new upstream release - 2.8.1
This commit is contained in:
Kamil Dudka
parent
a09ba746b2
commit
db99f27cb6
@ -1,126 +0,0 @@
|
||||
From 48bc217a9e0cc5c6ad494cff925185912740dbb4 Mon Sep 17 00:00:00 2001
|
||||
From: Kamil Dudka <kdudka@redhat.com>
|
||||
Date: Tue, 4 Apr 2017 09:29:31 +0200
|
||||
Subject: [PATCH] backup: prevent a symlink attack by operating on the file
|
||||
descriptor
|
||||
|
||||
Use futimens() instead of utime() to change the timestamps on a backup
|
||||
file. Otherwise, a non-privileged user could create an arbitrary symlink
|
||||
with the name of the backup file and in this way fool a privileged user
|
||||
to call utime() on the attacker-chosen file.
|
||||
|
||||
Upstream-commit: 70bcf752dcc82d1eed04ba4f900ed69ce2b97500
|
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||
---
|
||||
src/files.c | 24 ++++++++++++++----------
|
||||
src/proto.h | 2 +-
|
||||
2 files changed, 15 insertions(+), 11 deletions(-)
|
||||
|
||||
diff --git a/src/files.c b/src/files.c
|
||||
index 033b963..df2627c 100644
|
||||
--- a/src/files.c
|
||||
+++ b/src/files.c
|
||||
@@ -1541,12 +1541,14 @@ void init_backup_dir(void)
|
||||
|
||||
/* Read from inn, write to out. We assume inn is opened for reading,
|
||||
* and out for writing. We return 0 on success, -1 on read error, or -2
|
||||
- * on write error. */
|
||||
-int copy_file(FILE *inn, FILE *out)
|
||||
+ * on write error. inn is always closed by this function, out is closed
|
||||
+ * only if close_out is true. */
|
||||
+int copy_file(FILE *inn, FILE *out, bool close_out)
|
||||
{
|
||||
int retval = 0;
|
||||
char buf[BUFSIZ];
|
||||
size_t charsread;
|
||||
+ int (*flush_out_fnc)(FILE *) = (close_out) ? fclose : fflush;
|
||||
|
||||
assert(inn != NULL && out != NULL && inn != out);
|
||||
|
||||
@@ -1564,7 +1566,7 @@ int copy_file(FILE *inn, FILE *out)
|
||||
|
||||
if (fclose(inn) == EOF)
|
||||
retval = -1;
|
||||
- if (fclose(out) == EOF)
|
||||
+ if (flush_out_fnc(out) == EOF)
|
||||
retval = -2;
|
||||
|
||||
return retval;
|
||||
@@ -1655,13 +1657,13 @@ bool write_file(const char *name, FILE *f_open, bool tmp,
|
||||
int backup_fd;
|
||||
FILE *backup_file;
|
||||
char *backupname;
|
||||
- struct utimbuf filetime;
|
||||
+ static struct timespec filetime[2];
|
||||
int copy_status;
|
||||
int backup_cflags;
|
||||
|
||||
/* Save the original file's access and modification times. */
|
||||
- filetime.actime = openfile->current_stat->st_atime;
|
||||
- filetime.modtime = openfile->current_stat->st_mtime;
|
||||
+ filetime[0].tv_sec = openfile->current_stat->st_atime;
|
||||
+ filetime[1].tv_sec = openfile->current_stat->st_mtime;
|
||||
|
||||
if (f_open == NULL) {
|
||||
/* Open the original file to copy to the backup. */
|
||||
@@ -1790,7 +1792,7 @@ bool write_file(const char *name, FILE *f_open, bool tmp,
|
||||
#endif
|
||||
|
||||
/* Copy the file. */
|
||||
- copy_status = copy_file(f, backup_file);
|
||||
+ copy_status = copy_file(f, backup_file, FALSE);
|
||||
|
||||
if (copy_status != 0) {
|
||||
statusline(ALERT, _("Error reading %s: %s"), realname,
|
||||
@@ -1799,7 +1801,8 @@ bool write_file(const char *name, FILE *f_open, bool tmp,
|
||||
}
|
||||
|
||||
/* And set its metadata. */
|
||||
- if (utime(backupname, &filetime) == -1 && !ISSET(INSECURE_BACKUP)) {
|
||||
+ if (futimens(backup_fd, filetime) == -1 && !ISSET(INSECURE_BACKUP)) {
|
||||
+ fclose(backup_file);
|
||||
if (prompt_failed_backupwrite(backupname))
|
||||
goto skip_backup;
|
||||
statusline(HUSH, _("Error writing backup file %s: %s"),
|
||||
@@ -1811,6 +1814,7 @@ bool write_file(const char *name, FILE *f_open, bool tmp,
|
||||
goto cleanup_and_exit;
|
||||
}
|
||||
|
||||
+ fclose(backup_file);
|
||||
free(backupname);
|
||||
}
|
||||
|
||||
@@ -1867,7 +1871,7 @@ bool write_file(const char *name, FILE *f_open, bool tmp,
|
||||
}
|
||||
}
|
||||
|
||||
- if (f_source == NULL || copy_file(f_source, f) != 0) {
|
||||
+ if (f_source == NULL || copy_file(f_source, f, TRUE) != 0) {
|
||||
statusline(ALERT, _("Error writing temp file: %s"),
|
||||
strerror(errno));
|
||||
unlink(tempname);
|
||||
@@ -1975,7 +1979,7 @@ bool write_file(const char *name, FILE *f_open, bool tmp,
|
||||
goto cleanup_and_exit;
|
||||
}
|
||||
|
||||
- if (copy_file(f_source, f) == -1) {
|
||||
+ if (copy_file(f_source, f, TRUE) == -1) {
|
||||
statusline(ALERT, _("Error writing %s: %s"), realname,
|
||||
strerror(errno));
|
||||
goto cleanup_and_exit;
|
||||
diff --git a/src/proto.h b/src/proto.h
|
||||
index 0250ad6..d8255a9 100644
|
||||
--- a/src/proto.h
|
||||
+++ b/src/proto.h
|
||||
@@ -298,7 +298,7 @@ void init_backup_dir(void);
|
||||
int delete_lockfile(const char *lockfilename);
|
||||
int write_lockfile(const char *lockfilename, const char *origfilename, bool modified);
|
||||
#endif
|
||||
-int copy_file(FILE *inn, FILE *out);
|
||||
+int copy_file(FILE *inn, FILE *out, bool close_out);
|
||||
bool write_file(const char *name, FILE *f_open, bool tmp,
|
||||
kind_of_writing_type method, bool nonamechange);
|
||||
#ifndef NANO_TINY
|
||||
--
|
||||
2.9.3
|
||||
|
||||
@ -1,11 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQEzBAABCAAdFiEEp/amSmfaCe+SeC3XnfSGKvEXXFsFAljeHL8ACgkQnfSGKvEX
|
||||
XFvzkwf/YbAe+RfETWd7nZlw+c9CqntPLqcc1mVnCOO9ng3a7wAyCfzuHtgg0m63
|
||||
vYufpYxi/AyFwTjv8GyPnqcVGdwqXiY06kKsPSh+3vP8ChIujYoAfrTXZoX4qGhP
|
||||
68xX0ZxioR6NOUZ+Nwxa2n4VJO6q+P0fJKe2NoiX+tLRgErpZl/NPVdL+ekKWaau
|
||||
iJ3snxkMNrm0cC6KnZn6eYr+mSaLY85StoCFX5l9dhkm+RtZfYx8RuFF69oSItW5
|
||||
Q7PcSxtDj0/e+0ZhkM6gdbTEY7SAqdmAgs6vIt2CQZ16l8FAfRFd+r7rWsnKJFyU
|
||||
OW8RlvHHNkbxeSrlLEmM4bspZ3zj5A==
|
||||
=ZCcd
|
||||
-----END PGP SIGNATURE-----
|
||||
11
nano-2.8.1.tar.gz.asc
Normal file
11
nano-2.8.1.tar.gz.asc
Normal file
@ -0,0 +1,11 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQEzBAABCAAdFiEEp/amSmfaCe+SeC3XnfSGKvEXXFsFAljt49YACgkQnfSGKvEX
|
||||
XFtKQggAgERS3BJ5achC9Q7oj9TGbTwparikEjUQ55A6lZBJKeaTciyj6kqJLHgT
|
||||
j004eE0r6NFnQe5S5TB8UsjRRMg2ruoLoYOjotMOChEwAi3MQioqVeKI0+opqMm6
|
||||
XikBNe2tqZCc9Rsy/DHpr/dBSk8vxuKSxsFhoUNdceWaqhxVm1FjzuRfGU721wc5
|
||||
vxIWqD6gsJaJBsNm2tB7zYKftOWz02DVvrDejYU5l4/EELoQkd1jdrZIQlGj+NNn
|
||||
qLiRdSYNQBuPJrEg+RMK97d2VXh+avrCXIlq5phni3uQwaAm4XpBqO3BcwH/1wM6
|
||||
3fWpoGCYaGhP8ci8tuT5gPGE7OgddA==
|
||||
=kG90
|
||||
-----END PGP SIGNATURE-----
|
||||
10
nano.spec
10
nano.spec
@ -1,15 +1,12 @@
|
||||
Summary: A small text editor
|
||||
Name: nano
|
||||
Version: 2.8.0
|
||||
Release: 2%{?dist}
|
||||
Version: 2.8.1
|
||||
Release: 1%{?dist}
|
||||
License: GPLv3+
|
||||
URL: https://www.nano-editor.org
|
||||
Source: https://www.nano-editor.org/dist/v2.8/%{name}-%{version}.tar.gz
|
||||
Source2: nanorc
|
||||
|
||||
# backup: prevent a symlink attack by operating on the file descriptor
|
||||
Patch1: 0001-nano-2.8.0-backup-futimens.patch
|
||||
|
||||
BuildRequires: file-devel
|
||||
BuildRequires: gettext-devel
|
||||
BuildRequires: git
|
||||
@ -81,6 +78,9 @@ exit 0
|
||||
%{_datadir}/nano
|
||||
|
||||
%changelog
|
||||
* Wed Apr 12 2017 Kamil Dudka <kdudka@redhat.com> - 2.8.1-1
|
||||
- new upstream release
|
||||
|
||||
* Tue Apr 04 2017 Kamil Dudka <kdudka@redhat.com> - 2.8.0-2
|
||||
- use upstream patch to prevent symlink attack while creating a backup
|
||||
|
||||
|
||||
2
sources
2
sources
@ -1 +1 @@
|
||||
SHA512 (nano-2.8.0.tar.gz) = 75631ddddf960aadfffb3d5df235e7b47118ee3050118927677a94036a87f9d7dfee9f0a75bd5dc6813c12e4edd51d7836c9173057d5caebf55ba9cfaafc6159
|
||||
SHA512 (nano-2.8.1.tar.gz) = 00184c311973f99364daa1102cc3e8d8c95ef5e77532f7514dba977685beb86a40b5f81cd6e931b7f9b2af868dc0c4677b23f3f11f6a1b78cedabeb249667dae
|
||||
|
||||
Loading…
Reference in New Issue
Block a user