From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 2728D59CA3 for ; Mon, 14 Mar 2016 17:04:58 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id A119521C00A; Mon, 14 Mar 2016 17:04:57 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 03F0C21C00A for ; Mon, 14 Mar 2016 17:04:57 +0000 (UTC) Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id E1B2C340845 for ; Mon, 14 Mar 2016 17:04:55 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 2277584C for ; Mon, 14 Mar 2016 17:04:53 +0000 (UTC) From: "Amy Winston" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Amy Winston" Message-ID: <1457974974.c6d0e01f0d4eb03ce24e5e23adc1d0881df4f8d6.amynka@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: app-editors/nedit/, app-editors/nedit/files/ X-VCS-Repository: repo/gentoo X-VCS-Files: app-editors/nedit/files/nedit-5.5_p20110116-security.patch app-editors/nedit/files/nedit-5.6-security.patch app-editors/nedit/nedit-5.5_p20110116-r3.ebuild app-editors/nedit/nedit-5.6-r1.ebuild X-VCS-Directories: app-editors/nedit/ app-editors/nedit/files/ X-VCS-Committer: amynka X-VCS-Committer-Name: Amy Winston X-VCS-Revision: c6d0e01f0d4eb03ce24e5e23adc1d0881df4f8d6 X-VCS-Branch: master Date: Mon, 14 Mar 2016 17:04:53 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 2585c220-21e3-49e1-ba5e-279c7fc4ca20 X-Archives-Hash: e1c09a7b2538e5a7fe5af1a2a482a983 commit: c6d0e01f0d4eb03ce24e5e23adc1d0881df4f8d6 Author: Amy Winston gentoo org> AuthorDate: Mon Mar 14 16:59:07 2016 +0000 Commit: Amy Winston gentoo org> CommitDate: Mon Mar 14 17:02:54 2016 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c6d0e01f app-editors/nedit: security patch added Package-Manager: portage-2.2.26 .../nedit/files/nedit-5.5_p20110116-security.patch | 63 ++++++++++++++++++++++ app-editors/nedit/files/nedit-5.6-security.patch | 63 ++++++++++++++++++++++ app-editors/nedit/nedit-5.5_p20110116-r3.ebuild | 3 +- app-editors/nedit/nedit-5.6-r1.ebuild | 3 +- 4 files changed, 130 insertions(+), 2 deletions(-) diff --git a/app-editors/nedit/files/nedit-5.5_p20110116-security.patch b/app-editors/nedit/files/nedit-5.5_p20110116-security.patch new file mode 100644 index 0000000..b24ef23 --- /dev/null +++ b/app-editors/nedit/files/nedit-5.5_p20110116-security.patch @@ -0,0 +1,63 @@ +Index: nedit-5.5/source/file.c +=================================================================== +--- nedit-5.5.orig/source/file.c 2004-08-24 11:37:24.000000000 +0200 ++++ nedit-5.5/source/file.c 2010-03-27 18:44:01.000000000 +0100 +@@ -1314,7 +1314,7 @@ + */ + void PrintString(const char *string, int length, Widget parent, const char *jobName) + { +- char tmpFileName[L_tmpnam]; /* L_tmpnam defined in stdio.h */ ++ char *tmpFileName=strdup("/tmp/neditXXXXXX"); + FILE *fp; + int fd; + +@@ -1325,14 +1325,10 @@ + 1. Create a filename + 2. Open the file with the O_CREAT|O_EXCL flags + So all an attacker can do is a DoS on the print function. */ +- tmpnam(tmpFileName); ++ fd = mkstemp(tmpFileName); + + /* open the temporary file */ +-#ifdef VMS +- if ((fp = fopen(tmpFileName, "w", "rfm = stmlf")) == NULL) +-#else +- if ((fd = open(tmpFileName, O_CREAT|O_EXCL|O_WRONLY, S_IRUSR | S_IWUSR)) < 0 || (fp = fdopen(fd, "w")) == NULL) +-#endif /* VMS */ ++ if ((fp = fdopen(fd, "w")) == NULL) + { + DialogF(DF_WARN, parent, 1, "Error while Printing", + "Unable to write file for printing:\n%s", "OK", +@@ -1346,7 +1342,7 @@ + + /* write to the file */ + #ifdef IBM_FWRITE_BUG +- write(fileno(fp), string, length); ++ write(fd, string, length); + #else + fwrite(string, sizeof(char), length, fp); + #endif +@@ -1356,6 +1352,7 @@ + "%s not printed:\n%s", "OK", jobName, errorString()); + fclose(fp); /* should call close(fd) in turn! */ + remove(tmpFileName); ++ free(tmpFileName); + return; + } + +@@ -1366,6 +1363,7 @@ + "Error closing temp. print file:\n%s", "OK", + errorString()); + remove(tmpFileName); ++ free(tmpFileName); + return; + } + +@@ -1377,6 +1375,7 @@ + PrintFile(parent, tmpFileName, jobName); + remove(tmpFileName); + #endif /*VMS*/ ++ free(tmpFileName); + return; + } + diff --git a/app-editors/nedit/files/nedit-5.6-security.patch b/app-editors/nedit/files/nedit-5.6-security.patch new file mode 100644 index 0000000..b24ef23 --- /dev/null +++ b/app-editors/nedit/files/nedit-5.6-security.patch @@ -0,0 +1,63 @@ +Index: nedit-5.5/source/file.c +=================================================================== +--- nedit-5.5.orig/source/file.c 2004-08-24 11:37:24.000000000 +0200 ++++ nedit-5.5/source/file.c 2010-03-27 18:44:01.000000000 +0100 +@@ -1314,7 +1314,7 @@ + */ + void PrintString(const char *string, int length, Widget parent, const char *jobName) + { +- char tmpFileName[L_tmpnam]; /* L_tmpnam defined in stdio.h */ ++ char *tmpFileName=strdup("/tmp/neditXXXXXX"); + FILE *fp; + int fd; + +@@ -1325,14 +1325,10 @@ + 1. Create a filename + 2. Open the file with the O_CREAT|O_EXCL flags + So all an attacker can do is a DoS on the print function. */ +- tmpnam(tmpFileName); ++ fd = mkstemp(tmpFileName); + + /* open the temporary file */ +-#ifdef VMS +- if ((fp = fopen(tmpFileName, "w", "rfm = stmlf")) == NULL) +-#else +- if ((fd = open(tmpFileName, O_CREAT|O_EXCL|O_WRONLY, S_IRUSR | S_IWUSR)) < 0 || (fp = fdopen(fd, "w")) == NULL) +-#endif /* VMS */ ++ if ((fp = fdopen(fd, "w")) == NULL) + { + DialogF(DF_WARN, parent, 1, "Error while Printing", + "Unable to write file for printing:\n%s", "OK", +@@ -1346,7 +1342,7 @@ + + /* write to the file */ + #ifdef IBM_FWRITE_BUG +- write(fileno(fp), string, length); ++ write(fd, string, length); + #else + fwrite(string, sizeof(char), length, fp); + #endif +@@ -1356,6 +1352,7 @@ + "%s not printed:\n%s", "OK", jobName, errorString()); + fclose(fp); /* should call close(fd) in turn! */ + remove(tmpFileName); ++ free(tmpFileName); + return; + } + +@@ -1366,6 +1363,7 @@ + "Error closing temp. print file:\n%s", "OK", + errorString()); + remove(tmpFileName); ++ free(tmpFileName); + return; + } + +@@ -1377,6 +1375,7 @@ + PrintFile(parent, tmpFileName, jobName); + remove(tmpFileName); + #endif /*VMS*/ ++ free(tmpFileName); + return; + } + diff --git a/app-editors/nedit/nedit-5.5_p20110116-r3.ebuild b/app-editors/nedit/nedit-5.5_p20110116-r3.ebuild index 0acd378..86ab916 100644 --- a/app-editors/nedit/nedit-5.5_p20110116-r3.ebuild +++ b/app-editors/nedit/nedit-5.5_p20110116-r3.ebuild @@ -29,7 +29,8 @@ src_prepare() { #respecting LDFLAGS, bug #208189 epatch \ "${FILESDIR}"/nedit-5.5_p20090914-ldflags.patch \ - "${FILESDIR}"/${P}-40_Pointer_to_Integer.patch + "${FILESDIR}"/${P}-40_Pointer_to_Integer.patch \ + "${FILESDIR}"/${P}-security.patch sed \ -e "s:bin/:${EPREFIX}/bin/:g" \ diff --git a/app-editors/nedit/nedit-5.6-r1.ebuild b/app-editors/nedit/nedit-5.6-r1.ebuild index c8b0da3..68ebc4b 100644 --- a/app-editors/nedit/nedit-5.6-r1.ebuild +++ b/app-editors/nedit/nedit-5.6-r1.ebuild @@ -30,7 +30,8 @@ src_prepare() { epatch \ "${FILESDIR}"/${P}-format.patch \ "${FILESDIR}"/${P}-ldflags.patch \ - "${FILESDIR}"/${P}-40_Pointer_to_Integer.patch + "${FILESDIR}"/${P}-40_Pointer_to_Integer.patch \ + "${FILESDIR}"/${P}-security.patch sed \ -e "s:bin/:${EPREFIX}/bin/:g" \ -i Makefile source/preferences.c source/help_data.h source/nedit.c Xlt/Makefile || die