1 files changed, 161 insertions, 0 deletions
diff --git a/meta/recipes-core/util-linux/util-linux/CVE-2022-0563.patch b/meta/recipes-core/util-linux/util-linux/CVE-2022-0563.patch
new file mode 100644
index 0000000000..54b496ea3f
--- /dev/null
+++ b/meta/recipes-core/util-linux/util-linux/CVE-2022-0563.patch
@@ -0,0 +1,161 @@
+From faa5a3a83ad0cb5e2c303edbfd8cd823c9d94c17 Mon Sep 17 00:00:00 2001
+From: Karel Zak <kzak@redhat.com>
+Date: Thu, 10 Feb 2022 12:03:17 +0100
+Subject: [PATCH] chsh, chfn: remove readline support [CVE-2022-0563]
+The readline library uses INPUTRC= environment variable to get a path
+to the library config file. When the library cannot parse the
+specified file, it prints an error message containing data from the
+file.
+Unfortunately, the library does not use secure_getenv() (or a similar
+concept) to avoid vulnerabilities that could occur if set-user-ID or
+set-group-ID programs.
+Reported-by: Rory Mackie <rory.mackie@trailofbits.com>
+Signed-off-by: Karel Zak <kzak@redhat.com>
+Upstream-status: Backport
+https://github.com/util-linux/util-linux/commit/faa5a3a83ad0cb5e2c303edbfd8cd823c9d94c17
+CVE: CVE-2022-0563
+Signed-off-by: Steve Sakoman <steve@sakoman.com>
+---
+ login-utils/Makemodule.am |  2 +-
+ login-utils/chfn.c        | 16 +++------------
+ login-utils/chsh.c        | 42 ++-------------------------------------
+ 3 files changed, 6 insertions(+), 54 deletions(-)
+diff --git a/login-utils/Makemodule.am b/login-utils/Makemodule.am
+index fac5bfc..73636af 100644
+--- a/login-utils/Makemodule.am
+++ b/login-utils/Makemodule.am
+@@ -82,7 +82,7 @@ chfn_chsh_sources = \
+        login-utils/ch-common.c
+ chfn_chsh_cflags = $(SUID_CFLAGS) $(AM_CFLAGS)
+ chfn_chsh_ldflags = $(SUID_LDFLAGS) $(AM_LDFLAGS)
+-chfn_chsh_ldadd = libcommon.la $(READLINE_LIBS)
+chfn_chsh_ldadd = libcommon.la
+ 
+ if CHFN_CHSH_PASSWORD
+ chfn_chsh_ldadd += -lpam
+diff --git a/login-utils/chfn.c b/login-utils/chfn.c
+index b739555..2f8e44a 100644
+--- a/login-utils/chfn.c
+++ b/login-utils/chfn.c
+@@ -56,11 +56,6 @@
+ # include "auth.h"
+ #endif
+ 
+-#ifdef HAVE_LIBREADLINE
+-# define _FUNCTION_DEF
+-# include <readline/readline.h>
+-#endif
+-
+ struct finfo {
+        char *full_name;
+        char *office;
+@@ -229,22 +224,17 @@ static char *ask_new_field(struct chfn_control *ctl, const char *question,
+ {
+        int len;
+        char *buf;
+-#ifndef HAVE_LIBREADLINE
+-       size_t dummy = 0;
+-#endif
+ 
+        if (!def_val)
+                def_val = "";
+
+        while (true) {
+                printf("%s [%s]: ", question, def_val);
+                __fpurge(stdin);
+-#ifdef HAVE_LIBREADLINE
+-               rl_bind_key('\t', rl_insert);
+-               if ((buf = readline(NULL)) == NULL)
+-#else
+
+                if (getline(&buf, &dummy, stdin) < 0)
+-#endif
+                        errx(EXIT_FAILURE, _("Aborted."));
+
+                /* remove white spaces from string end */
+                ltrim_whitespace((unsigned char *) buf);
+                len = rtrim_whitespace((unsigned char *) buf);
+diff --git a/login-utils/chsh.c b/login-utils/chsh.c
+index a9ebec8..ee6ff87 100644
+--- a/login-utils/chsh.c
+++ b/login-utils/chsh.c
+@@ -58,11 +58,6 @@
+ # include "auth.h"
+ #endif
+ 
+-#ifdef HAVE_LIBREADLINE
+-# define _FUNCTION_DEF
+-# include <readline/readline.h>
+-#endif
+-
+ struct sinfo {
+        char *username;
+        char *shell;
+@@ -121,33 +116,6 @@ static void print_shells(void)
+        endusershell();
+ }
+ 
+-#ifdef HAVE_LIBREADLINE
+-static char *shell_name_generator(const char *text, int state)
+-{
+-       static size_t len;
+-       char *s;
+-
+-       if (!state) {
+-               setusershell();
+-               len = strlen(text);
+-       }
+-
+-       while ((s = getusershell())) {
+-               if (strncmp(s, text, len) == 0)
+-                       return xstrdup(s);
+-       }
+-       return NULL;
+-}
+-
+-static char **shell_name_completion(const char *text,
+-                                   int start __attribute__((__unused__)),
+-                                   int end __attribute__((__unused__)))
+-{
+-       rl_attempted_completion_over = 1;
+-       return rl_completion_matches(text, shell_name_generator);
+-}
+-#endif
+-
+ /*
+  *  parse_argv () --
+  *     parse the command line arguments, and fill in "pinfo" with any
+@@ -198,20 +166,14 @@ static char *ask_new_shell(char *question, char *oldshell)
+ {
+        int len;
+        char *ans = NULL;
+-#ifdef HAVE_LIBREADLINE
+-       rl_attempted_completion_function = shell_name_completion;
+-#else
+        size_t dummy = 0;
+-#endif
+
+        if (!oldshell)
+                oldshell = "";
+        printf("%s [%s]\n", question, oldshell);
+-#ifdef HAVE_LIBREADLINE
+-       if ((ans = readline("> ")) == NULL)
+-#else
+        if (getline(&ans, &dummy, stdin) < 0)
+-#endif
+                return NULL;
+
+        /* remove the newline at the end of ans. */
+        ltrim_whitespace((unsigned char *) ans);
+        len = rtrim_whitespace((unsigned char *) ans);
+-- 
+2.25.1

diff --git a/meta/recipes-core/util-linux/util-linux/CVE-2022-0563.patch b/meta/recipes-core/util-linux/util-linux/CVE-2022-0563.patch new file mode 100644 index 0000000000..54b496ea3f --- /dev/null +++ b/meta/recipes-core/util-linux/util-linux/CVE-2022-0563.patch
@@ -0,0 +1,161 @@
	1	From faa5a3a83ad0cb5e2c303edbfd8cd823c9d94c17 Mon Sep 17 00:00:00 2001
	2	From: Karel Zak <kzak@redhat.com>
	3	Date: Thu, 10 Feb 2022 12:03:17 +0100
	4	Subject: [PATCH] chsh, chfn: remove readline support [CVE-2022-0563]
	5
	6	The readline library uses INPUTRC= environment variable to get a path
	7	to the library config file. When the library cannot parse the
	8	specified file, it prints an error message containing data from the
	9	file.
	10
	11	Unfortunately, the library does not use secure_getenv() (or a similar
	12	concept) to avoid vulnerabilities that could occur if set-user-ID or
	13	set-group-ID programs.
	14
	15	Reported-by: Rory Mackie <rory.mackie@trailofbits.com>
	16	Signed-off-by: Karel Zak <kzak@redhat.com>
	17
	18	Upstream-status: Backport
	19	https://github.com/util-linux/util-linux/commit/faa5a3a83ad0cb5e2c303edbfd8cd823c9d94c17
	20
	21	CVE: CVE-2022-0563
	22
	23	Signed-off-by: Steve Sakoman <steve@sakoman.com>
	24
	25	---
	26	login-utils/Makemodule.am \| 2 +-
	27	login-utils/chfn.c \| 16 +++------------
	28	login-utils/chsh.c \| 42 ++-------------------------------------
	29	3 files changed, 6 insertions(+), 54 deletions(-)
	30
	31	diff --git a/login-utils/Makemodule.am b/login-utils/Makemodule.am
	32	index fac5bfc..73636af 100644
	33	--- a/login-utils/Makemodule.am
	34	+++ b/login-utils/Makemodule.am
	35	@@ -82,7 +82,7 @@ chfn_chsh_sources = \
	36	login-utils/ch-common.c
	37	chfn_chsh_cflags = $(SUID_CFLAGS) $(AM_CFLAGS)
	38	chfn_chsh_ldflags = $(SUID_LDFLAGS) $(AM_LDFLAGS)
	39	-chfn_chsh_ldadd = libcommon.la $(READLINE_LIBS)
	40	+chfn_chsh_ldadd = libcommon.la
	41
	42	if CHFN_CHSH_PASSWORD
	43	chfn_chsh_ldadd += -lpam
	44	diff --git a/login-utils/chfn.c b/login-utils/chfn.c
	45	index b739555..2f8e44a 100644
	46	--- a/login-utils/chfn.c
	47	+++ b/login-utils/chfn.c
	48	@@ -56,11 +56,6 @@
	49	# include "auth.h"
	50	#endif
	51
	52	-#ifdef HAVE_LIBREADLINE
	53	-# define _FUNCTION_DEF
	54	-# include <readline/readline.h>
	55	-#endif
	56	-
	57	struct finfo {
	58	char *full_name;
	59	char *office;
	60	@@ -229,22 +224,17 @@ static char ask_new_field(struct chfn_control ctl, const char *question,
	61	{
	62	int len;
	63	char *buf;
	64	-#ifndef HAVE_LIBREADLINE
	65	- size_t dummy = 0;
	66	-#endif
	67
	68	if (!def_val)
	69	def_val = "";
	70	+
	71	while (true) {
	72	printf("%s [%s]: ", question, def_val);
	73	__fpurge(stdin);
	74	-#ifdef HAVE_LIBREADLINE
	75	- rl_bind_key('\t', rl_insert);
	76	- if ((buf = readline(NULL)) == NULL)
	77	-#else
	78	+
	79	if (getline(&buf, &dummy, stdin) < 0)
	80	-#endif
	81	errx(EXIT_FAILURE, _("Aborted."));
	82	+
	83	/* remove white spaces from string end */
	84	ltrim_whitespace((unsigned char *) buf);
	85	len = rtrim_whitespace((unsigned char *) buf);
	86	diff --git a/login-utils/chsh.c b/login-utils/chsh.c
	87	index a9ebec8..ee6ff87 100644
	88	--- a/login-utils/chsh.c
	89	+++ b/login-utils/chsh.c
	90	@@ -58,11 +58,6 @@
	91	# include "auth.h"
	92	#endif
	93
	94	-#ifdef HAVE_LIBREADLINE
	95	-# define _FUNCTION_DEF
	96	-# include <readline/readline.h>
	97	-#endif
	98	-
	99	struct sinfo {
	100	char *username;
	101	char *shell;
	102	@@ -121,33 +116,6 @@ static void print_shells(void)
	103	endusershell();
	104	}
	105
	106	-#ifdef HAVE_LIBREADLINE
	107	-static char shell_name_generator(const char text, int state)
	108	-{
	109	- static size_t len;
	110	- char *s;
	111	-
	112	- if (!state) {
	113	- setusershell();
	114	- len = strlen(text);
	115	- }
	116	-
	117	- while ((s = getusershell())) {
	118	- if (strncmp(s, text, len) == 0)
	119	- return xstrdup(s);
	120	- }
	121	- return NULL;
	122	-}
	123	-
	124	-static char *shell_name_completion(const char text,
	125	- int start __attribute__((__unused__)),
	126	- int end __attribute__((__unused__)))
	127	-{
	128	- rl_attempted_completion_over = 1;
	129	- return rl_completion_matches(text, shell_name_generator);
	130	-}
	131	-#endif
	132	-
	133	/*
	134	* parse_argv () --
	135	* parse the command line arguments, and fill in "pinfo" with any
	136	@@ -198,20 +166,14 @@ static char ask_new_shell(char question, char *oldshell)
	137	{
	138	int len;
	139	char *ans = NULL;
	140	-#ifdef HAVE_LIBREADLINE
	141	- rl_attempted_completion_function = shell_name_completion;
	142	-#else
	143	size_t dummy = 0;
	144	-#endif
	145	+
	146	if (!oldshell)
	147	oldshell = "";
	148	printf("%s [%s]\n", question, oldshell);
	149	-#ifdef HAVE_LIBREADLINE
	150	- if ((ans = readline("> ")) == NULL)
	151	-#else
	152	if (getline(&ans, &dummy, stdin) < 0)
	153	-#endif
	154	return NULL;
	155	+
	156	/* remove the newline at the end of ans. */
	157	ltrim_whitespace((unsigned char *) ans);
	158	len = rtrim_whitespace((unsigned char *) ans);
	159	--
	160	2.25.1
	161