new upstream release - 2.8.1

2017-04-12 22:32:16 +02:00 · 2017-04-12 22:32:16 +02:00 · db99f27cb6
commit db99f27cb6
parent a09ba746b2
5 changed files with 17 additions and 143 deletions
--- a/0001-nano-2.8.0-backup-futimens.patch
+++ b/0001-nano-2.8.0-backup-futimens.patch
@ -1,126 +0,0 @@
 From 48bc217a9e0cc5c6ad494cff925185912740dbb4 Mon Sep 17 00:00:00 2001
 From: Kamil Dudka <kdudka@redhat.com>
 Date: Tue, 4 Apr 2017 09:29:31 +0200
 Subject: [PATCH] backup: prevent a symlink attack by operating on the file
 descriptor
 Use futimens() instead of utime() to change the timestamps on a backup
 file.  Otherwise, a non-privileged user could create an arbitrary symlink
 with the name of the backup file and in this way fool a privileged user
 to call utime() on the attacker-chosen file.
 Upstream-commit: 70bcf752dcc82d1eed04ba4f900ed69ce2b97500
 Signed-off-by: Kamil Dudka <kdudka@redhat.com>
 ---
 src/files.c | 24 ++++++++++++++----------
 src/proto.h |  2 +-
 2 files changed, 15 insertions(+), 11 deletions(-)
 diff --git a/src/files.c b/src/files.c
 index 033b963..df2627c 100644
 --- a/src/files.c
 +++ b/src/files.c
@@ -1541,12 +1541,14 @@ void init_backup_dir(void)
 /* Read from inn, write to out.  We assume inn is opened for reading,
  * and out for writing.  We return 0 on success, -1 on read error, or -2
 - * on write error. */
 -int copy_file(FILE *inn, FILE *out)
 + * on write error.  inn is always closed by this function, out is closed
 + * only if close_out is true. */
 +int copy_file(FILE *inn, FILE *out, bool close_out)
 {
     int retval = 0;
     char buf[BUFSIZ];
     size_t charsread;
 +    int (*flush_out_fnc)(FILE *) = (close_out) ? fclose : fflush;
     assert(inn != NULL && out != NULL && inn != out);
@@ -1564,7 +1566,7 @@ int copy_file(FILE *inn, FILE *out)
     if (fclose(inn) == EOF)
 	retval = -1;
 -    if (fclose(out) == EOF)
 +    if (flush_out_fnc(out) == EOF)
 	retval = -2;
     return retval;
@@ -1655,13 +1657,13 @@ bool write_file(const char *name, FILE *f_open, bool tmp,
 	int backup_fd;
 	FILE *backup_file;
 	char *backupname;
 -	struct utimbuf filetime;
 +	static struct timespec filetime[2];
 	int copy_status;
 	int backup_cflags;
 	/* Save the original file's access and modification times. */
 -	filetime.actime = openfile->current_stat->st_atime;
 -	filetime.modtime = openfile->current_stat->st_mtime;
 +	filetime[0].tv_sec = openfile->current_stat->st_atime;
 +	filetime[1].tv_sec = openfile->current_stat->st_mtime;
 	if (f_open == NULL) {
 	    /* Open the original file to copy to the backup. */
@@ -1790,7 +1792,7 @@ bool write_file(const char *name, FILE *f_open, bool tmp,
 #endif
 	/* Copy the file. */
 -	copy_status = copy_file(f, backup_file);
 +	copy_status = copy_file(f, backup_file, FALSE);
 	if (copy_status != 0) {
 	    statusline(ALERT, _("Error reading %s: %s"), realname,
@@ -1799,7 +1801,8 @@ bool write_file(const char *name, FILE *f_open, bool tmp,
 	}
 	/* And set its metadata. */
 -	if (utime(backupname, &filetime) == -1 && !ISSET(INSECURE_BACKUP)) {
 +	if (futimens(backup_fd, filetime) == -1 && !ISSET(INSECURE_BACKUP)) {
 +	    fclose(backup_file);
 	    if (prompt_failed_backupwrite(backupname))
 		goto skip_backup;
 	    statusline(HUSH, _("Error writing backup file %s: %s"),
@@ -1811,6 +1814,7 @@ bool write_file(const char *name, FILE *f_open, bool tmp,
 	    goto cleanup_and_exit;
 	}
 +	fclose(backup_file);
 	free(backupname);
     }
@@ -1867,7 +1871,7 @@ bool write_file(const char *name, FILE *f_open, bool tmp,
 	    }
 	}
 -	if (f_source == NULL || copy_file(f_source, f) != 0) {
 +	if (f_source == NULL || copy_file(f_source, f, TRUE) != 0) {
 	    statusline(ALERT, _("Error writing temp file: %s"),
 			strerror(errno));
 	    unlink(tempname);
@@ -1975,7 +1979,7 @@ bool write_file(const char *name, FILE *f_open, bool tmp,
 	    goto cleanup_and_exit;
 	}
 -	if (copy_file(f_source, f) == -1) {
 +	if (copy_file(f_source, f, TRUE) == -1) {
 	    statusline(ALERT, _("Error writing %s: %s"), realname,
 			strerror(errno));
 	    goto cleanup_and_exit;
 diff --git a/src/proto.h b/src/proto.h
 index 0250ad6..d8255a9 100644
 --- a/src/proto.h
 +++ b/src/proto.h
@@ -298,7 +298,7 @@ void init_backup_dir(void);
 int delete_lockfile(const char *lockfilename);
 int write_lockfile(const char *lockfilename, const char *origfilename, bool modified);
 #endif
 -int copy_file(FILE *inn, FILE *out);
 +int copy_file(FILE *inn, FILE *out, bool close_out);
 bool write_file(const char *name, FILE *f_open, bool tmp,
 	kind_of_writing_type method, bool nonamechange);
 #ifndef NANO_TINY
 -- 
 2.9.3
--- a/nano-2.8.0.tar.gz.asc
+++ b/nano-2.8.0.tar.gz.asc
@ -1,11 +0,0 @@
 -----BEGIN PGP SIGNATURE-----
 iQEzBAABCAAdFiEEp/amSmfaCe+SeC3XnfSGKvEXXFsFAljeHL8ACgkQnfSGKvEX
 XFvzkwf/YbAe+RfETWd7nZlw+c9CqntPLqcc1mVnCOO9ng3a7wAyCfzuHtgg0m63
 vYufpYxi/AyFwTjv8GyPnqcVGdwqXiY06kKsPSh+3vP8ChIujYoAfrTXZoX4qGhP
 68xX0ZxioR6NOUZ+Nwxa2n4VJO6q+P0fJKe2NoiX+tLRgErpZl/NPVdL+ekKWaau
 iJ3snxkMNrm0cC6KnZn6eYr+mSaLY85StoCFX5l9dhkm+RtZfYx8RuFF69oSItW5
 Q7PcSxtDj0/e+0ZhkM6gdbTEY7SAqdmAgs6vIt2CQZ16l8FAfRFd+r7rWsnKJFyU
 OW8RlvHHNkbxeSrlLEmM4bspZ3zj5A==
 =ZCcd
 -----END PGP SIGNATURE-----
--- a/nano-2.8.1.tar.gz.asc
+++ b/nano-2.8.1.tar.gz.asc
@ -0,0 +1,11 @@
 -----BEGIN PGP SIGNATURE-----
 iQEzBAABCAAdFiEEp/amSmfaCe+SeC3XnfSGKvEXXFsFAljt49YACgkQnfSGKvEX
 XFtKQggAgERS3BJ5achC9Q7oj9TGbTwparikEjUQ55A6lZBJKeaTciyj6kqJLHgT
 j004eE0r6NFnQe5S5TB8UsjRRMg2ruoLoYOjotMOChEwAi3MQioqVeKI0+opqMm6
 XikBNe2tqZCc9Rsy/DHpr/dBSk8vxuKSxsFhoUNdceWaqhxVm1FjzuRfGU721wc5
 vxIWqD6gsJaJBsNm2tB7zYKftOWz02DVvrDejYU5l4/EELoQkd1jdrZIQlGj+NNn
 qLiRdSYNQBuPJrEg+RMK97d2VXh+avrCXIlq5phni3uQwaAm4XpBqO3BcwH/1wM6
 3fWpoGCYaGhP8ci8tuT5gPGE7OgddA==
 =kG90
 -----END PGP SIGNATURE-----
--- a/nano.spec
+++ b/nano.spec
@ -1,15 +1,12 @@
 Summary:         A small text editor
 Name:            nano
-Version:         2.8.0
+Version:         2.8.1
-Release:         2%{?dist}
+Release:         1%{?dist}
 License:         GPLv3+
 URL:             https://www.nano-editor.org
 Source:          https://www.nano-editor.org/dist/v2.8/%{name}-%{version}.tar.gz
 Source2:         nanorc
 # backup: prevent a symlink attack by operating on the file descriptor
 Patch1:          0001-nano-2.8.0-backup-futimens.patch
 BuildRequires:   file-devel
 BuildRequires:   gettext-devel
 BuildRequires:   git
@ -81,6 +78,9 @@ exit 0
 %{_datadir}/nano
 %changelog
 * Wed Apr 12 2017 Kamil Dudka <kdudka@redhat.com> - 2.8.1-1
 - new upstream release
 * Tue Apr 04 2017 Kamil Dudka <kdudka@redhat.com> - 2.8.0-2
 - use upstream patch to prevent symlink attack while creating a backup
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (nano-2.8.0.tar.gz) = 75631ddddf960aadfffb3d5df235e7b47118ee3050118927677a94036a87f9d7dfee9f0a75bd5dc6813c12e4edd51d7836c9173057d5caebf55ba9cfaafc6159
+SHA512 (nano-2.8.1.tar.gz) = 00184c311973f99364daa1102cc3e8d8c95ef5e77532f7514dba977685beb86a40b5f81cd6e931b7f9b2af868dc0c4677b23f3f11f6a1b78cedabeb249667dae
`@ -1 +1 @@`
	`SHA512 (nano-2.8.0.tar.gz) = 75631ddddf960aadfffb3d5df235e7b47118ee3050118927677a94036a87f9d7dfee9f0a75bd5dc6813c12e4edd51d7836c9173057d5caebf55ba9cfaafc6159`	`SHA512 (nano-2.8.1.tar.gz) = 00184c311973f99364daa1102cc3e8d8c95ef5e77532f7514dba977685beb86a40b5f81cd6e931b7f9b2af868dc0c4677b23f3f11f6a1b78cedabeb249667dae`