diff --git a/base/comps/attr/CVE-2026-54371.patch b/base/comps/attr/CVE-2026-54371.patch new file mode 100644 index 00000000000..20260c37b42 --- /dev/null +++ b/base/comps/attr/CVE-2026-54371.patch @@ -0,0 +1,61 @@ +From be1e79058ab675dde0fc99d9167dd2b347b01ae9 Mon Sep 17 00:00:00 2001 +From: Andreas Gruenbacher +Date: Fri, 19 Jun 2026 19:35:09 +0200 +Subject: [PATCH] setfattr: Do not ignore --no-dereference after --restore + +Process the entire command line before starting to restore all files specified +by --restore=file options. That way, --no-dereference will take effect even +when it occurs at the end of the command line. + +Signed-off-by: Andreas Gruenbacher +Signed-off-by: autosec +Upstream-reference: /workspace/4.0-CVE/scratch-prefetch/attr-CVE-2026-54371.patch +--- + tools/setfattr.c | 17 +++++++++++++++-- + 1 file changed, 15 insertions(+), 2 deletions(-) + +diff --git a/tools/setfattr.c b/tools/setfattr.c +index c4e2d79..e5e0718 100644 +--- a/tools/setfattr.c ++++ b/tools/setfattr.c +@@ -193,6 +193,7 @@ void help(void) + + int main(int argc, char *argv[]) + { ++ char **restore_args = NULL; + int opt; + + progname = basename(argv[0]); +@@ -234,8 +235,14 @@ int main(int argc, char *argv[]) + break; + + case 'B': /* restore */ +- opt_restore = 1; +- restore(optarg); ++ opt_restore++; ++ restore_args = realloc(restore_args, ++ opt_restore * sizeof(*restore_args)); ++ if (!restore_args) { ++ perror(progname); ++ exit(1); ++ } ++ restore_args[opt_restore - 1] = optarg; + break; + + case 'V': +@@ -253,6 +260,12 @@ int main(int argc, char *argv[]) + if (!(((opt_remove || opt_set) && optind < argc) || opt_restore)) + goto synopsis; + ++ if (opt_restore) { ++ for (opt = 0; opt < opt_restore; opt++) ++ restore(restore_args[opt]); ++ free(restore_args); ++ } ++ + while (optind < argc) { + do_set(argv[optind], unquote(opt_name), opt_value); + optind++; +-- +2.45.4 + diff --git a/base/comps/attr/attr.comp.toml b/base/comps/attr/attr.comp.toml new file mode 100644 index 00000000000..19dd76bd261 --- /dev/null +++ b/base/comps/attr/attr.comp.toml @@ -0,0 +1,6 @@ +[components.attr] + +[[components.attr.overlays]] +description = "Fix CVE-2026-54371 — https://cgit.git.savannah.nongnu.org/cgit/attr.git/commit/?id=c440855d6b33446edf4b5eb1a2d892281f15a99b" +type = "patch-add" +source = "CVE-2026-54371.patch" diff --git a/base/comps/components.toml b/base/comps/components.toml index bb8ce516b0f..0f7eb21e43e 100644 --- a/base/comps/components.toml +++ b/base/comps/components.toml @@ -119,7 +119,6 @@ includes = ["**/*.comp.toml", "component-check-disablement.toml", "component-min [components.atf] [components.atkmm] [components.atril] -[components.attr] [components.audit] [components.aurorae] [components.authselect] diff --git a/locks/attr.lock b/locks/attr.lock index 7bd0f64ecaf..583254a2e0d 100644 --- a/locks/attr.lock +++ b/locks/attr.lock @@ -2,5 +2,5 @@ version = 1 import-commit = '0adfe3b1f7ddcaecc0bc78a10768a377cf537279' upstream-commit = '0adfe3b1f7ddcaecc0bc78a10768a377cf537279' -input-fingerprint = 'sha256:0e3f27b56c4ea498e95e443a9b8d8e3c21d634e68ae62aaebc2abe9b73184018' +input-fingerprint = 'sha256:b371635dfe3b576171443039e164231265c3a01ad44f80ce5e4e4dbfac66fb6a' resolution-input-hash = 'sha256:466421704711c4fd3c71f0b2ed715a0e61d49e3e26f3a2637fee755795849c8e' diff --git a/specs/a/attr/CVE-2026-54371.patch b/specs/a/attr/CVE-2026-54371.patch new file mode 100644 index 00000000000..20260c37b42 --- /dev/null +++ b/specs/a/attr/CVE-2026-54371.patch @@ -0,0 +1,61 @@ +From be1e79058ab675dde0fc99d9167dd2b347b01ae9 Mon Sep 17 00:00:00 2001 +From: Andreas Gruenbacher +Date: Fri, 19 Jun 2026 19:35:09 +0200 +Subject: [PATCH] setfattr: Do not ignore --no-dereference after --restore + +Process the entire command line before starting to restore all files specified +by --restore=file options. That way, --no-dereference will take effect even +when it occurs at the end of the command line. + +Signed-off-by: Andreas Gruenbacher +Signed-off-by: autosec +Upstream-reference: /workspace/4.0-CVE/scratch-prefetch/attr-CVE-2026-54371.patch +--- + tools/setfattr.c | 17 +++++++++++++++-- + 1 file changed, 15 insertions(+), 2 deletions(-) + +diff --git a/tools/setfattr.c b/tools/setfattr.c +index c4e2d79..e5e0718 100644 +--- a/tools/setfattr.c ++++ b/tools/setfattr.c +@@ -193,6 +193,7 @@ void help(void) + + int main(int argc, char *argv[]) + { ++ char **restore_args = NULL; + int opt; + + progname = basename(argv[0]); +@@ -234,8 +235,14 @@ int main(int argc, char *argv[]) + break; + + case 'B': /* restore */ +- opt_restore = 1; +- restore(optarg); ++ opt_restore++; ++ restore_args = realloc(restore_args, ++ opt_restore * sizeof(*restore_args)); ++ if (!restore_args) { ++ perror(progname); ++ exit(1); ++ } ++ restore_args[opt_restore - 1] = optarg; + break; + + case 'V': +@@ -253,6 +260,12 @@ int main(int argc, char *argv[]) + if (!(((opt_remove || opt_set) && optind < argc) || opt_restore)) + goto synopsis; + ++ if (opt_restore) { ++ for (opt = 0; opt < opt_restore; opt++) ++ restore(restore_args[opt]); ++ free(restore_args); ++ } ++ + while (optind < argc) { + do_set(argv[optind], unquote(opt_name), opt_value); + optind++; +-- +2.45.4 + diff --git a/specs/a/attr/attr.spec b/specs/a/attr/attr.spec index 5ca864e8634..8626e78f508 100644 --- a/specs/a/attr/attr.spec +++ b/specs/a/attr/attr.spec @@ -4,7 +4,7 @@ Summary: Utilities for managing filesystem extended attributes Name: attr Version: 2.5.2 -Release: 7%{?dist} +Release: 8%{?dist} Source0: https://download.savannah.nongnu.org/releases/attr/attr-%{version}.tar.xz Source1: https://download.savannah.nongnu.org/releases/attr/attr-%{version}.tar.xz.sig # Retreived from https://savannah.nongnu.org/people/viewgpg.php?user_id=15000 @@ -29,6 +29,7 @@ Requires: libattr%{?_isa} = %{version}-%{release} # needed for %%check BuildRequires: perl(FileHandle) +Patch4: CVE-2026-54371.patch %description A set of tools for manipulating extended attributes on filesystem objects, in particular getfattr(1) and setfattr(1).