From ff7818f897f8f3e0c0d4ddfb655ccf359de3c74d Mon Sep 17 00:00:00 2001 From: zhangyao Date: Fri, 29 Mar 2024 10:26:45 +0800 Subject: [PATCH] wall: fix escape sequence Injection --- backport-CVE-2024-28085.patch | 29 ++++++++++++++++++ ...-netlink-pass-a-correct-file-descrip.patch | 30 +++++++++++++++++++ util-linux.spec | 10 ++++++- 3 files changed, 68 insertions(+), 1 deletion(-) create mode 100644 backport-CVE-2024-28085.patch create mode 100644 backport-tests-test_mkfds-netlink-pass-a-correct-file-descrip.patch diff --git a/backport-CVE-2024-28085.patch b/backport-CVE-2024-28085.patch new file mode 100644 index 0000000..874b455 --- /dev/null +++ b/backport-CVE-2024-28085.patch @@ -0,0 +1,29 @@ +From 404b0781f52f7c045ca811b2dceec526408ac253 Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Thu, 21 Mar 2024 11:16:20 +0100 +Subject: [PATCH] wall: fix escape sequence Injection [CVE-2024-28085] + +Let's use for all cases the same output function. + +Reported-by: Skyler Ferrante +Signed-off-by: Karel Zak +--- + term-utils/wall.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/term-utils/wall.c b/term-utils/wall.c +index f894a32f8..588d3a963 100644 +--- a/term-utils/wall.c ++++ b/term-utils/wall.c +@@ -368,7 +368,7 @@ static char *makemsg(char *fname, char **mvec, int mvecsz, + int i; + + for (i = 0; i < mvecsz; i++) { +- fputs(mvec[i], fs); ++ fputs_careful(mvec[i], fs, '^', true, TERM_WIDTH); + if (i < mvecsz - 1) + fputc(' ', fs); + } +-- +2.33.0 + diff --git a/backport-tests-test_mkfds-netlink-pass-a-correct-file-descrip.patch b/backport-tests-test_mkfds-netlink-pass-a-correct-file-descrip.patch new file mode 100644 index 0000000..9942d45 --- /dev/null +++ b/backport-tests-test_mkfds-netlink-pass-a-correct-file-descrip.patch @@ -0,0 +1,30 @@ +From acdba9c454506cdd29ac400df3f72bde4c74647d Mon Sep 17 00:00:00 2001 +From: Masatake YAMATO +Date: Wed, 3 Apr 2024 00:01:27 +0900 +Subject: [PATCH] tests: (test_mkfds::netlink) pass a correct file descriptor + to bind(2) + +Close #2901 + +The original code passed a closed file descriptor to bind(2). + +Signed-off-by: Masatake YAMATO +--- + tests/helpers/test_mkfds.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/tests/helpers/test_mkfds.c b/tests/helpers/test_mkfds.c +index dd0a128a8..28ed3bffc 100644 +--- a/tests/helpers/test_mkfds.c ++++ b/tests/helpers/test_mkfds.c +@@ -2293,6 +2293,7 @@ static void *make_netlink(const struct factory *factory, struct fdesc fdescs[], + err(EXIT_FAILURE, "failed to dup %d -> %d", sd, fdescs[0].fd); + } + close(sd); ++ sd = fdescs[0].fd; + } + + struct sockaddr_nl nl; +-- +2.33.0 + diff --git a/util-linux.spec b/util-linux.spec index e312e9b..7f50002 100644 --- a/util-linux.spec +++ b/util-linux.spec @@ -3,7 +3,7 @@ Name: util-linux Version: 2.39.1 -Release: 4 +Release: 5 Summary: A random collection of Linux utilities License: GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain URL: https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git @@ -26,6 +26,8 @@ Patch6004: backport-fadvise-tests-factor-out-calls-to-fincore.patch Patch6005: backport-fadvise-test-don-t-compare-fincore-page-counts.patch Patch6006: backport-fadvise-test-test-with-64k-blocks.patch Patch6007: backport-tests-lsfd-mkfds-alter-the-L4-ports-for-avo.patch +Patch6008: backport-CVE-2024-28085.patch +Patch6009: backport-tests-test_mkfds-netlink-pass-a-correct-file-descrip.patch Patch9000: SKIPPED-no-root-permissions-test.patch %ifarch sw_64 @@ -410,6 +412,12 @@ fi %endif %changelog +* Sun Apr 7 2024 zhangyao - 2.39.1-5 +- Type:CVE +- CVE:CVE-2024-28085 +- SUG:NA +- DESC:fix CVE-2024-28085 and solve test_mkfds::netlink failed + * Fri Dec 1 2023 jiahua.yu - 2.39.1-4 - Type:update - CVE:NA -- Gitee