAS;
++        data->ea[0].Trustee.ptstrName = L"CURRENT_USER";
++    } else {
++        data->ea[0].Trustee.TrusteeForm = TRUSTEE_IS_SID;
++        data->ea[0].Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
++        data->ea[0].Trustee.ptstrName = (LPWCH)(SID*)data->sid;
++    }
+ 
+     data->ea[1].grfAccessPermissions = GENERIC_ALL;
+     data->ea[1].grfAccessMode = SET_ACCESS;
diff --git a/python3.spec b/python3.spec
index 02c5fad..7167aac 100644
--- a/python3.spec
+++ b/python3.spec
@@ -3,7 +3,7 @@ Summary: Interpreter of the Python3 programming language
 URL: https://www.python.org/
 
 Version: 3.11.6
-Release: 2
+Release: 3
 License: Python-2.0
 
 %global branchversion 3.11
@@ -88,6 +88,8 @@ Source1: pyconfig.h
 Patch1:   00001-rpath.patch
 Patch251: 00251-change-user-install-location.patch
 
+Patch500: CVE-2024-4030.patch
+
 Patch9000:  add-the-sm3-method-for-obtaining-the-salt-value.patch
 Patch9001:  0001-add-loongarch64-support-for-python.patch
 
@@ -185,6 +187,8 @@ rm configure pyconfig.h.in
 %patch1 -p1
 %patch251 -p1
 
+%patch500 -p1
+
 %patch9000 -p1
 %patch9001 -p1
 
@@ -848,6 +852,12 @@ export BEP_GTDLIST="$BEP_GTDLIST_TMP"
 %{_mandir}/*/*
 
 %changelog
+* Wed May 08 2024 zhaosai<zhaosaisai@kylinos.cn> - 3.11.6-3
+- Type:cve
+- CVE:NA
+- SUG:NA
+- DESC: fix CVE-2024-4030
+
 * Mon Feb 26 2024 Wenlong Zhang<zhangwenlong@loongson.cn> - 3.11.6-2
 - Type:bugfix
 - CVE:NA
-- 
Gitee