From 9637d55377403c266956c8d93e3901c1ca604ec7 Mon Sep 17 00:00:00 2001 From: panysh Date: Thu, 14 Jul 2022 18:04:04 +0800 Subject: [PATCH] CVE-2020-13867 --- 1940a17986deaab92e6be395f20ee55dac0ac2b.patch | 32 ++++++++ ...f6d1aa1f64c03816af68bd5fb2bd1bbb29be.patch | 46 +++++++++++ ...64dac39b5b75ee6b5d9e4db419d09d64b898.patch | 82 +++++++++++++++++++ targetcli.spec | 14 +++- 4 files changed, 173 insertions(+), 1 deletion(-) create mode 100644 1940a17986deaab92e6be395f20ee55dac0ac2b.patch create mode 100644 3bdef6d1aa1f64c03816af68bd5fb2bd1bbb29be.patch create mode 100644 9f5764dac39b5b75ee6b5d9e4db419d09d64b898.patch diff --git a/1940a17986deaab92e6be395f20ee55dac0ac2b.patch b/1940a17986deaab92e6be395f20ee55dac0ac2b.patch new file mode 100644 index 0000000..9c2056b --- /dev/null +++ b/1940a17986deaab92e6be395f20ee55dac0ac2b.patch @@ -0,0 +1,32 @@ +From 1940a17986deaab92e6be395f20ee55dac0ac2bd Mon Sep 17 00:00:00 2001 +From: Prasanna Kumar Kalever +Date: Fri, 29 May 2020 14:51:28 +0530 +Subject: [PATCH] saveconfig: set 0o600 perms on backupfiles + +Signed-off-by: Prasanna Kumar Kalever +--- + targetcli/ui_root.py | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/targetcli/ui_root.py b/targetcli/ui_root.py +index 26815bd..6e99b8c 100644 +--- a/targetcli/ui_root.py ++++ b/targetcli/ui_root.py +@@ -125,12 +125,17 @@ def _save_backups(self, savefile): + + # Save backup if backup dir is empty, or savefile is differnt from recent backup copy + if not backed_files_list or not self._compare_files(backed_files_list[-1], savefile): ++ mode = stat.S_IRUSR | stat.S_IWUSR # 0o600 ++ umask = 0o777 ^ mode # Prevents always downgrading umask to 0 ++ umask_original = os.umask(umask) + try: + with open(savefile, 'rb') as f_in, gzip.open(backupfile, 'wb') as f_out: + shutil.copyfileobj(f_in, f_out) + f_out.flush() + except IOError as ioe: + backup_error = ioe.strerror or "Unknown error" ++ finally: ++ os.umask(umask_original) + + if backup_error == None: + # remove excess backups diff --git a/3bdef6d1aa1f64c03816af68bd5fb2bd1bbb29be.patch b/3bdef6d1aa1f64c03816af68bd5fb2bd1bbb29be.patch new file mode 100644 index 0000000..e748913 --- /dev/null +++ b/3bdef6d1aa1f64c03816af68bd5fb2bd1bbb29be.patch @@ -0,0 +1,46 @@ +From 3bdef6d1aa1f64c03816af68bd5fb2bd1bbb29be Mon Sep 17 00:00:00 2001 +From: Prasanna Kumar Kalever +Date: Fri, 29 May 2020 15:05:35 +0530 +Subject: [PATCH] saveconfig: set right perms on backup dir + +Signed-off-by: Prasanna Kumar Kalever +--- + targetcli/ui_root.py | 13 ++++++++++--- + 1 file changed, 10 insertions(+), 3 deletions(-) + +diff --git a/targetcli/ui_root.py b/targetcli/ui_root.py +index 6e99b8c..b24c789 100644 +--- a/targetcli/ui_root.py ++++ b/targetcli/ui_root.py +@@ -109,12 +109,21 @@ def _save_backups(self, savefile): + backupfile = backup_dir + backup_name + backup_error = None + ++ mode = stat.S_IRUSR | stat.S_IWUSR # 0o600 ++ umask = 0o777 ^ mode # Prevents always downgrading umask to 0 ++ + if not os.path.exists(backup_dir): ++ umask_original = os.umask(umask) + try: +- os.makedirs(backup_dir) ++ os.makedirs(backup_dir, mode) + except OSError as exe: + raise ExecutionError("Cannot create backup directory [%s] %s." + % (backup_dir, exe.strerror)) ++ finally: ++ os.umask(umask_original) ++ else: ++ if (os.stat(backup_dir).st_mode & 0o777) != mode: ++ os.chmod(backup_dir, mode) + + # Only save backups if savefile exits + if not os.path.exists(savefile): +@@ -125,8 +134,6 @@ def _save_backups(self, savefile): + + # Save backup if backup dir is empty, or savefile is differnt from recent backup copy + if not backed_files_list or not self._compare_files(backed_files_list[-1], savefile): +- mode = stat.S_IRUSR | stat.S_IWUSR # 0o600 +- umask = 0o777 ^ mode # Prevents always downgrading umask to 0 + umask_original = os.umask(umask) + try: + with open(savefile, 'rb') as f_in, gzip.open(backupfile, 'wb') as f_out: diff --git a/9f5764dac39b5b75ee6b5d9e4db419d09d64b898.patch b/9f5764dac39b5b75ee6b5d9e4db419d09d64b898.patch new file mode 100644 index 0000000..e0fff6b --- /dev/null +++ b/9f5764dac39b5b75ee6b5d9e4db419d09d64b898.patch @@ -0,0 +1,82 @@ +From 9f5764dac39b5b75ee6b5d9e4db419d09d64b898 Mon Sep 17 00:00:00 2001 +From: Prasanna Kumar Kalever +Date: Fri, 29 May 2020 15:36:27 +0530 +Subject: [PATCH] saveconfig: set right perms on /etc/target/ dir + +Signed-off-by: Prasanna Kumar Kalever +--- + targetcli/ui_root.py | 40 +++++++++++++++++++++++++--------------- + 1 file changed, 25 insertions(+), 15 deletions(-) + +diff --git a/targetcli/ui_root.py b/targetcli/ui_root.py +index b24c789..39e5ee9 100644 +--- a/targetcli/ui_root.py ++++ b/targetcli/ui_root.py +@@ -95,6 +95,26 @@ def _compare_files(self, backupfile, savefile): + else: + return False + ++ def _create_dir(self, dirname): ++ ''' ++ create directory with permissions 0o600 set ++ if directory already exists, set right perms ++ ''' ++ mode = stat.S_IRUSR | stat.S_IWUSR # 0o600 ++ if not os.path.exists(dirname): ++ umask = 0o777 ^ mode # Prevents always downgrading umask to 0 ++ umask_original = os.umask(umask) ++ try: ++ os.makedirs(dirname, mode) ++ except OSError as exe: ++ raise ExecutionError("Cannot create directory [%s] %s." ++ % (dirname, exe.strerror)) ++ finally: ++ os.umask(umask_original) ++ else: ++ if (os.stat(dirname).st_mode & 0o777) != mode: ++ os.chmod(dirname, mode) ++ + def _save_backups(self, savefile): + ''' + Take backup of config-file if needed. +@@ -109,21 +129,7 @@ def _save_backups(self, savefile): + backupfile = backup_dir + backup_name + backup_error = None + +- mode = stat.S_IRUSR | stat.S_IWUSR # 0o600 +- umask = 0o777 ^ mode # Prevents always downgrading umask to 0 +- +- if not os.path.exists(backup_dir): +- umask_original = os.umask(umask) +- try: +- os.makedirs(backup_dir, mode) +- except OSError as exe: +- raise ExecutionError("Cannot create backup directory [%s] %s." +- % (backup_dir, exe.strerror)) +- finally: +- os.umask(umask_original) +- else: +- if (os.stat(backup_dir).st_mode & 0o777) != mode: +- os.chmod(backup_dir, mode) ++ self._create_dir(backup_dir) + + # Only save backups if savefile exits + if not os.path.exists(savefile): +@@ -134,6 +140,8 @@ def _save_backups(self, savefile): + + # Save backup if backup dir is empty, or savefile is differnt from recent backup copy + if not backed_files_list or not self._compare_files(backed_files_list[-1], savefile): ++ mode = stat.S_IRUSR | stat.S_IWUSR # 0o600 ++ umask = 0o777 ^ mode # Prevents always downgrading umask to 0 + umask_original = os.umask(umask) + try: + with open(savefile, 'rb') as f_in, gzip.open(backupfile, 'wb') as f_out: +@@ -179,6 +187,8 @@ def ui_command_saveconfig(self, savefile=default_save_file): + + savefile = os.path.expanduser(savefile) + ++ save_dir = os.path.dirname(savefile) ++ self._create_dir(save_dir) + self._save_backups(savefile) + + self.rtsroot.save_to_file(savefile) diff --git a/targetcli.spec b/targetcli.spec index 8dc483b..515fda0 100644 --- a/targetcli.spec +++ b/targetcli.spec @@ -2,7 +2,7 @@ Name: targetcli License: ASL 2.0 Summary: Generic SCSI target CLI shell Version: 2.1.54 -Release: 1 +Release: 1.h1 URL: https://github.com/open-iscsi/targetcli-fb Source: https://github.com/open-iscsi/targetcli-fb/archive/v%{version}/targetcli-fb-%{version}.tar.gz BuildArch: noarch @@ -55,3 +55,15 @@ install -m 644 systemd/* %{buildroot}%{_unitdir}/ * Fri Feb 14 2020 lingsheng - 2.1.fb48-9 - Package int +- Wed Jul 13 2022 Panys +- Type:bugfix +- SUG :NO +- DESC : fix CVE-2020-13867 +#13867 https://github.com/open-iscsi/targetcli-fb/pull/172 +Patch1 1940a17986deaab92e6be395f20ee55dac0ac2b.patch +Patch2 3bdef6d1aa1f64c03816af68bd5fb2bd1bbb29be.patch +Patch3 9f5764dac39b5b75ee6b5d9e4db419d09d64b898.patch + +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 -- Gitee