* Fix CVE-2023-29491

Issue: https://gitee.com/openharmony/third_party_ncurses/issues/I7IEGV?from=project-issue Test: Vulnerability Scanning Signed-off-by: xwx1135370 <xuyao44@huawei.com>
2025-02-17 05:27:31 +00:00 · 2023-07-18 20:05:23 +08:00 · 2023-07-18 20:05:23 +08:00 · f70a540a5f
commit f70a540a5f
parent 45e28dad07
3 changed files with 92 additions and 2 deletions
--- a/backport-0001-CVE-2023-29491-fix-configure-root-args-option.patch
+++ b/backport-0001-CVE-2023-29491-fix-configure-root-args-option.patch
@ -0,0 +1,50 @@
+From 49d07be98e591d2df1d5b8d55fc9ecac3185fb70 Mon Sep 17 00:00:00 2001
+From: Sven Joachim <svenjoac@gmx.de>
+Date: Mon, 1 May 2023 11:31:39 +0200
+Subject: [PATCH] Fix the --disable-root-args and --disable-root-environ
+ options
+
+Due to a copy/paste error, the "--disable-root-environ" configure
+option performed the actions of the "--disable-root-access" option,
+while the latter option had no effect at all.
+
+Conflict:add configure file changes based on community
+Reference:https://salsa.debian.org/debian/ncurses/-/commit/49d07be98e591d2df1d5b8d55fc9ecac3185fb70
+---
+ configure.in | 2 +-
+ configure | 6 +++---
+ 2 file changed, 4 insertion(+), 4 deletion(-)
+
+diff --git a/configure.in b/configure.in
+index 798b95a..613677f 100644
+--- a/configure.in
+++ b/configure.in
+@@ -854,7 +854,7 @@ AC_MSG_RESULT($with_root_environ)
+ test "x$with_root_environ" = xyes && AC_DEFINE(USE_ROOT_ENVIRON,1,[Define to 1 if root is allowed to use ncurses environment])
+ 
+ AC_MSG_CHECKING(if you want to permit setuid programs to access all files)
+-AC_ARG_ENABLE(root-environ,
+AC_ARG_ENABLE(root-access,
+ 	[  --disable-root-access   restrict file-access when running setuid],
+ 	[with_root_access=$enableval],
+ 	[with_root_access=yes])
+diff --git a/configure b/configure
+index 421cf85..5141933 100755
+--- a/configure
+++ b/configure
+@@ -9399,9 +9399,9 @@ EOF
+ echo "$as_me:9399: checking if you want to permit setuid programs to access all files" >&5
+ echo $ECHO_N "checking if you want to permit setuid programs to access all files... $ECHO_C" >&6
+
+-# Check whether --enable-root-environ or --disable-root-environ was given.
+-if test "${enable_root_environ+set}" = set; then
+-  enableval="$enable_root_environ"
+# Check whether --enable-root-access or --disable-root-access was given.
+if test "${enable_root_access+set}" = set; then
+  enableval="$enable_root_access"
+   with_root_access=$enableval
+ else
+   with_root_access=yes
+-- 
+2.33.0
+
--- a/backport-0002-CVE-2023-29491-env-access.patch
+++ b/backport-0002-CVE-2023-29491-env-access.patch
@ -0,0 +1,32 @@
+From 94240194a58b15e7fc3a015ed123ebb124f4e869 Mon Sep 17 00:00:00 2001
+From: Sven Joachim <svenjoac@gmx.de>
+Date: Mon, 1 May 2023 11:32:01 +0200
+Subject: [PATCH] Change the behavior of the "--disable-root-environ" option
+
+The new patch debian-env-access.diff makes the
+"--disable-root-environ" configure option functionally equivalent to
+the --disable-setuid-environ" option that has been added in the
+20230425 upstream patchlevel.
+
+Conflict:NA
+Reference:https://salsa.debian.org/debian/ncurses/-/commit/94240194a58b15e7fc3a015ed123ebb124f4e869
+---
+ ncurses/tinfo/access.c | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/ncurses/tinfo/access.c b/ncurses/tinfo/access.c
+index a735db2..c9f8660 100644
+--- a/ncurses/tinfo/access.c
+++ b/ncurses/tinfo/access.c
+@@ -215,8 +215,6 @@ _nc_env_access(void)
+ 
+     if (is_elevated()) {
+ 	result = FALSE;
+-    } else if ((getuid() == ROOT_UID) || (geteuid() == ROOT_UID)) {
+-	result = FALSE;
+     }
+     return result;
+ }
+-- 
+2.33.0
+
--- a/ncurses.spec
+++ b/ncurses.spec
@ -1,6 +1,6 @@
 Name:          ncurses
 Version:       6.3
-Release:       6
+Release:       7
 Summary:       Terminal control library
 License:       MIT
 URL:           https://invisible-island.net/ncurses/ncurses.html
@ -11,6 +11,8 @@ Patch9:        ncurses-libs.patch
 Patch11:       ncurses-urxvt.patch
 Patch12:       ncurses-kbs.patch
 Patch13:       backport-CVE-2022-29458.patch
+Patch14:       backport-0001-CVE-2023-29491-fix-configure-root-args-option.patch
+Patch15:       backport-0002-CVE-2023-29491-env-access.patch 

 BuildRequires: gcc gcc-c++ gpm-devel pkgconfig

@ -97,7 +99,7 @@ done

 %build
 common_options="--enable-colorfgbg --enable-hard-tabs --enable-overwrite \
-    --enable-pc-files --enable-xmc-glitch --disable-wattr-macros \
+    --enable-pc-files --enable-xmc-glitch --disable-wattr-macros --disable-root-environ \
    --with-cxx-shared --with-ospeed=unsigned \
    --with-pkg-config-libdir=%{_libdir}/pkgconfig \
    --with-shared \
@ -246,6 +248,12 @@ xz NEWS
 %{_mandir}/man7/*

 %changelog
+* Mon Jul 03 2023 yanglu <yanglu72@h-partners.com> - 6.3-7
+- Type:CVE
+- CVE:CVE-2023-29491
+- SUG:NA
+- DESC:fix CVE-2023-29491
+
 * Tue Feb 28 2023 zhujunhao <zhujunhao11@huawei.com> - 6.3-6
 - Type:bugfix
 - CVE:NA