From a0b7b01bcf7c4733ceba55e87ec00a51ab1c1f4e Mon Sep 17 00:00:00 2001 From: qsw33 Date: Sat, 18 Nov 2023 10:12:58 +0800 Subject: [PATCH] fix cve-2013-4235 --- backport-CVE-2013-4235.patch | 34 ++++++++++++++++++++++++++++++++++ shadow.spec | 6 +++++- 2 files changed, 39 insertions(+), 1 deletion(-) create mode 100644 backport-CVE-2013-4235.patch diff --git a/backport-CVE-2013-4235.patch b/backport-CVE-2013-4235.patch new file mode 100644 index 0000000..9506bc1 --- /dev/null +++ b/backport-CVE-2013-4235.patch @@ -0,0 +1,34 @@ +From b4472167c2f5057d56686d3349a9b55fc508efe6 Mon Sep 17 00:00:00 2001 +From: ed neville +Date: Fri, 31 Dec 2021 22:40:13 +0000 +Subject: [PATCH] Adding nofollow to opens + +Conflict: NA +Reference: https://github.com/shadow-maint/shadow/commit/b4472167c2f5057d56686d3349a9b55fc508efe6 + +--- + libmisc/copydir.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/libmisc/copydir.c b/libmisc/copydir.c +index f2130bcac..a296d925d 100644 +--- a/libmisc/copydir.c ++++ b/libmisc/copydir.c +@@ -741,7 +741,7 @@ static int copy_file (const char *src, const char *dst, + char buf[1024]; + ssize_t cnt; + +- ifd = open (src, O_RDONLY); ++ ifd = open (src, O_RDONLY|O_NOFOLLOW); + if (ifd < 0) { + return -1; + } +@@ -751,7 +751,7 @@ static int copy_file (const char *src, const char *dst, + return -1; + } + #endif /* WITH_SELINUX */ +- ofd = open (dst, O_WRONLY | O_CREAT | O_TRUNC, statp->st_mode & 07777); ++ ofd = open (dst, O_WRONLY | O_CREAT | O_TRUNC | O_NOFOLLOW, statp->st_mode & 07777); + if ( (ofd < 0) + || (fchown_if_needed (ofd, statp, + old_uid, new_uid, old_gid, new_gid) != 0) diff --git a/shadow.spec b/shadow.spec index 967dab7..97d830a 100644 --- a/shadow.spec +++ b/shadow.spec @@ -1,6 +1,6 @@ Name: shadow Version: 4.8.1 -Release: 8 +Release: 9 Epoch: 2 License: BSD and GPLv2+ Summary: Tools for managing accounts and shadow password files @@ -30,6 +30,7 @@ Patch13: backport-Read-whole-line-in-yes_or_no.patch Patch14: backport-commonio-free-removed-database-entries.patch Patch15: backport-semanage-disconnect-to-free-libsemanage-internals.patch Patch16: backport-gpasswd-1-Fix-password-leak.patch +Patch17: backport-CVE-2013-4235.patch BuildRequires: gcc, libselinux-devel, audit-libs-devel, libsemanage-devel BuildRequires: libacl-devel, libattr-devel gdb @@ -176,6 +177,9 @@ done %{_mandir}/*/* %changelog +* Sat Nov 18 2023 wangqingsan - 2:4.8.1-9 +- fix CVE-2013-4235 + * Wed Sep 20 2023 wangyunjia - 2:4.8.1-8 - fix CVE-2023-4641 -- Gitee