Sync from SUSE:ALP:Source:Standard:1.0 apr revision 467b58ebee89ef4f5b61273148027616

2024-11-29 10:11:40 +01:00 · 2024-11-29 10:11:40 +01:00 · 6b56eca753
commit 6b56eca753
parent 5e95642159
3 changed files with 62 additions and 0 deletions
--- a/apr-CVE-2023-49582.patch
+++ b/apr-CVE-2023-49582.patch
@ -0,0 +1,52 @@
+diff --git a/shmem/unix/shm.c b/shmem/unix/shm.c
+index 096884d99d..ea9b94277b 100644
+--- a/shmem/unix/shm.c
+++ b/shmem/unix/shm.c
+@@ -287,10 +287,9 @@ APR_DECLARE(apr_status_t) apr_shm_create(apr_shm_t **m,
+         status = APR_SUCCESS;
+     
+ #if APR_USE_SHMEM_MMAP_TMP
+-        /* FIXME: Is APR_OS_DEFAULT sufficient? */
+-        status = apr_file_open(&file, filename, 
+-                               APR_READ | APR_WRITE | APR_CREATE | APR_EXCL,
+-                               APR_OS_DEFAULT, pool);
+        status = apr_file_open(&file, filename,
+                               APR_FOPEN_READ | APR_FOPEN_WRITE | APR_FOPEN_CREATE | APR_FOPEN_EXCL,
+                               APR_FPROT_UREAD | APR_FPROT_UWRITE, pool);
+         if (status != APR_SUCCESS) {
+             return status;
+         }
+@@ -319,8 +318,7 @@ APR_DECLARE(apr_status_t) apr_shm_create(apr_shm_t **m,
+         }
+ #endif /* APR_USE_SHMEM_MMAP_TMP */
+ #if APR_USE_SHMEM_MMAP_SHM
+-        /* FIXME: SysV uses 0600... should we? */
+-        tmpfd = shm_open(shm_name, O_RDWR | O_CREAT | O_EXCL, 0644);
+        tmpfd = shm_open(shm_name, O_RDWR | O_CREAT | O_EXCL, 0600);
+         if (tmpfd == -1) {
+             return errno;
+         }
+@@ -361,10 +359,9 @@ APR_DECLARE(apr_status_t) apr_shm_create(apr_shm_t **m,
+ #elif APR_USE_SHMEM_SHMGET
+         new_m->realsize = reqsize;
+ 
+-        /* FIXME: APR_OS_DEFAULT is too permissive, switch to 600 I think. */
+-        status = apr_file_open(&file, filename, 
+        status = apr_file_open(&file, filename,
+                                APR_FOPEN_WRITE | APR_FOPEN_CREATE | APR_FOPEN_EXCL,
+-                               APR_OS_DEFAULT, pool);
+                               APR_FPROT_UREAD | APR_FPROT_UWRITE, pool);
+         if (status != APR_SUCCESS) {
+             return status;
+         }
+@@ -555,8 +552,7 @@ APR_DECLARE(apr_status_t) apr_shm_attach(apr_shm_t **m,
+ #if APR_USE_SHMEM_MMAP_SHM
+         const char *shm_name = make_shm_open_safe_name(filename, pool);
+ 
+-        /* FIXME: SysV uses 0600... should we? */
+-        tmpfd = shm_open(shm_name, O_RDWR, 0644);
+        tmpfd = shm_open(shm_name, O_RDWR, 0600);
+         if (tmpfd == -1) {
+             return errno;
+         }
+
--- a/apr.changes
+++ b/apr.changes
@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Wed Sep 18 08:52:31 UTC 2024 - pgajdos@suse.com
+
+- security update
+- added patches
+  fix CVE-2023-49582 [bsc#1229783], unexpected lax shared memory permissions
+  + apr-CVE-2023-49582.patch
+
 -------------------------------------------------------------------
 Thu Apr 20 10:29:07 UTC 2023 - pgajdos@suse.com

--- a/apr.spec
+++ b/apr.spec
@ -34,6 +34,8 @@ Patch5:         apr-visibility.patch
 Patch9:         apr-proc-mutex-map-anon.patch
 # prevent random failures of the testsuite (sendfile test)
 Patch10:        apr-test-sendfile-timeout.patch
+# CVE-2023-49582 [bsc#1229783], unexpected lax shared memory permissions
+Patch11:        apr-CVE-2023-49582.patch
 BuildRequires:  doxygen
 BuildRequires:  fdupes
 BuildRequires:  libuuid-devel