Compare commits
No commits in common. "c8s" and "c8-beta" have entirely different histories.
3
.gitignore
vendored
3
.gitignore
vendored
@ -1,2 +1 @@
|
|||||||
/nano-2.*.*.tar.gz
|
SOURCES/nano-2.9.8.tar.gz
|
||||||
/nano-2.*.*/
|
|
||||||
|
1
.nano.metadata
Normal file
1
.nano.metadata
Normal file
@ -0,0 +1 @@
|
|||||||
|
f0b55fbc16d4ecf259b9f25a028fe2e381f02d08 SOURCES/nano-2.9.8.tar.gz
|
@ -1,15 +1,12 @@
|
|||||||
Summary: A small text editor
|
Summary: A small text editor
|
||||||
Name: nano
|
Name: nano
|
||||||
Version: 2.9.8
|
Version: 2.9.8
|
||||||
Release: 3%{?dist}
|
Release: 1%{?dist}
|
||||||
License: GPLv3+
|
License: GPLv3+
|
||||||
URL: https://www.nano-editor.org
|
URL: https://www.nano-editor.org
|
||||||
Source: https://www.nano-editor.org/dist/v2.9/%{name}-%{version}.tar.gz
|
Source: https://www.nano-editor.org/dist/v2.9/%{name}-%{version}.tar.gz
|
||||||
Source2: nanorc
|
Source2: nanorc
|
||||||
|
|
||||||
# fix emergency file replacement vulnerability (CVE-2024-5742)
|
|
||||||
Patch0: nano-2.9.8-emergency-file-replace-vuln.patch
|
|
||||||
|
|
||||||
BuildRequires: file-devel
|
BuildRequires: file-devel
|
||||||
BuildRequires: gettext-devel
|
BuildRequires: gettext-devel
|
||||||
BuildRequires: gcc
|
BuildRequires: gcc
|
||||||
@ -83,13 +80,6 @@ exit 0
|
|||||||
%{_datadir}/nano
|
%{_datadir}/nano
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Thu Jul 11 2024 Lukáš Zaoral <lzaoral@redhat.com> - 2.9.8-3
|
|
||||||
- fix incomplete backport of the fix for the emergency file replacement
|
|
||||||
vulnerability (RHEL-35236)
|
|
||||||
|
|
||||||
* Thu Jul 04 2024 Lukáš Zaoral <lzaoral@redhat.com> - 2.9.8-2
|
|
||||||
- fix emergency file replacement vulnerability (RHEL-35236)
|
|
||||||
|
|
||||||
* Mon Jun 04 2018 Kamil Dudka <kdudka@redhat.com> - 2.9.8-1
|
* Mon Jun 04 2018 Kamil Dudka <kdudka@redhat.com> - 2.9.8-1
|
||||||
- new upstream release
|
- new upstream release
|
||||||
|
|
@ -1,110 +0,0 @@
|
|||||||
From 5e7a3c2e7e118c7f12d5dfda9f9140f638976aa2 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Benno Schulenberg <bensberg@telfort.nl>
|
|
||||||
Date: Sun, 28 Apr 2024 10:51:52 +0200
|
|
||||||
Subject: files: run `chmod` and `chown` on the descriptor, not on the filename
|
|
||||||
|
|
||||||
This closes a window of opportunity where the emergency file could be
|
|
||||||
replaced by a malicious symlink.
|
|
||||||
|
|
||||||
The issue was reported by `MartinJM` and `InvisibleMeerkat`.
|
|
||||||
|
|
||||||
Problem existed since version 2.2.0, commit 123110c5, when chmodding
|
|
||||||
and chowning of the emergency .save file was added.
|
|
||||||
|
|
||||||
Cherry-picked-by: Lukáš Zaoral <lzaoral@redhat.com>
|
|
||||||
Upstream-commit: 5e7a3c2e7e118c7f12d5dfda9f9140f638976aa2
|
|
||||||
|
|
||||||
---
|
|
||||||
src/files.c | 18 +++++++++++++++---
|
|
||||||
src/nano.c | 12 +-----------
|
|
||||||
src/nano.h | 2 +-
|
|
||||||
3 files changed, 17 insertions(+), 15 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/files.c b/src/files.c
|
|
||||||
index 8cdf195..e822068 100644
|
|
||||||
--- a/src/files.c
|
|
||||||
+++ b/src/files.c
|
|
||||||
@@ -1551,7 +1551,7 @@ bool write_file(const char *name, FILE *f_open, bool tmp,
|
|
||||||
* set retval and then goto cleanup_and_exit. */
|
|
||||||
size_t lineswritten = 0;
|
|
||||||
const filestruct *fileptr = openfile->fileage;
|
|
||||||
- int fd;
|
|
||||||
+ int fd = 0;
|
|
||||||
/* The file descriptor we use. */
|
|
||||||
mode_t original_umask = 0;
|
|
||||||
/* Our umask, from when nano started. */
|
|
||||||
@@ -1920,14 +1920,26 @@ bool write_file(const char *name, FILE *f_open, bool tmp,
|
|
||||||
goto cleanup_and_exit;
|
|
||||||
}
|
|
||||||
|
|
||||||
- if (copy_file(f_source, f, TRUE) != 0) {
|
|
||||||
+ if (copy_file(f_source, f, FALSE) != 0) {
|
|
||||||
statusline(ALERT, _("Error writing %s: %s"), realname,
|
|
||||||
strerror(errno));
|
|
||||||
goto cleanup_and_exit;
|
|
||||||
}
|
|
||||||
|
|
||||||
unlink(tempname);
|
|
||||||
- } else if (fclose(f) != 0) {
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+#ifndef NANO_TINY
|
|
||||||
+ /* Change permissions and owner of an emergency save file to the values
|
|
||||||
+ * of the original file, but ignore any failure as we are in a hurry. */
|
|
||||||
+ if (method == EMERGENCY && fd && openfile->current_stat) {
|
|
||||||
+ IGNORE_CALL_RESULT(fchmod(fd, openfile->current_stat->st_mode));
|
|
||||||
+ IGNORE_CALL_RESULT(fchown(fd, openfile->current_stat->st_uid,
|
|
||||||
+ openfile->current_stat->st_gid));
|
|
||||||
+ }
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
+ if (fclose(f) != 0) {
|
|
||||||
statusline(ALERT, _("Error writing %s: %s"), realname,
|
|
||||||
strerror(errno));
|
|
||||||
goto cleanup_and_exit;
|
|
||||||
diff --git a/src/nano.c b/src/nano.c
|
|
||||||
index 79b5450..9b9c468 100644
|
|
||||||
--- a/src/nano.c
|
|
||||||
+++ b/src/nano.c
|
|
||||||
@@ -644,7 +644,7 @@ void emergency_save(const char *die_filename, struct stat *die_stat)
|
|
||||||
targetname = get_next_filename(die_filename, ".save");
|
|
||||||
|
|
||||||
if (*targetname != '\0')
|
|
||||||
- failed = !write_file(targetname, NULL, TRUE, OVERWRITE, FALSE);
|
|
||||||
+ failed = !write_file(targetname, NULL, TRUE, EMERGENCY, FALSE);
|
|
||||||
|
|
||||||
if (!failed)
|
|
||||||
fprintf(stderr, _("\nBuffer written to %s\n"), targetname);
|
|
||||||
@@ -655,16 +655,6 @@ void emergency_save(const char *die_filename, struct stat *die_stat)
|
|
||||||
fprintf(stderr, _("\nBuffer not written: %s\n"),
|
|
||||||
_("Too many backup files?"));
|
|
||||||
|
|
||||||
-#ifndef NANO_TINY
|
|
||||||
- /* Try to chmod/chown the saved file to the values of the original file,
|
|
||||||
- * but ignore any failure as we are in a hurry to get out. */
|
|
||||||
- if (die_stat) {
|
|
||||||
- IGNORE_CALL_RESULT(chmod(targetname, die_stat->st_mode));
|
|
||||||
- IGNORE_CALL_RESULT(chown(targetname, die_stat->st_uid,
|
|
||||||
- die_stat->st_gid));
|
|
||||||
- }
|
|
||||||
-#endif
|
|
||||||
-
|
|
||||||
free(targetname);
|
|
||||||
}
|
|
||||||
|
|
||||||
diff --git a/src/nano.h b/src/nano.h
|
|
||||||
index 4fd186a..5e22fb7 100644
|
|
||||||
--- a/src/nano.h
|
|
||||||
+++ b/src/nano.h
|
|
||||||
@@ -157,7 +157,7 @@ typedef enum {
|
|
||||||
} message_type;
|
|
||||||
|
|
||||||
typedef enum {
|
|
||||||
- OVERWRITE, APPEND, PREPEND
|
|
||||||
+ OVERWRITE, APPEND, PREPEND, EMERGENCY
|
|
||||||
} kind_of_writing_type;
|
|
||||||
|
|
||||||
typedef enum {
|
|
||||||
--
|
|
||||||
2.45.2
|
|
||||||
|
|
@ -1,16 +0,0 @@
|
|||||||
-----BEGIN PGP SIGNATURE-----
|
|
||||||
|
|
||||||
iQIzBAABCAAdFiEEv9AJBh5TUFKtDfIVDSjU0qCs6IQFAlsSVMkACgkQDSjU0qCs
|
|
||||||
6IR99BAAnWR+QygOw1tCFHtCM83K3Z+Ufgjy/WuiJYRZVB3FUVM8L2sq+KY8DMHN
|
|
||||||
/8jW5ztibvZI7hTfEMCeaPOS+y4vkScSCW/qb6qK81rDswsDESvGulA1nHLayS++
|
|
||||||
0b34A2PmgMpPsFf2qPac7TQ13xjUxCnV/Qt03yfRnKPoo3YoJRnxKw4vH2DJWIGz
|
|
||||||
/77IwUlGUufEaZZ0U5JzOKr35o1pPA+sP/wje976v28Qxv9e9WDEsc2ks3dNsKWu
|
|
||||||
aS0orQYHmHcxUy1vrxPwYrBt38CFzTOoBMPewe9d/mHMgDooX5HBhZ4fC4Ov0LIy
|
|
||||||
TRiXZeyx2ArVwsmgcPo8J2Ly5BDAIQnLEJdfSIU2qCckGmMrzQaGuuYRLqNGG8Up
|
|
||||||
/mYc/Xkfg8iYv/GN2UfwWPsWI1S3yaHhwgVjWXj5+Ma5agtZTvdLgIdRf0d/s2oh
|
|
||||||
oLNFv4DEhPE3jrliYNMqso5MP2E5Q5V6h7ubLRFyZr8fQmvMtU8gCqAsB8f/pTo1
|
|
||||||
51wpM8S8I8U/PUFEoDH1Yjfno6XWnqeL0YmlLXMHVE065j/fNb5qn0xo6T+bCgrb
|
|
||||||
uyCzR33QvfEJMya8GkPW/KK+Q1Vk0BBg/d9loA0OcApkrHDOqDfZenHIE2t1vZ/V
|
|
||||||
Wdaq+VdodYHaY6YzTPrAYwkQwzV6EY/aJfgNyeAb8v/JgpQGpVA=
|
|
||||||
=JHeW
|
|
||||||
-----END PGP SIGNATURE-----
|
|
Loading…
Reference in New Issue
Block a user