diff options
| author |   Ulrich Müller <ulm@gentoo.org> | 2008-04-11 14:00:12 +0000 |
|---|---|---|
| committer | Ulrich Müller <ulm@gentoo.org> | 2008-04-11 14:00:12 +0000 |
| commit | c810f831bb98f261045e90be0504a26b5cc5a620 (patch) | |
| tree | 2b0ffe0f4721e414bf6c73ccb79ffa3ad61e030d | |
| parent | Put different patches in separate files. (diff) | |
| download | emacs-patches-c810f831bb98f261045e90be0504a26b5cc5a620.tar.gz emacs-patches-c810f831bb98f261045e90be0504a26b5cc5a620.tar.bz2 emacs-patches-c810f831bb98f261045e90be0504a26b5cc5a620.zip | |
Add patch for bug 216880.emacs-21.4-patches-2
| -rw-r--r-- | emacs/21.4/16_all_vcdiff-tmp-race.patch | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/emacs/21.4/16_all_vcdiff-tmp-race.patch b/emacs/21.4/16_all_vcdiff-tmp-race.patch new file mode 100644 index 0000000..7f59d6a --- /dev/null +++ b/emacs/21.4/16_all_vcdiff-tmp-race.patch @@ -0,0 +1,25 @@ +Steve Grubb of Red Hat discovered that vcdiff script as shipped with Emacs +(confirmed in versions 20.7 to 22.1.50) uses temporary files insecurely, +which makes it possible for local attacker to conduct a symlink attack and +make the victim overwrite arbitrary file. + +diff -ur emacs-21.4.orig/lib-src/vcdiff emacs-21.4/lib-src/vcdiff +--- emacs-21.4.orig/lib-src/vcdiff 2006-09-28 12:07:51.000000000 -0400 ++++ emacs-21.4/lib-src/vcdiff 2006-09-28 15:58:53.000000000 -0400 +@@ -86,14 +86,14 @@ + case $f in + s.* | */s.*) + if +- rev1=/tmp/geta$$ ++ rev1=`mktemp /tmp/geta.XXXXXXXX` + get -s -p -k $sid1 "$f" > $rev1 && + case $sid2 in + '') + workfile=`expr " /$f" : '.*/s.\(.*\)'` + ;; + *) +- rev2=/tmp/getb$$ ++ rev2=`mktemp /tmp/getb.XXXXXXXX` + get -s -p -k $sid2 "$f" > $rev2 + workfile=$rev2 + esac |