From: "Amy Winston" <amynka@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] repo/gentoo:master commit in: app-editors/nedit/, app-editors/nedit/files/
Date: Mon, 14 Mar 2016 17:04:53 +0000 (UTC) [thread overview]
Message-ID: <1457974974.c6d0e01f0d4eb03ce24e5e23adc1d0881df4f8d6.amynka@gentoo> (raw)
commit: c6d0e01f0d4eb03ce24e5e23adc1d0881df4f8d6
Author: Amy Winston <amynka <AT> gentoo <DOT> org>
AuthorDate: Mon Mar 14 16:59:07 2016 +0000
Commit: Amy Winston <amynka <AT> gentoo <DOT> org>
CommitDate: Mon Mar 14 17:02:54 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c6d0e01f
app-editors/nedit: security patch added
Package-Manager: portage-2.2.26
.../nedit/files/nedit-5.5_p20110116-security.patch | 63 ++++++++++++++++++++++
app-editors/nedit/files/nedit-5.6-security.patch | 63 ++++++++++++++++++++++
app-editors/nedit/nedit-5.5_p20110116-r3.ebuild | 3 +-
app-editors/nedit/nedit-5.6-r1.ebuild | 3 +-
4 files changed, 130 insertions(+), 2 deletions(-)
diff --git a/app-editors/nedit/files/nedit-5.5_p20110116-security.patch b/app-editors/nedit/files/nedit-5.5_p20110116-security.patch
new file mode 100644
index 0000000..b24ef23
--- /dev/null
+++ b/app-editors/nedit/files/nedit-5.5_p20110116-security.patch
@@ -0,0 +1,63 @@
+Index: nedit-5.5/source/file.c
+===================================================================
+--- nedit-5.5.orig/source/file.c 2004-08-24 11:37:24.000000000 +0200
++++ nedit-5.5/source/file.c 2010-03-27 18:44:01.000000000 +0100
+@@ -1314,7 +1314,7 @@
+ */
+ void PrintString(const char *string, int length, Widget parent, const char *jobName)
+ {
+- char tmpFileName[L_tmpnam]; /* L_tmpnam defined in stdio.h */
++ char *tmpFileName=strdup("/tmp/neditXXXXXX");
+ FILE *fp;
+ int fd;
+
+@@ -1325,14 +1325,10 @@
+ 1. Create a filename
+ 2. Open the file with the O_CREAT|O_EXCL flags
+ So all an attacker can do is a DoS on the print function. */
+- tmpnam(tmpFileName);
++ fd = mkstemp(tmpFileName);
+
+ /* open the temporary file */
+-#ifdef VMS
+- if ((fp = fopen(tmpFileName, "w", "rfm = stmlf")) == NULL)
+-#else
+- if ((fd = open(tmpFileName, O_CREAT|O_EXCL|O_WRONLY, S_IRUSR | S_IWUSR)) < 0 || (fp = fdopen(fd, "w")) == NULL)
+-#endif /* VMS */
++ if ((fp = fdopen(fd, "w")) == NULL)
+ {
+ DialogF(DF_WARN, parent, 1, "Error while Printing",
+ "Unable to write file for printing:\n%s", "OK",
+@@ -1346,7 +1342,7 @@
+
+ /* write to the file */
+ #ifdef IBM_FWRITE_BUG
+- write(fileno(fp), string, length);
++ write(fd, string, length);
+ #else
+ fwrite(string, sizeof(char), length, fp);
+ #endif
+@@ -1356,6 +1352,7 @@
+ "%s not printed:\n%s", "OK", jobName, errorString());
+ fclose(fp); /* should call close(fd) in turn! */
+ remove(tmpFileName);
++ free(tmpFileName);
+ return;
+ }
+
+@@ -1366,6 +1363,7 @@
+ "Error closing temp. print file:\n%s", "OK",
+ errorString());
+ remove(tmpFileName);
++ free(tmpFileName);
+ return;
+ }
+
+@@ -1377,6 +1375,7 @@
+ PrintFile(parent, tmpFileName, jobName);
+ remove(tmpFileName);
+ #endif /*VMS*/
++ free(tmpFileName);
+ return;
+ }
+
diff --git a/app-editors/nedit/files/nedit-5.6-security.patch b/app-editors/nedit/files/nedit-5.6-security.patch
new file mode 100644
index 0000000..b24ef23
--- /dev/null
+++ b/app-editors/nedit/files/nedit-5.6-security.patch
@@ -0,0 +1,63 @@
+Index: nedit-5.5/source/file.c
+===================================================================
+--- nedit-5.5.orig/source/file.c 2004-08-24 11:37:24.000000000 +0200
++++ nedit-5.5/source/file.c 2010-03-27 18:44:01.000000000 +0100
+@@ -1314,7 +1314,7 @@
+ */
+ void PrintString(const char *string, int length, Widget parent, const char *jobName)
+ {
+- char tmpFileName[L_tmpnam]; /* L_tmpnam defined in stdio.h */
++ char *tmpFileName=strdup("/tmp/neditXXXXXX");
+ FILE *fp;
+ int fd;
+
+@@ -1325,14 +1325,10 @@
+ 1. Create a filename
+ 2. Open the file with the O_CREAT|O_EXCL flags
+ So all an attacker can do is a DoS on the print function. */
+- tmpnam(tmpFileName);
++ fd = mkstemp(tmpFileName);
+
+ /* open the temporary file */
+-#ifdef VMS
+- if ((fp = fopen(tmpFileName, "w", "rfm = stmlf")) == NULL)
+-#else
+- if ((fd = open(tmpFileName, O_CREAT|O_EXCL|O_WRONLY, S_IRUSR | S_IWUSR)) < 0 || (fp = fdopen(fd, "w")) == NULL)
+-#endif /* VMS */
++ if ((fp = fdopen(fd, "w")) == NULL)
+ {
+ DialogF(DF_WARN, parent, 1, "Error while Printing",
+ "Unable to write file for printing:\n%s", "OK",
+@@ -1346,7 +1342,7 @@
+
+ /* write to the file */
+ #ifdef IBM_FWRITE_BUG
+- write(fileno(fp), string, length);
++ write(fd, string, length);
+ #else
+ fwrite(string, sizeof(char), length, fp);
+ #endif
+@@ -1356,6 +1352,7 @@
+ "%s not printed:\n%s", "OK", jobName, errorString());
+ fclose(fp); /* should call close(fd) in turn! */
+ remove(tmpFileName);
++ free(tmpFileName);
+ return;
+ }
+
+@@ -1366,6 +1363,7 @@
+ "Error closing temp. print file:\n%s", "OK",
+ errorString());
+ remove(tmpFileName);
++ free(tmpFileName);
+ return;
+ }
+
+@@ -1377,6 +1375,7 @@
+ PrintFile(parent, tmpFileName, jobName);
+ remove(tmpFileName);
+ #endif /*VMS*/
++ free(tmpFileName);
+ return;
+ }
+
diff --git a/app-editors/nedit/nedit-5.5_p20110116-r3.ebuild b/app-editors/nedit/nedit-5.5_p20110116-r3.ebuild
index 0acd378..86ab916 100644
--- a/app-editors/nedit/nedit-5.5_p20110116-r3.ebuild
+++ b/app-editors/nedit/nedit-5.5_p20110116-r3.ebuild
@@ -29,7 +29,8 @@ src_prepare() {
#respecting LDFLAGS, bug #208189
epatch \
"${FILESDIR}"/nedit-5.5_p20090914-ldflags.patch \
- "${FILESDIR}"/${P}-40_Pointer_to_Integer.patch
+ "${FILESDIR}"/${P}-40_Pointer_to_Integer.patch \
+ "${FILESDIR}"/${P}-security.patch
sed \
-e "s:bin/:${EPREFIX}/bin/:g" \
diff --git a/app-editors/nedit/nedit-5.6-r1.ebuild b/app-editors/nedit/nedit-5.6-r1.ebuild
index c8b0da3..68ebc4b 100644
--- a/app-editors/nedit/nedit-5.6-r1.ebuild
+++ b/app-editors/nedit/nedit-5.6-r1.ebuild
@@ -30,7 +30,8 @@ src_prepare() {
epatch \
"${FILESDIR}"/${P}-format.patch \
"${FILESDIR}"/${P}-ldflags.patch \
- "${FILESDIR}"/${P}-40_Pointer_to_Integer.patch
+ "${FILESDIR}"/${P}-40_Pointer_to_Integer.patch \
+ "${FILESDIR}"/${P}-security.patch
sed \
-e "s:bin/:${EPREFIX}/bin/:g" \
-i Makefile source/preferences.c source/help_data.h source/nedit.c Xlt/Makefile || die
next reply other threads:[~2016-03-14 17:04 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-03-14 17:04 Amy Winston [this message]
-- strict thread matches above, loose matches on Subject: below --
2021-04-22 12:27 [gentoo-commits] repo/gentoo:master commit in: app-editors/nedit/, app-editors/nedit/files/ Sam James
2016-04-06 17:11 Justin Lecher
2016-03-14 17:04 Amy Winston
2015-09-21 8:27 Justin Lecher
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1457974974.c6d0e01f0d4eb03ce24e5e23adc1d0881df4f8d6.amynka@gentoo \
--to=amynka@gentoo.org \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox