diff --git a/backport-patch-CVE-2023-29383.patch b/backport-patch-CVE-2023-29383.patch new file mode 100644 index 0000000000000000000000000000000000000000..b9da46d258881b63893592006e0ba3f31a4f4dea --- /dev/null +++ b/backport-patch-CVE-2023-29383.patch @@ -0,0 +1,44 @@ +From 28ad9b3c377eb2ad017572dffc0334b6750716d3 Mon Sep 17 00:00:00 2001 +From: xzf1244 +Date: Sun, 23 Apr 2023 17:19:52 +0800 +Subject: [PATCH] second + +--- + shadow-4.13/lib/fields.c | 11 +++++++---- + 1 file changed, 7 insertions(+), 4 deletions(-) + +diff --git a/shadow-4.13/lib/fields.c b/shadow-4.13/lib/fields.c +index 8a56035..c72f5f5 100644 +--- a/shadow-4.13/lib/fields.c ++++ b/shadow-4.13/lib/fields.c +@@ -21,9 +21,9 @@ + * + * The supplied field is scanned for non-printable and other illegal + * characters. +- * + -1 is returned if an illegal character is present. +- * + 1 is returned if no illegal characters are present, but the field +- * contains a non-printable character. ++ * + -1 is returned if an illegal or control character is present. ++ * + 1 is returned if no illegal or control characters are present, ++ * but the field contains a non-printable character. + * + 0 is returned otherwise. + */ + int valid_field (const char *field, const char *illegal) +@@ -45,10 +45,13 @@ int valid_field (const char *field, const char *illegal) + } + + if (0 == err) { +- /* Search if there are some non-printable characters */ ++ /* Search if there are non-printable or control characters */ + for (cp = field; '\0' != *cp; cp++) { + if (!isprint (*cp)) { + err = 1; ++ } ++ if (!iscntrl (*cp)) { ++ err = -1; + break; + } + } +-- +2.33.1.windows.1 + diff --git a/shadow.spec b/shadow.spec index 39930da849bffa4da8d0781e23a115ab58ae073e..c3440a11f42aa8b8127e9696cf86ba403f5c20eb 100644 --- a/shadow.spec +++ b/shadow.spec @@ -1,6 +1,6 @@ Name: shadow Version: 4.13 -Release: 3 +Release: 4 Epoch: 2 License: BSD and GPLv2+ Summary: Tools for managing accounts and shadow password files @@ -24,6 +24,7 @@ Patch4: backport-Fix-typos-in-length-calculations.patch Patch5: backport-Correctly-handle-illegal-system-file-in-tz.patch Patch6: backport-Explicitly-override-only-newlines.patch Patch7: backport-Prevent-out-of-boundary-access.patch +Patch8: backport-patch-CVE-2023-29383.patch BuildRequires: gcc, libselinux-devel, audit-libs-devel, libsemanage-devel BuildRequires: libacl-devel, libattr-devel @@ -191,6 +192,9 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libsubid.{la,a} %{_mandir}/*/* %changelog +* Thu Mar 23 2023 xzf1244 - 2:4.13-4 +- backport patch of CVE-2023-29383 + * Thu Mar 23 2023 fuanan - 2:4.13-3 - backport patches from upstream