diff options
author | virendra thakur <thakur.virendra1810@gmail.com> | 2024-02-06 18:01:04 +0530 |
---|---|---|
committer | Steve Sakoman <steve@sakoman.com> | 2024-02-16 03:35:51 -1000 |
commit | fa23359034e1cf72ec09601e18ebcbc3648c3e29 (patch) | |
tree | f5c5a49dd453a384e461b17adb8bcd27bbf89d70 | |
parent | eb0915c699fbe86488de172d529f073a30d05b6a (diff) | |
download | poky-fa23359034e1cf72ec09601e18ebcbc3648c3e29.tar.gz |
ncurses: Fix CVE-2023-29491
memory corruption when processing malformed terminfo data entries
loaded by setuid/setgid programs
CVE-2023-29491.patch change the --disable-root-environ configure option
behavior.
set --disable-root-environ in configuration options.
--disable-root-environ option with a few additional changes
to the code allows us to mitigate CVE-2023-29491 and avoid
other issues that involve the possibility of malicious use of
environment variables through setuid applications, and, therefore,
it was the fix chosen in order to resolve this vulnerability.
Reference:
https://ubuntu.com/security/CVE-2023-29491
https://launchpad.net/ubuntu/+source/ncurses/6.2-0ubuntu2.1
(From OE-Core rev: 041433f0767ae9112f6a74a7d7c93ce9b411792c)
Signed-off-by: virendra thakur <virendrak@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
-rw-r--r-- | meta/recipes-core/ncurses/files/CVE-2023-29491.patch | 45 | ||||
-rw-r--r-- | meta/recipes-core/ncurses/ncurses_6.2.bb | 3 |
2 files changed, 47 insertions, 1 deletions
diff --git a/meta/recipes-core/ncurses/files/CVE-2023-29491.patch b/meta/recipes-core/ncurses/files/CVE-2023-29491.patch new file mode 100644 index 0000000000..0a0497723f --- /dev/null +++ b/meta/recipes-core/ncurses/files/CVE-2023-29491.patch | |||
@@ -0,0 +1,45 @@ | |||
1 | Backport of: | ||
2 | |||
3 | Author: Sven Joachim <svenjoac@gmx.de> | ||
4 | Description: Change the --disable-root-environ configure option behavior | ||
5 | By default, the --disable-root-environ option forbids program run by | ||
6 | the superuser to load custom terminfo entries. This patch changes | ||
7 | that to only restrict programs running with elevated privileges, | ||
8 | matching the behavior of the --disable-setuid-environ option | ||
9 | introduced in the 20230423 upstream patchlevel. | ||
10 | Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372#29 | ||
11 | Bug: https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00018.html | ||
12 | Forwarded: not-needed | ||
13 | Last-Update: 2023-05-01 | ||
14 | |||
15 | Upstream-Status: Backport [https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/ncurses/6.2-0ubuntu2.1/ncurses_6.2-0ubuntu2.1.debian.tar.xz] | ||
16 | CVE: CVE-2023-29491 | ||
17 | Signed-off-by: Virendra Thakur <virendrak@kpit.com> | ||
18 | |||
19 | --- | ||
20 | ncurses/tinfo/access.c | 2 -- | ||
21 | 1 file changed, 2 deletions(-) | ||
22 | |||
23 | --- a/ncurses/tinfo/access.c | ||
24 | +++ b/ncurses/tinfo/access.c | ||
25 | @@ -178,15 +178,16 @@ _nc_is_file_path(const char *path) | ||
26 | NCURSES_EXPORT(int) | ||
27 | _nc_env_access(void) | ||
28 | { | ||
29 | + int result = TRUE; | ||
30 | + | ||
31 | #if HAVE_ISSETUGID | ||
32 | if (issetugid()) | ||
33 | - return FALSE; | ||
34 | + result = FALSE; | ||
35 | #elif HAVE_GETEUID && HAVE_GETEGID | ||
36 | if (getuid() != geteuid() | ||
37 | || getgid() != getegid()) | ||
38 | - return FALSE; | ||
39 | + result = FALSE; | ||
40 | #endif | ||
41 | - /* ...finally, disallow root */ | ||
42 | - return (getuid() != ROOT_UID) && (geteuid() != ROOT_UID); | ||
43 | + return result; | ||
44 | } | ||
45 | #endif | ||
diff --git a/meta/recipes-core/ncurses/ncurses_6.2.bb b/meta/recipes-core/ncurses/ncurses_6.2.bb index 451bfbcb5d..33285bcb5b 100644 --- a/meta/recipes-core/ncurses/ncurses_6.2.bb +++ b/meta/recipes-core/ncurses/ncurses_6.2.bb | |||
@@ -5,11 +5,12 @@ SRC_URI += "file://0001-tic-hang.patch \ | |||
5 | file://0003-gen-pkgconfig.in-Do-not-include-LDFLAGS-in-generated.patch \ | 5 | file://0003-gen-pkgconfig.in-Do-not-include-LDFLAGS-in-generated.patch \ |
6 | file://CVE-2021-39537.patch \ | 6 | file://CVE-2021-39537.patch \ |
7 | file://CVE-2022-29458.patch \ | 7 | file://CVE-2022-29458.patch \ |
8 | file://CVE-2023-29491.patch \ | ||
8 | " | 9 | " |
9 | # commit id corresponds to the revision in package version | 10 | # commit id corresponds to the revision in package version |
10 | SRCREV = "a669013cd5e9d6434e5301348ea51baf306c93c4" | 11 | SRCREV = "a669013cd5e9d6434e5301348ea51baf306c93c4" |
11 | S = "${WORKDIR}/git" | 12 | S = "${WORKDIR}/git" |
12 | EXTRA_OECONF += "--with-abi-version=5" | 13 | EXTRA_OECONF += "--with-abi-version=5 --disable-root-environ" |
13 | UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+(\.\d+)+(\+\d+)*)" | 14 | UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+(\.\d+)+(\+\d+)*)" |
14 | 15 | ||
15 | # This is needed when using patchlevel versions like 6.1+20181013 | 16 | # This is needed when using patchlevel versions like 6.1+20181013 |