diff options
Diffstat (limited to 'meta/recipes-connectivity')
-rw-r--r-- | meta/recipes-connectivity/inetutils/inetutils/0001-CVE-2023-40303-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-ch.patch | 279 | ||||
-rw-r--r-- | meta/recipes-connectivity/inetutils/inetutils/0002-CVE-2023-40303-Indent-changes-in-previous-commit.patch | 253 | ||||
-rw-r--r-- | meta/recipes-connectivity/inetutils/inetutils_2.5.bb (renamed from meta/recipes-connectivity/inetutils/inetutils_2.4.bb) | 4 |
3 files changed, 1 insertions, 535 deletions
diff --git a/meta/recipes-connectivity/inetutils/inetutils/0001-CVE-2023-40303-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-ch.patch b/meta/recipes-connectivity/inetutils/inetutils/0001-CVE-2023-40303-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-ch.patch deleted file mode 100644 index 70bd98897d..0000000000 --- a/meta/recipes-connectivity/inetutils/inetutils/0001-CVE-2023-40303-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-ch.patch +++ /dev/null | |||
@@ -1,279 +0,0 @@ | |||
1 | From 703418fe9d2e3b1e8d594df5788d8001a8116265 Mon Sep 17 00:00:00 2001 | ||
2 | From: Jeffrey Bencteux <jeffbencteux@gmail.com> | ||
3 | Date: Fri, 30 Jun 2023 19:02:45 +0200 | ||
4 | Subject: [PATCH] CVE-2023-40303: ftpd,rcp,rlogin,rsh,rshd,uucpd: fix: check | ||
5 | set*id() return values | ||
6 | |||
7 | Several setuid(), setgid(), seteuid() and setguid() return values | ||
8 | were not checked in ftpd/rcp/rlogin/rsh/rshd/uucpd code potentially | ||
9 | leading to potential security issues. | ||
10 | |||
11 | CVE: CVE-2023-40303 | ||
12 | Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=e4e65c03f4c11292a3e40ef72ca3f194c8bffdd6] | ||
13 | Signed-off-by: Jeffrey Bencteux <jeffbencteux@gmail.com> | ||
14 | Signed-off-by: Simon Josefsson <simon@josefsson.org> | ||
15 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | ||
16 | --- | ||
17 | ftpd/ftpd.c | 10 +++++++--- | ||
18 | src/rcp.c | 39 +++++++++++++++++++++++++++++++++------ | ||
19 | src/rlogin.c | 11 +++++++++-- | ||
20 | src/rsh.c | 25 +++++++++++++++++++++---- | ||
21 | src/rshd.c | 20 +++++++++++++++++--- | ||
22 | src/uucpd.c | 15 +++++++++++++-- | ||
23 | 6 files changed, 100 insertions(+), 20 deletions(-) | ||
24 | |||
25 | diff --git a/ftpd/ftpd.c b/ftpd/ftpd.c | ||
26 | index 92b2cca5..28dd523f 100644 | ||
27 | --- a/ftpd/ftpd.c | ||
28 | +++ b/ftpd/ftpd.c | ||
29 | @@ -862,7 +862,9 @@ end_login (struct credentials *pcred) | ||
30 | char *remotehost = pcred->remotehost; | ||
31 | int atype = pcred->auth_type; | ||
32 | |||
33 | - seteuid ((uid_t) 0); | ||
34 | + if (seteuid ((uid_t) 0) == -1) | ||
35 | + _exit (EXIT_FAILURE); | ||
36 | + | ||
37 | if (pcred->logged_in) | ||
38 | { | ||
39 | logwtmp_keep_open (ttyline, "", ""); | ||
40 | @@ -1151,7 +1153,8 @@ getdatasock (const char *mode) | ||
41 | |||
42 | if (data >= 0) | ||
43 | return fdopen (data, mode); | ||
44 | - seteuid ((uid_t) 0); | ||
45 | + if (seteuid ((uid_t) 0) == -1) | ||
46 | + _exit (EXIT_FAILURE); | ||
47 | s = socket (ctrl_addr.ss_family, SOCK_STREAM, 0); | ||
48 | if (s < 0) | ||
49 | goto bad; | ||
50 | @@ -1978,7 +1981,8 @@ passive (int epsv, int af) | ||
51 | else /* !AF_INET6 */ | ||
52 | ((struct sockaddr_in *) &pasv_addr)->sin_port = 0; | ||
53 | |||
54 | - seteuid ((uid_t) 0); | ||
55 | + if (seteuid ((uid_t) 0) == -1) | ||
56 | + _exit (EXIT_FAILURE); | ||
57 | if (bind (pdata, (struct sockaddr *) &pasv_addr, pasv_addrlen) < 0) | ||
58 | { | ||
59 | if (seteuid ((uid_t) cred.uid)) | ||
60 | diff --git a/src/rcp.c b/src/rcp.c | ||
61 | index 75adb253..cdcf8500 100644 | ||
62 | --- a/src/rcp.c | ||
63 | +++ b/src/rcp.c | ||
64 | @@ -345,14 +345,23 @@ main (int argc, char *argv[]) | ||
65 | if (from_option) | ||
66 | { /* Follow "protocol", send data. */ | ||
67 | response (); | ||
68 | - setuid (userid); | ||
69 | + | ||
70 | + if (setuid (userid) == -1) | ||
71 | + { | ||
72 | + error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)"); | ||
73 | + } | ||
74 | + | ||
75 | source (argc, argv); | ||
76 | exit (errs); | ||
77 | } | ||
78 | |||
79 | if (to_option) | ||
80 | { /* Receive data. */ | ||
81 | - setuid (userid); | ||
82 | + if (setuid (userid) == -1) | ||
83 | + { | ||
84 | + error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)"); | ||
85 | + } | ||
86 | + | ||
87 | sink (argc, argv); | ||
88 | exit (errs); | ||
89 | } | ||
90 | @@ -537,7 +546,11 @@ toremote (char *targ, int argc, char *argv[]) | ||
91 | if (response () < 0) | ||
92 | exit (EXIT_FAILURE); | ||
93 | free (bp); | ||
94 | - setuid (userid); | ||
95 | + | ||
96 | + if (setuid (userid) == -1) | ||
97 | + { | ||
98 | + error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)"); | ||
99 | + } | ||
100 | } | ||
101 | source (1, argv + i); | ||
102 | close (rem); | ||
103 | @@ -630,7 +643,12 @@ tolocal (int argc, char *argv[]) | ||
104 | ++errs; | ||
105 | continue; | ||
106 | } | ||
107 | - seteuid (userid); | ||
108 | + | ||
109 | + if (seteuid (userid) == -1) | ||
110 | + { | ||
111 | + error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)"); | ||
112 | + } | ||
113 | + | ||
114 | #if defined IP_TOS && defined IPPROTO_IP && defined IPTOS_THROUGHPUT | ||
115 | sslen = sizeof (ss); | ||
116 | (void) getpeername (rem, (struct sockaddr *) &ss, &sslen); | ||
117 | @@ -643,7 +661,12 @@ tolocal (int argc, char *argv[]) | ||
118 | #endif | ||
119 | vect[0] = target; | ||
120 | sink (1, vect); | ||
121 | - seteuid (effuid); | ||
122 | + | ||
123 | + if (seteuid (effuid) == -1) | ||
124 | + { | ||
125 | + error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)"); | ||
126 | + } | ||
127 | + | ||
128 | close (rem); | ||
129 | rem = -1; | ||
130 | #ifdef SHISHI | ||
131 | @@ -1441,7 +1464,11 @@ susystem (char *s, int userid) | ||
132 | return (127); | ||
133 | |||
134 | case 0: | ||
135 | - setuid (userid); | ||
136 | + if (setuid (userid) == -1) | ||
137 | + { | ||
138 | + error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)"); | ||
139 | + } | ||
140 | + | ||
141 | execl (PATH_BSHELL, "sh", "-c", s, NULL); | ||
142 | _exit (127); | ||
143 | } | ||
144 | diff --git a/src/rlogin.c b/src/rlogin.c | ||
145 | index aa6426fb..c543de0c 100644 | ||
146 | --- a/src/rlogin.c | ||
147 | +++ b/src/rlogin.c | ||
148 | @@ -647,8 +647,15 @@ try_connect: | ||
149 | /* Now change to the real user ID. We have to be set-user-ID root | ||
150 | to get the privileged port that rcmd () uses. We now want, however, | ||
151 | to run as the real user who invoked us. */ | ||
152 | - seteuid (uid); | ||
153 | - setuid (uid); | ||
154 | + if (seteuid (uid) == -1) | ||
155 | + { | ||
156 | + error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)"); | ||
157 | + } | ||
158 | + | ||
159 | + if (setuid (uid) == -1) | ||
160 | + { | ||
161 | + error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)"); | ||
162 | + } | ||
163 | |||
164 | doit (&osmask); /* The old mask will activate SIGURG and SIGUSR1! */ | ||
165 | |||
166 | diff --git a/src/rsh.c b/src/rsh.c | ||
167 | index 2d622ca4..6f60667d 100644 | ||
168 | --- a/src/rsh.c | ||
169 | +++ b/src/rsh.c | ||
170 | @@ -276,8 +276,17 @@ main (int argc, char **argv) | ||
171 | { | ||
172 | if (asrsh) | ||
173 | *argv = (char *) "rlogin"; | ||
174 | - seteuid (getuid ()); | ||
175 | - setuid (getuid ()); | ||
176 | + | ||
177 | + if (seteuid (getuid ()) == -1) | ||
178 | + { | ||
179 | + error (EXIT_FAILURE, errno, "seteuid() failed"); | ||
180 | + } | ||
181 | + | ||
182 | + if (setuid (getuid ()) == -1) | ||
183 | + { | ||
184 | + error (EXIT_FAILURE, errno, "setuid() failed"); | ||
185 | + } | ||
186 | + | ||
187 | execv (PATH_RLOGIN, argv); | ||
188 | error (EXIT_FAILURE, errno, "cannot execute %s", PATH_RLOGIN); | ||
189 | } | ||
190 | @@ -541,8 +550,16 @@ try_connect: | ||
191 | error (0, errno, "setsockopt DEBUG (ignored)"); | ||
192 | } | ||
193 | |||
194 | - seteuid (uid); | ||
195 | - setuid (uid); | ||
196 | + if (seteuid (uid) == -1) | ||
197 | + { | ||
198 | + error (EXIT_FAILURE, errno, "seteuid() failed"); | ||
199 | + } | ||
200 | + | ||
201 | + if (setuid (uid) == -1) | ||
202 | + { | ||
203 | + error (EXIT_FAILURE, errno, "setuid() failed"); | ||
204 | + } | ||
205 | + | ||
206 | #ifdef HAVE_SIGACTION | ||
207 | sigemptyset (&sigs); | ||
208 | sigaddset (&sigs, SIGINT); | ||
209 | diff --git a/src/rshd.c b/src/rshd.c | ||
210 | index d1c0d0cd..707790e7 100644 | ||
211 | --- a/src/rshd.c | ||
212 | +++ b/src/rshd.c | ||
213 | @@ -1847,8 +1847,18 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t fromlen) | ||
214 | pwd->pw_shell = PATH_BSHELL; | ||
215 | |||
216 | /* Set the gid, then uid to become the user specified by "locuser" */ | ||
217 | - setegid ((gid_t) pwd->pw_gid); | ||
218 | - setgid ((gid_t) pwd->pw_gid); | ||
219 | + if (setegid ((gid_t) pwd->pw_gid) == -1) | ||
220 | + { | ||
221 | + rshd_error ("Cannot drop privileges (setegid() failed)\n"); | ||
222 | + exit (EXIT_FAILURE); | ||
223 | + } | ||
224 | + | ||
225 | + if (setgid ((gid_t) pwd->pw_gid) == -1) | ||
226 | + { | ||
227 | + rshd_error ("Cannot drop privileges (setgid() failed)\n"); | ||
228 | + exit (EXIT_FAILURE); | ||
229 | + } | ||
230 | + | ||
231 | #ifdef HAVE_INITGROUPS | ||
232 | initgroups (pwd->pw_name, pwd->pw_gid); /* BSD groups */ | ||
233 | #endif | ||
234 | @@ -1870,7 +1880,11 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t fromlen) | ||
235 | } | ||
236 | #endif /* WITH_PAM */ | ||
237 | |||
238 | - setuid ((uid_t) pwd->pw_uid); | ||
239 | + if (setuid ((uid_t) pwd->pw_uid) == -1) | ||
240 | + { | ||
241 | + rshd_error ("Cannot drop privileges (setuid() failed)\n"); | ||
242 | + exit (EXIT_FAILURE); | ||
243 | + } | ||
244 | |||
245 | /* We'll execute the client's command in the home directory | ||
246 | * of locuser. Note, that the chdir must be executed after | ||
247 | diff --git a/src/uucpd.c b/src/uucpd.c | ||
248 | index 107589e1..29cfce35 100644 | ||
249 | --- a/src/uucpd.c | ||
250 | +++ b/src/uucpd.c | ||
251 | @@ -252,7 +252,12 @@ doit (struct sockaddr *sap, socklen_t salen) | ||
252 | snprintf (Username, sizeof (Username), "USER=%s", user); | ||
253 | snprintf (Logname, sizeof (Logname), "LOGNAME=%s", user); | ||
254 | dologin (pw, sap, salen); | ||
255 | - setgid (pw->pw_gid); | ||
256 | + | ||
257 | + if (setgid (pw->pw_gid) == -1) | ||
258 | + { | ||
259 | + fprintf (stderr, "setgid() failed"); | ||
260 | + return; | ||
261 | + } | ||
262 | #ifdef HAVE_INITGROUPS | ||
263 | initgroups (pw->pw_name, pw->pw_gid); | ||
264 | #endif | ||
265 | @@ -261,7 +266,13 @@ doit (struct sockaddr *sap, socklen_t salen) | ||
266 | fprintf (stderr, "Login incorrect."); | ||
267 | return; | ||
268 | } | ||
269 | - setuid (pw->pw_uid); | ||
270 | + | ||
271 | + if (setuid (pw->pw_uid) == -1) | ||
272 | + { | ||
273 | + fprintf (stderr, "setuid() failed"); | ||
274 | + return; | ||
275 | + } | ||
276 | + | ||
277 | execl (uucico_location, "uucico", NULL); | ||
278 | perror ("uucico server: execl"); | ||
279 | } | ||
diff --git a/meta/recipes-connectivity/inetutils/inetutils/0002-CVE-2023-40303-Indent-changes-in-previous-commit.patch b/meta/recipes-connectivity/inetutils/inetutils/0002-CVE-2023-40303-Indent-changes-in-previous-commit.patch deleted file mode 100644 index 1b972aac29..0000000000 --- a/meta/recipes-connectivity/inetutils/inetutils/0002-CVE-2023-40303-Indent-changes-in-previous-commit.patch +++ /dev/null | |||
@@ -1,253 +0,0 @@ | |||
1 | From 70fe022f9dac760eaece0228cad17e3d29a57fb8 Mon Sep 17 00:00:00 2001 | ||
2 | From: Simon Josefsson <simon@josefsson.org> | ||
3 | Date: Mon, 31 Jul 2023 13:59:05 +0200 | ||
4 | Subject: [PATCH] CVE-2023-40303: Indent changes in previous commit. | ||
5 | |||
6 | CVE: CVE-2023-40303 | ||
7 | Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=9122999252c7e21eb7774de11d539748e7bdf46d] | ||
8 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | ||
9 | --- | ||
10 | src/rcp.c | 42 ++++++++++++++++++++++++------------------ | ||
11 | src/rlogin.c | 12 ++++++------ | ||
12 | src/rsh.c | 24 ++++++++++++------------ | ||
13 | src/rshd.c | 24 ++++++++++++------------ | ||
14 | src/uucpd.c | 16 ++++++++-------- | ||
15 | 5 files changed, 62 insertions(+), 56 deletions(-) | ||
16 | |||
17 | diff --git a/src/rcp.c b/src/rcp.c | ||
18 | index cdcf8500..652f22e6 100644 | ||
19 | --- a/src/rcp.c | ||
20 | +++ b/src/rcp.c | ||
21 | @@ -347,9 +347,10 @@ main (int argc, char *argv[]) | ||
22 | response (); | ||
23 | |||
24 | if (setuid (userid) == -1) | ||
25 | - { | ||
26 | - error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)"); | ||
27 | - } | ||
28 | + { | ||
29 | + error (EXIT_FAILURE, 0, | ||
30 | + "Could not drop privileges (setuid() failed)"); | ||
31 | + } | ||
32 | |||
33 | source (argc, argv); | ||
34 | exit (errs); | ||
35 | @@ -358,9 +359,10 @@ main (int argc, char *argv[]) | ||
36 | if (to_option) | ||
37 | { /* Receive data. */ | ||
38 | if (setuid (userid) == -1) | ||
39 | - { | ||
40 | - error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)"); | ||
41 | - } | ||
42 | + { | ||
43 | + error (EXIT_FAILURE, 0, | ||
44 | + "Could not drop privileges (setuid() failed)"); | ||
45 | + } | ||
46 | |||
47 | sink (argc, argv); | ||
48 | exit (errs); | ||
49 | @@ -548,9 +550,10 @@ toremote (char *targ, int argc, char *argv[]) | ||
50 | free (bp); | ||
51 | |||
52 | if (setuid (userid) == -1) | ||
53 | - { | ||
54 | - error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)"); | ||
55 | - } | ||
56 | + { | ||
57 | + error (EXIT_FAILURE, 0, | ||
58 | + "Could not drop privileges (setuid() failed)"); | ||
59 | + } | ||
60 | } | ||
61 | source (1, argv + i); | ||
62 | close (rem); | ||
63 | @@ -645,9 +648,10 @@ tolocal (int argc, char *argv[]) | ||
64 | } | ||
65 | |||
66 | if (seteuid (userid) == -1) | ||
67 | - { | ||
68 | - error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)"); | ||
69 | - } | ||
70 | + { | ||
71 | + error (EXIT_FAILURE, 0, | ||
72 | + "Could not drop privileges (seteuid() failed)"); | ||
73 | + } | ||
74 | |||
75 | #if defined IP_TOS && defined IPPROTO_IP && defined IPTOS_THROUGHPUT | ||
76 | sslen = sizeof (ss); | ||
77 | @@ -663,9 +667,10 @@ tolocal (int argc, char *argv[]) | ||
78 | sink (1, vect); | ||
79 | |||
80 | if (seteuid (effuid) == -1) | ||
81 | - { | ||
82 | - error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)"); | ||
83 | - } | ||
84 | + { | ||
85 | + error (EXIT_FAILURE, 0, | ||
86 | + "Could not drop privileges (seteuid() failed)"); | ||
87 | + } | ||
88 | |||
89 | close (rem); | ||
90 | rem = -1; | ||
91 | @@ -1465,9 +1470,10 @@ susystem (char *s, int userid) | ||
92 | |||
93 | case 0: | ||
94 | if (setuid (userid) == -1) | ||
95 | - { | ||
96 | - error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)"); | ||
97 | - } | ||
98 | + { | ||
99 | + error (EXIT_FAILURE, 0, | ||
100 | + "Could not drop privileges (setuid() failed)"); | ||
101 | + } | ||
102 | |||
103 | execl (PATH_BSHELL, "sh", "-c", s, NULL); | ||
104 | _exit (127); | ||
105 | diff --git a/src/rlogin.c b/src/rlogin.c | ||
106 | index c543de0c..4360202f 100644 | ||
107 | --- a/src/rlogin.c | ||
108 | +++ b/src/rlogin.c | ||
109 | @@ -648,14 +648,14 @@ try_connect: | ||
110 | to get the privileged port that rcmd () uses. We now want, however, | ||
111 | to run as the real user who invoked us. */ | ||
112 | if (seteuid (uid) == -1) | ||
113 | - { | ||
114 | - error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)"); | ||
115 | - } | ||
116 | + { | ||
117 | + error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)"); | ||
118 | + } | ||
119 | |||
120 | if (setuid (uid) == -1) | ||
121 | - { | ||
122 | - error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)"); | ||
123 | - } | ||
124 | + { | ||
125 | + error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)"); | ||
126 | + } | ||
127 | |||
128 | doit (&osmask); /* The old mask will activate SIGURG and SIGUSR1! */ | ||
129 | |||
130 | diff --git a/src/rsh.c b/src/rsh.c | ||
131 | index 6f60667d..179b47cd 100644 | ||
132 | --- a/src/rsh.c | ||
133 | +++ b/src/rsh.c | ||
134 | @@ -278,14 +278,14 @@ main (int argc, char **argv) | ||
135 | *argv = (char *) "rlogin"; | ||
136 | |||
137 | if (seteuid (getuid ()) == -1) | ||
138 | - { | ||
139 | - error (EXIT_FAILURE, errno, "seteuid() failed"); | ||
140 | - } | ||
141 | + { | ||
142 | + error (EXIT_FAILURE, errno, "seteuid() failed"); | ||
143 | + } | ||
144 | |||
145 | if (setuid (getuid ()) == -1) | ||
146 | - { | ||
147 | - error (EXIT_FAILURE, errno, "setuid() failed"); | ||
148 | - } | ||
149 | + { | ||
150 | + error (EXIT_FAILURE, errno, "setuid() failed"); | ||
151 | + } | ||
152 | |||
153 | execv (PATH_RLOGIN, argv); | ||
154 | error (EXIT_FAILURE, errno, "cannot execute %s", PATH_RLOGIN); | ||
155 | @@ -551,14 +551,14 @@ try_connect: | ||
156 | } | ||
157 | |||
158 | if (seteuid (uid) == -1) | ||
159 | - { | ||
160 | - error (EXIT_FAILURE, errno, "seteuid() failed"); | ||
161 | - } | ||
162 | + { | ||
163 | + error (EXIT_FAILURE, errno, "seteuid() failed"); | ||
164 | + } | ||
165 | |||
166 | if (setuid (uid) == -1) | ||
167 | - { | ||
168 | - error (EXIT_FAILURE, errno, "setuid() failed"); | ||
169 | - } | ||
170 | + { | ||
171 | + error (EXIT_FAILURE, errno, "setuid() failed"); | ||
172 | + } | ||
173 | |||
174 | #ifdef HAVE_SIGACTION | ||
175 | sigemptyset (&sigs); | ||
176 | diff --git a/src/rshd.c b/src/rshd.c | ||
177 | index 707790e7..3a153a18 100644 | ||
178 | --- a/src/rshd.c | ||
179 | +++ b/src/rshd.c | ||
180 | @@ -1848,16 +1848,16 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t fromlen) | ||
181 | |||
182 | /* Set the gid, then uid to become the user specified by "locuser" */ | ||
183 | if (setegid ((gid_t) pwd->pw_gid) == -1) | ||
184 | - { | ||
185 | - rshd_error ("Cannot drop privileges (setegid() failed)\n"); | ||
186 | - exit (EXIT_FAILURE); | ||
187 | - } | ||
188 | + { | ||
189 | + rshd_error ("Cannot drop privileges (setegid() failed)\n"); | ||
190 | + exit (EXIT_FAILURE); | ||
191 | + } | ||
192 | |||
193 | if (setgid ((gid_t) pwd->pw_gid) == -1) | ||
194 | - { | ||
195 | - rshd_error ("Cannot drop privileges (setgid() failed)\n"); | ||
196 | - exit (EXIT_FAILURE); | ||
197 | - } | ||
198 | + { | ||
199 | + rshd_error ("Cannot drop privileges (setgid() failed)\n"); | ||
200 | + exit (EXIT_FAILURE); | ||
201 | + } | ||
202 | |||
203 | #ifdef HAVE_INITGROUPS | ||
204 | initgroups (pwd->pw_name, pwd->pw_gid); /* BSD groups */ | ||
205 | @@ -1881,10 +1881,10 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t fromlen) | ||
206 | #endif /* WITH_PAM */ | ||
207 | |||
208 | if (setuid ((uid_t) pwd->pw_uid) == -1) | ||
209 | - { | ||
210 | - rshd_error ("Cannot drop privileges (setuid() failed)\n"); | ||
211 | - exit (EXIT_FAILURE); | ||
212 | - } | ||
213 | + { | ||
214 | + rshd_error ("Cannot drop privileges (setuid() failed)\n"); | ||
215 | + exit (EXIT_FAILURE); | ||
216 | + } | ||
217 | |||
218 | /* We'll execute the client's command in the home directory | ||
219 | * of locuser. Note, that the chdir must be executed after | ||
220 | diff --git a/src/uucpd.c b/src/uucpd.c | ||
221 | index 29cfce35..fde7b9c9 100644 | ||
222 | --- a/src/uucpd.c | ||
223 | +++ b/src/uucpd.c | ||
224 | @@ -254,10 +254,10 @@ doit (struct sockaddr *sap, socklen_t salen) | ||
225 | dologin (pw, sap, salen); | ||
226 | |||
227 | if (setgid (pw->pw_gid) == -1) | ||
228 | - { | ||
229 | - fprintf (stderr, "setgid() failed"); | ||
230 | - return; | ||
231 | - } | ||
232 | + { | ||
233 | + fprintf (stderr, "setgid() failed"); | ||
234 | + return; | ||
235 | + } | ||
236 | #ifdef HAVE_INITGROUPS | ||
237 | initgroups (pw->pw_name, pw->pw_gid); | ||
238 | #endif | ||
239 | @@ -268,10 +268,10 @@ doit (struct sockaddr *sap, socklen_t salen) | ||
240 | } | ||
241 | |||
242 | if (setuid (pw->pw_uid) == -1) | ||
243 | - { | ||
244 | - fprintf (stderr, "setuid() failed"); | ||
245 | - return; | ||
246 | - } | ||
247 | + { | ||
248 | + fprintf (stderr, "setuid() failed"); | ||
249 | + return; | ||
250 | + } | ||
251 | |||
252 | execl (uucico_location, "uucico", NULL); | ||
253 | perror ("uucico server: execl"); | ||
diff --git a/meta/recipes-connectivity/inetutils/inetutils_2.4.bb b/meta/recipes-connectivity/inetutils/inetutils_2.5.bb index 957f1feac6..0f1a0736bd 100644 --- a/meta/recipes-connectivity/inetutils/inetutils_2.4.bb +++ b/meta/recipes-connectivity/inetutils/inetutils_2.5.bb | |||
@@ -11,15 +11,13 @@ LICENSE = "GPL-3.0-only" | |||
11 | 11 | ||
12 | LIC_FILES_CHKSUM = "file://COPYING;md5=0c7051aef9219dc7237f206c5c4179a7" | 12 | LIC_FILES_CHKSUM = "file://COPYING;md5=0c7051aef9219dc7237f206c5c4179a7" |
13 | 13 | ||
14 | SRC_URI[sha256sum] = "1789d6b1b1a57dfe2a7ab7b533ee9f5dfd9cbf5b59bb1bb3c2612ed08d0f68b2" | 14 | SRC_URI[sha256sum] = "87697d60a31e10b5cb86a9f0651e1ec7bee98320d048c0739431aac3d5764fb6" |
15 | SRC_URI = "${GNU_MIRROR}/inetutils/inetutils-${PV}.tar.xz \ | 15 | SRC_URI = "${GNU_MIRROR}/inetutils/inetutils-${PV}.tar.xz \ |
16 | file://rexec.xinetd.inetutils \ | 16 | file://rexec.xinetd.inetutils \ |
17 | file://rlogin.xinetd.inetutils \ | 17 | file://rlogin.xinetd.inetutils \ |
18 | file://rsh.xinetd.inetutils \ | 18 | file://rsh.xinetd.inetutils \ |
19 | file://telnet.xinetd.inetutils \ | 19 | file://telnet.xinetd.inetutils \ |
20 | file://tftpd.xinetd.inetutils \ | 20 | file://tftpd.xinetd.inetutils \ |
21 | file://0001-CVE-2023-40303-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-ch.patch \ | ||
22 | file://0002-CVE-2023-40303-Indent-changes-in-previous-commit.patch \ | ||
23 | " | 21 | " |
24 | 22 | ||
25 | inherit autotools gettext update-alternatives texinfo | 23 | inherit autotools gettext update-alternatives texinfo |