From 9637d55377403c266956c8d93e3901c1ca604ec7 Mon Sep 17 00:00:00 2001 From: panysh Date: Thu, 14 Jul 2022 18:04:04 +0800 Subject: [PATCH 1/2] CVE-2020-13867 --- 1940a17986deaab92e6be395f20ee55dac0ac2b.patch | 32 ++++++++ ...f6d1aa1f64c03816af68bd5fb2bd1bbb29be.patch | 46 +++++++++++ ...64dac39b5b75ee6b5d9e4db419d09d64b898.patch | 82 +++++++++++++++++++ targetcli.spec | 14 +++- 4 files changed, 173 insertions(+), 1 deletion(-) create mode 100644 1940a17986deaab92e6be395f20ee55dac0ac2b.patch create mode 100644 3bdef6d1aa1f64c03816af68bd5fb2bd1bbb29be.patch create mode 100644 9f5764dac39b5b75ee6b5d9e4db419d09d64b898.patch diff --git a/1940a17986deaab92e6be395f20ee55dac0ac2b.patch b/1940a17986deaab92e6be395f20ee55dac0ac2b.patch new file mode 100644 index 0000000..9c2056b --- /dev/null +++ b/1940a17986deaab92e6be395f20ee55dac0ac2b.patch @@ -0,0 +1,32 @@ +From 1940a17986deaab92e6be395f20ee55dac0ac2bd Mon Sep 17 00:00:00 2001 +From: Prasanna Kumar Kalever +Date: Fri, 29 May 2020 14:51:28 +0530 +Subject: [PATCH] saveconfig: set 0o600 perms on backupfiles + +Signed-off-by: Prasanna Kumar Kalever +--- + targetcli/ui_root.py | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/targetcli/ui_root.py b/targetcli/ui_root.py +index 26815bd..6e99b8c 100644 +--- a/targetcli/ui_root.py ++++ b/targetcli/ui_root.py +@@ -125,12 +125,17 @@ def _save_backups(self, savefile): + + # Save backup if backup dir is empty, or savefile is differnt from recent backup copy + if not backed_files_list or not self._compare_files(backed_files_list[-1], savefile): ++ mode = stat.S_IRUSR | stat.S_IWUSR # 0o600 ++ umask = 0o777 ^ mode # Prevents always downgrading umask to 0 ++ umask_original = os.umask(umask) + try: + with open(savefile, 'rb') as f_in, gzip.open(backupfile, 'wb') as f_out: + shutil.copyfileobj(f_in, f_out) + f_out.flush() + except IOError as ioe: + backup_error = ioe.strerror or "Unknown error" ++ finally: ++ os.umask(umask_original) + + if backup_error == None: + # remove excess backups diff --git a/3bdef6d1aa1f64c03816af68bd5fb2bd1bbb29be.patch b/3bdef6d1aa1f64c03816af68bd5fb2bd1bbb29be.patch new file mode 100644 index 0000000..e748913 --- /dev/null +++ b/3bdef6d1aa1f64c03816af68bd5fb2bd1bbb29be.patch @@ -0,0 +1,46 @@ +From 3bdef6d1aa1f64c03816af68bd5fb2bd1bbb29be Mon Sep 17 00:00:00 2001 +From: Prasanna Kumar Kalever +Date: Fri, 29 May 2020 15:05:35 +0530 +Subject: [PATCH] saveconfig: set right perms on backup dir + +Signed-off-by: Prasanna Kumar Kalever +--- + targetcli/ui_root.py | 13 ++++++++++--- + 1 file changed, 10 insertions(+), 3 deletions(-) + +diff --git a/targetcli/ui_root.py b/targetcli/ui_root.py +index 6e99b8c..b24c789 100644 +--- a/targetcli/ui_root.py ++++ b/targetcli/ui_root.py +@@ -109,12 +109,21 @@ def _save_backups(self, savefile): + backupfile = backup_dir + backup_name + backup_error = None + ++ mode = stat.S_IRUSR | stat.S_IWUSR # 0o600 ++ umask = 0o777 ^ mode # Prevents always downgrading umask to 0 ++ + if not os.path.exists(backup_dir): ++ umask_original = os.umask(umask) + try: +- os.makedirs(backup_dir) ++ os.makedirs(backup_dir, mode) + except OSError as exe: + raise ExecutionError("Cannot create backup directory [%s] %s." + % (backup_dir, exe.strerror)) ++ finally: ++ os.umask(umask_original) ++ else: ++ if (os.stat(backup_dir).st_mode & 0o777) != mode: ++ os.chmod(backup_dir, mode) + + # Only save backups if savefile exits + if not os.path.exists(savefile): +@@ -125,8 +134,6 @@ def _save_backups(self, savefile): + + # Save backup if backup dir is empty, or savefile is differnt from recent backup copy + if not backed_files_list or not self._compare_files(backed_files_list[-1], savefile): +- mode = stat.S_IRUSR | stat.S_IWUSR # 0o600 +- umask = 0o777 ^ mode # Prevents always downgrading umask to 0 + umask_original = os.umask(umask) + try: + with open(savefile, 'rb') as f_in, gzip.open(backupfile, 'wb') as f_out: diff --git a/9f5764dac39b5b75ee6b5d9e4db419d09d64b898.patch b/9f5764dac39b5b75ee6b5d9e4db419d09d64b898.patch new file mode 100644 index 0000000..e0fff6b --- /dev/null +++ b/9f5764dac39b5b75ee6b5d9e4db419d09d64b898.patch @@ -0,0 +1,82 @@ +From 9f5764dac39b5b75ee6b5d9e4db419d09d64b898 Mon Sep 17 00:00:00 2001 +From: Prasanna Kumar Kalever +Date: Fri, 29 May 2020 15:36:27 +0530 +Subject: [PATCH] saveconfig: set right perms on /etc/target/ dir + +Signed-off-by: Prasanna Kumar Kalever +--- + targetcli/ui_root.py | 40 +++++++++++++++++++++++++--------------- + 1 file changed, 25 insertions(+), 15 deletions(-) + +diff --git a/targetcli/ui_root.py b/targetcli/ui_root.py +index b24c789..39e5ee9 100644 +--- a/targetcli/ui_root.py ++++ b/targetcli/ui_root.py +@@ -95,6 +95,26 @@ def _compare_files(self, backupfile, savefile): + else: + return False + ++ def _create_dir(self, dirname): ++ ''' ++ create directory with permissions 0o600 set ++ if directory already exists, set right perms ++ ''' ++ mode = stat.S_IRUSR | stat.S_IWUSR # 0o600 ++ if not os.path.exists(dirname): ++ umask = 0o777 ^ mode # Prevents always downgrading umask to 0 ++ umask_original = os.umask(umask) ++ try: ++ os.makedirs(dirname, mode) ++ except OSError as exe: ++ raise ExecutionError("Cannot create directory [%s] %s." ++ % (dirname, exe.strerror)) ++ finally: ++ os.umask(umask_original) ++ else: ++ if (os.stat(dirname).st_mode & 0o777) != mode: ++ os.chmod(dirname, mode) ++ + def _save_backups(self, savefile): + ''' + Take backup of config-file if needed. +@@ -109,21 +129,7 @@ def _save_backups(self, savefile): + backupfile = backup_dir + backup_name + backup_error = None + +- mode = stat.S_IRUSR | stat.S_IWUSR # 0o600 +- umask = 0o777 ^ mode # Prevents always downgrading umask to 0 +- +- if not os.path.exists(backup_dir): +- umask_original = os.umask(umask) +- try: +- os.makedirs(backup_dir, mode) +- except OSError as exe: +- raise ExecutionError("Cannot create backup directory [%s] %s." +- % (backup_dir, exe.strerror)) +- finally: +- os.umask(umask_original) +- else: +- if (os.stat(backup_dir).st_mode & 0o777) != mode: +- os.chmod(backup_dir, mode) ++ self._create_dir(backup_dir) + + # Only save backups if savefile exits + if not os.path.exists(savefile): +@@ -134,6 +140,8 @@ def _save_backups(self, savefile): + + # Save backup if backup dir is empty, or savefile is differnt from recent backup copy + if not backed_files_list or not self._compare_files(backed_files_list[-1], savefile): ++ mode = stat.S_IRUSR | stat.S_IWUSR # 0o600 ++ umask = 0o777 ^ mode # Prevents always downgrading umask to 0 + umask_original = os.umask(umask) + try: + with open(savefile, 'rb') as f_in, gzip.open(backupfile, 'wb') as f_out: +@@ -179,6 +187,8 @@ def ui_command_saveconfig(self, savefile=default_save_file): + + savefile = os.path.expanduser(savefile) + ++ save_dir = os.path.dirname(savefile) ++ self._create_dir(save_dir) + self._save_backups(savefile) + + self.rtsroot.save_to_file(savefile) diff --git a/targetcli.spec b/targetcli.spec index 8dc483b..515fda0 100644 --- a/targetcli.spec +++ b/targetcli.spec @@ -2,7 +2,7 @@ Name: targetcli License: ASL 2.0 Summary: Generic SCSI target CLI shell Version: 2.1.54 -Release: 1 +Release: 1.h1 URL: https://github.com/open-iscsi/targetcli-fb Source: https://github.com/open-iscsi/targetcli-fb/archive/v%{version}/targetcli-fb-%{version}.tar.gz BuildArch: noarch @@ -55,3 +55,15 @@ install -m 644 systemd/* %{buildroot}%{_unitdir}/ * Fri Feb 14 2020 lingsheng - 2.1.fb48-9 - Package int +- Wed Jul 13 2022 Panys +- Type:bugfix +- SUG :NO +- DESC : fix CVE-2020-13867 +#13867 https://github.com/open-iscsi/targetcli-fb/pull/172 +Patch1 1940a17986deaab92e6be395f20ee55dac0ac2b.patch +Patch2 3bdef6d1aa1f64c03816af68bd5fb2bd1bbb29be.patch +Patch3 9f5764dac39b5b75ee6b5d9e4db419d09d64b898.patch + +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 -- Gitee From 3497535a57fca90872159d8e4cc57b22a51f4c53 Mon Sep 17 00:00:00 2001 From: panysh Date: Mon, 18 Jul 2022 17:00:53 +0800 Subject: [PATCH 2/2] CVE-2020-13867 --- ...64dac39b5b75ee6b5d9e4db419d09d64b898.patch | 82 ------------------- CVE-2020-13867_0.patch | 12 +++ ...bd1bbb29be.patch => CVE-2020-13867_1.patch | 25 ------ ...55dac0ac2b.patch => CVE-2020-13867_2.patch | 27 ++---- targetcli.spec | 24 +++--- 5 files changed, 31 insertions(+), 139 deletions(-) delete mode 100644 9f5764dac39b5b75ee6b5d9e4db419d09d64b898.patch create mode 100644 CVE-2020-13867_0.patch rename 3bdef6d1aa1f64c03816af68bd5fb2bd1bbb29be.patch => CVE-2020-13867_1.patch (51%) rename 1940a17986deaab92e6be395f20ee55dac0ac2b.patch => CVE-2020-13867_2.patch (45%) diff --git a/9f5764dac39b5b75ee6b5d9e4db419d09d64b898.patch b/9f5764dac39b5b75ee6b5d9e4db419d09d64b898.patch deleted file mode 100644 index e0fff6b..0000000 --- a/9f5764dac39b5b75ee6b5d9e4db419d09d64b898.patch +++ /dev/null @@ -1,82 +0,0 @@ -From 9f5764dac39b5b75ee6b5d9e4db419d09d64b898 Mon Sep 17 00:00:00 2001 -From: Prasanna Kumar Kalever -Date: Fri, 29 May 2020 15:36:27 +0530 -Subject: [PATCH] saveconfig: set right perms on /etc/target/ dir - -Signed-off-by: Prasanna Kumar Kalever ---- - targetcli/ui_root.py | 40 +++++++++++++++++++++++++--------------- - 1 file changed, 25 insertions(+), 15 deletions(-) - -diff --git a/targetcli/ui_root.py b/targetcli/ui_root.py -index b24c789..39e5ee9 100644 ---- a/targetcli/ui_root.py -+++ b/targetcli/ui_root.py -@@ -95,6 +95,26 @@ def _compare_files(self, backupfile, savefile): - else: - return False - -+ def _create_dir(self, dirname): -+ ''' -+ create directory with permissions 0o600 set -+ if directory already exists, set right perms -+ ''' -+ mode = stat.S_IRUSR | stat.S_IWUSR # 0o600 -+ if not os.path.exists(dirname): -+ umask = 0o777 ^ mode # Prevents always downgrading umask to 0 -+ umask_original = os.umask(umask) -+ try: -+ os.makedirs(dirname, mode) -+ except OSError as exe: -+ raise ExecutionError("Cannot create directory [%s] %s." -+ % (dirname, exe.strerror)) -+ finally: -+ os.umask(umask_original) -+ else: -+ if (os.stat(dirname).st_mode & 0o777) != mode: -+ os.chmod(dirname, mode) -+ - def _save_backups(self, savefile): - ''' - Take backup of config-file if needed. -@@ -109,21 +129,7 @@ def _save_backups(self, savefile): - backupfile = backup_dir + backup_name - backup_error = None - -- mode = stat.S_IRUSR | stat.S_IWUSR # 0o600 -- umask = 0o777 ^ mode # Prevents always downgrading umask to 0 -- -- if not os.path.exists(backup_dir): -- umask_original = os.umask(umask) -- try: -- os.makedirs(backup_dir, mode) -- except OSError as exe: -- raise ExecutionError("Cannot create backup directory [%s] %s." -- % (backup_dir, exe.strerror)) -- finally: -- os.umask(umask_original) -- else: -- if (os.stat(backup_dir).st_mode & 0o777) != mode: -- os.chmod(backup_dir, mode) -+ self._create_dir(backup_dir) - - # Only save backups if savefile exits - if not os.path.exists(savefile): -@@ -134,6 +140,8 @@ def _save_backups(self, savefile): - - # Save backup if backup dir is empty, or savefile is differnt from recent backup copy - if not backed_files_list or not self._compare_files(backed_files_list[-1], savefile): -+ mode = stat.S_IRUSR | stat.S_IWUSR # 0o600 -+ umask = 0o777 ^ mode # Prevents always downgrading umask to 0 - umask_original = os.umask(umask) - try: - with open(savefile, 'rb') as f_in, gzip.open(backupfile, 'wb') as f_out: -@@ -179,6 +187,8 @@ def ui_command_saveconfig(self, savefile=default_save_file): - - savefile = os.path.expanduser(savefile) - -+ save_dir = os.path.dirname(savefile) -+ self._create_dir(save_dir) - self._save_backups(savefile) - - self.rtsroot.save_to_file(savefile) diff --git a/CVE-2020-13867_0.patch b/CVE-2020-13867_0.patch new file mode 100644 index 0000000..5cbaf66 --- /dev/null +++ b/CVE-2020-13867_0.patch @@ -0,0 +1,12 @@ +From 1940a17986deaab92e6be395f20ee55dac0ac2bd Mon Sep 17 00:00:00 2001 +From: Prasanna Kumar Kalever +Date: Fri, 29 May 2020 14:51:28 +0530 +Subject: [PATCH] saveconfig: set 0o600 perms on backupfiles + +Signed-off-by: Prasanna Kumar Kalever +--- + targetcli/ui_root.py | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/targetcli/ui_root.py b/targetcli/ui_root.py +index 26815bd..6e99b8c 100644 diff --git a/3bdef6d1aa1f64c03816af68bd5fb2bd1bbb29be.patch b/CVE-2020-13867_1.patch similarity index 51% rename from 3bdef6d1aa1f64c03816af68bd5fb2bd1bbb29be.patch rename to CVE-2020-13867_1.patch index e748913..a48f753 100644 --- a/3bdef6d1aa1f64c03816af68bd5fb2bd1bbb29be.patch +++ b/CVE-2020-13867_1.patch @@ -10,31 +10,6 @@ Signed-off-by: Prasanna Kumar Kalever diff --git a/targetcli/ui_root.py b/targetcli/ui_root.py index 6e99b8c..b24c789 100644 ---- a/targetcli/ui_root.py -+++ b/targetcli/ui_root.py -@@ -109,12 +109,21 @@ def _save_backups(self, savefile): - backupfile = backup_dir + backup_name - backup_error = None - -+ mode = stat.S_IRUSR | stat.S_IWUSR # 0o600 -+ umask = 0o777 ^ mode # Prevents always downgrading umask to 0 -+ - if not os.path.exists(backup_dir): -+ umask_original = os.umask(umask) - try: -- os.makedirs(backup_dir) -+ os.makedirs(backup_dir, mode) - except OSError as exe: - raise ExecutionError("Cannot create backup directory [%s] %s." - % (backup_dir, exe.strerror)) -+ finally: -+ os.umask(umask_original) -+ else: -+ if (os.stat(backup_dir).st_mode & 0o777) != mode: -+ os.chmod(backup_dir, mode) - - # Only save backups if savefile exits - if not os.path.exists(savefile): @@ -125,8 +134,6 @@ def _save_backups(self, savefile): # Save backup if backup dir is empty, or savefile is differnt from recent backup copy diff --git a/1940a17986deaab92e6be395f20ee55dac0ac2b.patch b/CVE-2020-13867_2.patch similarity index 45% rename from 1940a17986deaab92e6be395f20ee55dac0ac2b.patch rename to CVE-2020-13867_2.patch index 9c2056b..ef0212a 100644 --- a/1940a17986deaab92e6be395f20ee55dac0ac2b.patch +++ b/CVE-2020-13867_2.patch @@ -1,32 +1,21 @@ -From 1940a17986deaab92e6be395f20ee55dac0ac2bd Mon Sep 17 00:00:00 2001 +From 9f5764dac39b5b75ee6b5d9e4db419d09d64b898 Mon Sep 17 00:00:00 2001 From: Prasanna Kumar Kalever -Date: Fri, 29 May 2020 14:51:28 +0530 -Subject: [PATCH] saveconfig: set 0o600 perms on backupfiles +Date: Fri, 29 May 2020 15:36:27 +0530 +Subject: [PATCH] saveconfig: set right perms on /etc/target/ dir Signed-off-by: Prasanna Kumar Kalever --- - targetcli/ui_root.py | 5 +++++ - 1 file changed, 5 insertions(+) + targetcli/ui_root.py | 40 +++++++++++++++++++++++++--------------- + 1 file changed, 25 insertions(+), 15 deletions(-) diff --git a/targetcli/ui_root.py b/targetcli/ui_root.py -index 26815bd..6e99b8c 100644 ---- a/targetcli/ui_root.py -+++ b/targetcli/ui_root.py -@@ -125,12 +125,17 @@ def _save_backups(self, savefile): +index b24c789..39e5ee9 100644 +@@ -134,6 +140,8 @@ def _save_backups(self, savefile): # Save backup if backup dir is empty, or savefile is differnt from recent backup copy if not backed_files_list or not self._compare_files(backed_files_list[-1], savefile): + mode = stat.S_IRUSR | stat.S_IWUSR # 0o600 + umask = 0o777 ^ mode # Prevents always downgrading umask to 0 -+ umask_original = os.umask(umask) + umask_original = os.umask(umask) try: with open(savefile, 'rb') as f_in, gzip.open(backupfile, 'wb') as f_out: - shutil.copyfileobj(f_in, f_out) - f_out.flush() - except IOError as ioe: - backup_error = ioe.strerror or "Unknown error" -+ finally: -+ os.umask(umask_original) - - if backup_error == None: - # remove excess backups diff --git a/targetcli.spec b/targetcli.spec index 515fda0..d06170a 100644 --- a/targetcli.spec +++ b/targetcli.spec @@ -2,9 +2,12 @@ Name: targetcli License: ASL 2.0 Summary: Generic SCSI target CLI shell Version: 2.1.54 -Release: 1.h1 +Release: 2 URL: https://github.com/open-iscsi/targetcli-fb Source: https://github.com/open-iscsi/targetcli-fb/archive/v%{version}/targetcli-fb-%{version}.tar.gz +Patch0: CVE-2020-13867_0.patch +Patch1: CVE-2020-13867_1.patch +Patch2: CVE-2020-13867_2.patch BuildArch: noarch BuildRequires: python3-devel python3-setuptools systemd Requires: python3-rtslib target-restore python3-configshell python3-six python3-dbus python3-gobject-base @@ -21,6 +24,10 @@ Help document for the %{name} package. %prep %setup -q -n targetcli-fb-%{version} +%patch0 -p1 +%patch1 -p1 +%patch2 -p1 + %build %py3_build @@ -47,6 +54,9 @@ install -m 644 systemd/* %{buildroot}%{_unitdir}/ %{_mandir}/man8/targetcli*.8* %changelog +* Wed Jul 13 2022 Panys - 2.1.54-2 +- DESC : fix CVE-2020-13867 + * Wed Dec 29 2021 wulei - 2.1.54-1 - Package update @@ -55,15 +65,3 @@ install -m 644 systemd/* %{buildroot}%{_unitdir}/ * Fri Feb 14 2020 lingsheng - 2.1.fb48-9 - Package int -- Wed Jul 13 2022 Panys -- Type:bugfix -- SUG :NO -- DESC : fix CVE-2020-13867 -#13867 https://github.com/open-iscsi/targetcli-fb/pull/172 -Patch1 1940a17986deaab92e6be395f20ee55dac0ac2b.patch -Patch2 3bdef6d1aa1f64c03816af68bd5fb2bd1bbb29be.patch -Patch3 9f5764dac39b5b75ee6b5d9e4db419d09d64b898.patch - -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 -- Gitee