diff --git a/CVE-2023-1672.patch b/CVE-2023-1672.patch deleted file mode 100644 index 1bd6c9fe62c231081eb7bd810905d935bc374fcc..0000000000000000000000000000000000000000 --- a/CVE-2023-1672.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 8dbbed10870378f1b2c3cf3df2ea7edca7617096 Mon Sep 17 00:00:00 2001 -From: Sergio Correia -Date: Wed, 14 Jun 2023 10:53:20 -0300 -Subject: [PATCH] Fix race condition when creating/rotating keys (#123) - -When we create/rotate keys using either the tangd-keygen and -tangd-rotate-keys helpers, there is a small window between the -keys being created and then the proper ownership permissions being -set. This also happens when there are no keys and tang creates a -pair of keys itself. - -In certain situations, such as the keys directory having wide open -permissions, a user with local access could exploit this race -condition and read the keys before they are set to more restrictive -permissions. - -To prevent this issue, we now set the default umask to 0337 before -creating the files, so that they are already created with restrictive -permissions; afterwards, we set the proper ownership as usual. - -Issue reported by Brian McDermott of CENSUS labs. - -Fixes CVE-2023-1672 - -Refer: - https://github.com/latchset/tang/commit/8dbbed10870378f1b2c3cf3df2ea7edca7617096 - https://ubuntu.com/security/CVE-2023-1672 - -Reviewed-by: Sergio Arroutbi -Signed-off-by: Sergio Correia ---- - src/tangd-keygen | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/src/tangd-keygen b/src/tangd-keygen -index 20d498e..d894ece 100755 ---- a/src/tangd-keygen -+++ b/src/tangd-keygen -@@ -27,6 +27,9 @@ fi - - [ $# -eq 3 ] && sig=$2 && exc=$3 - -+# Set default umask for file creation. -+umask 0337 -+ - jwe=`jose jwk gen -i '{"alg":"ES512"}'` - [ -z "$sig" ] && sig=`echo "$jwe" | jose jwk thp -i-` - echo "$jwe" > $1/$sig.jwk --- -2.33.0 - diff --git a/tang-14.tar.xz b/tang-14.tar.xz new file mode 100644 index 0000000000000000000000000000000000000000..3927f7d6b1dd56cb433cd777026b944f19465e74 Binary files /dev/null and b/tang-14.tar.xz differ diff --git a/tang-7.tar.bz2 b/tang-7.tar.bz2 deleted file mode 100644 index 0c07e8236f7807ef8f556fb884f1d8f886a4ed2d..0000000000000000000000000000000000000000 Binary files a/tang-7.tar.bz2 and /dev/null differ diff --git a/tang.spec b/tang.spec index a9c05929f9a32313ab312f7fdeeb040f0cd716cb..b150ede4564dea7dda720b932b109ee46edc2c69 100644 --- a/tang.spec +++ b/tang.spec @@ -1,15 +1,14 @@ Name: tang -Version: 7 -Release: 3 +Version: 14 +Release: 1 Summary: Server for binding data to network presence License: GPLv3+ URL: https://github.com/latchset/%{name} -Source0: https://github.com/latchset/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.bz2 -Patch0: CVE-2023-1672.patch +Source0: https://github.com/latchset/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.xz -BuildRequires: gcc jose libjose-devel libjose-zlib-devel libjose-openssl-devel +BuildRequires: gcc meson jose libjose-devel libjose-zlib-devel libjose-openssl-devel BuildRequires: http-parser-devel systemd-devel pkgconfig systemd curl -BuildRequires: asciidoc coreutils grep sed +BuildRequires: asciidoc coreutils grep sed iproute Requires: coreutils jose grep sed Requires(pre): shadow-utils @@ -35,24 +34,15 @@ the encryption key. This process is the recovery step. %autosetup -n %{name}-%{version} -p1 %build -%configure -%make_build +%meson +%meson_build %install -%make_install - -%{__sed} -i 's|DirectoryMode=0700||' %{buildroot}/%{_unitdir}/%{name}d-update.path -%{__sed} -i 's|MakeDirectory=true||' %{buildroot}/%{_unitdir}/%{name}d-update.path -echo "User=%{name}" >> %{buildroot}/%{_unitdir}/%{name}d-update.service -echo "User=%{name}" >> %{buildroot}/%{_unitdir}/%{name}d@.service -install -d %{buildroot}/%{_localstatedir}/cache/%{name} -install -d %{buildroot}/%{_localstatedir}/db/%{name} +%meson_install +%{__mkdir_p} $RPM_BUILD_ROOT/%{_localstatedir}/db/%{name} %check -if ! make %{?_smp_mflags} check; then - cat test-suite.log - false -fi +%meson_test %pre getent group %{name} >/dev/null || groupadd -r %{name} @@ -63,41 +53,44 @@ exit 0 %post %systemd_post %{name}d.socket -%systemd_post %{name}d-update.path -%systemd_post %{name}d-update.service -%systemd_post %{name}d-keygen.service + +if [ -d /var/db/tang ]; then + for k in /var/db/tang/*.jwk; do + test -e "${k}" || continue + chmod 0440 -- "${k}" + done + for k in /var/db/tang/.*.jwk; do + test -e "${k}" || continue + chmod 0440 -- "${k}" + done + chown tang:tang -R /var/db/tang +fi %preun %systemd_preun %{name}d.socket -%systemd_preun %{name}d-update.path -%systemd_preun %{name}d-update.service -%systemd_preun %{name}d-keygen.service %postun %systemd_postun_with_restart %{name}d.socket -%systemd_postun_with_restart %{name}d-update.path -%systemd_postun_with_restart %{name}d-update.service -%systemd_postun_with_restart %{name}d-keygen.service %files %license COPYING -%attr(0750, %{name}, %{name}) %{_localstatedir}/cache/%{name} %attr(2570, %{name}, %{name}) %{_localstatedir}/db/%{name} -%{_unitdir}/%{name}d-keygen.service -%{_unitdir}/%{name}d-update.service -%{_unitdir}/%{name}d-update.path %{_unitdir}/%{name}d@.service %{_unitdir}/%{name}d.socket %{_libexecdir}/%{name}d-keygen -%{_libexecdir}/%{name}d-update +%{_libexecdir}/%{name}d-rotate-keys %{_libexecdir}/%{name}d %{_bindir}/%{name}-show-keys %files help %{_mandir}/man8/tang.8* %{_mandir}/man1/tang-show-keys.1* +%{_mandir}/man1/tangd-rotate-keys.1.gz %changelog +* Thu Sep 28 2023 wulei - 14-1 +- Update to 14 + * Fri Jun 30 2023 wangkai <13474090681@163.com> - 7-3 - Fix CVE-2023-1672