[nano/f12/master] CVE-2010-1160, CVE-2010-1161 (#582739)
Kamil Dudka
kdudka at fedoraproject.org
Tue Aug 17 12:41:40 UTC 2010
commit 050e5f731018c64a0a83790c49d0b6c47c185c76
Author: Kamil Dudka <kdudka at redhat.com>
Date: Tue Aug 17 14:40:48 2010 +0200
CVE-2010-1160, CVE-2010-1161 (#582739)
nano-2.0.9-bz582434-inc.patch | 68 +++++++++++++++++++++++++++++++++++++++++
nano.spec | 7 +++-
2 files changed, 74 insertions(+), 1 deletions(-)
---
diff --git a/nano-2.0.9-bz582434-inc.patch b/nano-2.0.9-bz582434-inc.patch
new file mode 100644
index 0000000..a6a8a33
--- /dev/null
+++ b/nano-2.0.9-bz582434-inc.patch
@@ -0,0 +1,68 @@
+diff --git a/src/files.c b/src/files.c
+index 408dba8..2e87856 100644
+--- a/src/files.c
++++ b/src/files.c
+@@ -1394,14 +1394,21 @@ bool write_file(const char *name, FILE *f_open, bool tmp, append_type
+ realexists = (stat(realname, &st) != -1);
+
+ #ifndef NANO_TINY
++ /* if we have not stat()d this file before (say, the user just
++ * specified it interactively), stat and save the value
++ * or else we will chase null pointers when we do
++ * modtime checks, preserve file times, etc. during backup */
++ if (openfile->current_stat == NULL && !tmp && realexists)
++ stat(realname, openfile->current_stat);
++
+ /* We backup only if the backup toggle is set, the file isn't
+ * temporary, and the file already exists. Furthermore, if we
+ * aren't appending, prepending, or writing a selection, we backup
+ * only if the file has not been modified by someone else since nano
+ * opened it. */
+ if (ISSET(BACKUP_FILE) && !tmp && realexists && ((append !=
+- OVERWRITE || openfile->mark_set) ||
+- openfile->current_stat->st_mtime == st.st_mtime)) {
++ OVERWRITE || openfile->mark_set) || (openfile->current_stat &&
++ openfile->current_stat->st_mtime == st.st_mtime))) {
+ int backup_fd;
+ FILE *backup_file;
+ char *backupname;
+@@ -1458,14 +1465,15 @@ bool write_file(const char *name, FILE *f_open, bool tmp, append_type
+ free(backuptemp);
+ backuptemp = get_next_filename(backupname, "~");
+ if (*backuptemp == '\0') {
+- statusbar(_("Error writing %s: %s"), backupname,
++ statusbar(_("Error writing backup file %s: %s"), backupname,
+ _("Too many backup files?"));
+ free(backuptemp);
+ free(backupname);
+- /* If we can't write to the backup, go on, since only
+- * saving the original file is better than saving
+- * nothing. */
+- goto skip_backup;
++ /* If we can't write to the backup, DONT go on, since
++ whatever caused the backup file to fail (e.g. disk
++ full may well cause the real file write to fail, which
++ means we could lose both the backup and the original! */
++ goto cleanup_and_exit;
+ } else {
+ free(backupname);
+ backupname = backuptemp;
+@@ -2022,6 +2030,18 @@ bool do_writeout(bool exiting)
+ continue;
+ }
+ }
++#ifndef NANO_TINY
++ /* Complain if the file exists, the name hasn't changed, and the
++ stat information we had before does not match what we have now */
++ else if (name_exists && openfile->current_stat && (openfile->current_stat->st_mtime < st.st_mtime ||
++ openfile->current_stat->st_dev != st.st_dev || openfile->current_stat->st_ino != st.st_ino)) {
++ i = do_yesno_prompt(FALSE,
++ _("File was modified since you opened it, continue saving ? "));
++ if (i == 0 || i == -1)
++ continue;
++ }
++#endif
++
+ }
+
+ /* Convert newlines to nulls, just before we save the
diff --git a/nano.spec b/nano.spec
index 9b321da..4d174f5 100644
--- a/nano.spec
+++ b/nano.spec
@@ -1,7 +1,7 @@
Summary: A small text editor
Name: nano
Version: 2.0.9
-Release: 6%{?dist}
+Release: 7%{?dist}
License: GPLv3+
Group: Applications/Editors
URL: http://www.nano-editor.org
@@ -9,6 +9,7 @@ Source: http://www.nano-editor.org/dist/v2.0/%{name}-%{version}.tar.gz
Source2: nanorc
Patch1: nano-2.0.9-warnings.patch
Patch2: nano-2.0.9-bz582434.patch
+Patch3: nano-2.0.9-bz582434-inc.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: autoconf
BuildRequires: gettext-devel
@@ -25,6 +26,7 @@ GNU nano is a small and friendly text editor.
%setup -q
%patch1 -p1
%patch2 -p1
+%patch3 -p1
for f in doc/man/fr/{nano.1,nanorc.5,rnano.1} ; do
iconv -f iso-8859-1 -t utf-8 -o $f.tmp $f && mv $f.tmp $f
touch $f.html
@@ -82,6 +84,9 @@ rm -rf %{buildroot}
%{_datadir}/nano
%changelog
+* Tue Aug 17 2010 Kamil Dudka <kdudka at redhat.com> - 2.0.9-7
+- CVE-2010-1160, CVE-2010-1161 (#582739)
+
* Thu Apr 15 2010 Kamil Dudka <kdudka at redhat.com> - 2.0.9-6
- CVE-2010-1160, CVE-2010-1161 (#582739)
More information about the scm-commits
mailing list