Accepting request 226074 from home:dnh:branches:Base:System

Just so we get this upstream(ed) (security) fix in B:S, even though fish is and should stay disabled for now (bnc#856501 / mc ticket #3128). I'm committing this so that we have a common ground to work from. OBS-URL: https://build.opensuse.org/request/show/226074 OBS-URL: https://build.opensuse.org/package/show/Base:System/mc?expand=0&rev=88
2014-03-16 04:07:49 +00:00 · 2014-03-16 04:07:49 +00:00 · 71d2e0462f
commit 71d2e0462f
parent a0f20b3289
4 changed files with 171 additions and 0 deletions
--- a/mc-vfs-fish-deleted_source_file.patch
+++ b/mc-vfs-fish-deleted_source_file.patch
@ -0,0 +1,120 @@
+diff -rup mc-4.8.11.orig/src/filemanager/file.c mc-4.8.11/src/filemanager/file.c
+--- mc-4.8.11.orig/src/filemanager/file.c	2013-11-29 19:27:07.000000000 +0100
+++ mc-4.8.11/src/filemanager/file.c	2014-01-14 00:09:30.540439661 +0100
+@@ -1914,6 +1914,8 @@ copy_file_file (FileOpTotalContext * tct
+             continue;
+         if (temp_status == FILE_ABORT)
+             return_status = temp_status;
+        if (temp_status == FILE_SKIP)
+            return_status = temp_status;
+         if (temp_status == FILE_SKIPALL)
+             ctx->skip_all = TRUE;
+         break;
+@@ -1924,6 +1926,8 @@ copy_file_file (FileOpTotalContext * tct
+         temp_status = file_error (_("Cannot close target file \"%s\"\n%s"), dst_path);
+         if (temp_status == FILE_RETRY)
+             continue;
+        if (temp_status == FILE_SKIP)
+            return_status = temp_status;
+         if (temp_status == FILE_SKIPALL)
+             ctx->skip_all = TRUE;
+         return_status = temp_status;
+@@ -1957,10 +1961,10 @@ copy_file_file (FileOpTotalContext * tct
+                 if (temp_status == FILE_SKIPALL)
+                 {
+                     ctx->skip_all = TRUE;
+-                    return_status = FILE_CONT;
+                    return_status = FILE_SKIPALL;
+                 }
+                 if (temp_status == FILE_SKIP)
+-                    return_status = FILE_CONT;
+                    return_status = FILE_SKIP;
+                 break;
+             }
+         }
+@@ -1977,10 +1981,10 @@ copy_file_file (FileOpTotalContext * tct
+                     if (temp_status == FILE_SKIPALL)
+                     {
+                         ctx->skip_all = TRUE;
+-                        return_status = FILE_CONT;
+                        return_status = FILE_SKIPALL;
+                     }
+                     if (temp_status == FILE_SKIP)
+-                        return_status = FILE_CONT;
+                        return_status = FILE_SKIP;
+                     break;
+                 }
+             }
+diff -rup mc-4.8.11.orig/src/vfs/fish/fishdef.h mc-4.8.11/src/vfs/fish/fishdef.h
+--- mc-4.8.11.orig/src/vfs/fish/fishdef.h	2013-04-10 22:04:31.000000000 +0200
+++ mc-4.8.11/src/vfs/fish/fishdef.h	2014-01-13 23:54:30.773582204 +0100
+@@ -145,13 +145,19 @@
+ "FILESIZE=${FISH_FILESIZE}\n"                                             \
+ "#STOR $FILESIZE $FILENAME\n"                                             \
+ "echo \"### 001\"\n"                                                      \
+"touch $FILENAME 2>/dev/null\n"                                           \
+"if [ -f $FILENAME ]; then\n"                                             \
+"rm $FILENAME\n"                                                          \
+ "{\n"                                                                     \
+ "    while [ $FILESIZE -gt 0 ]; do\n"                                     \
+ "        cnt=`expr \\( $FILESIZE + 255 \\) / 256`\n"                      \
+ "        n=`dd bs=256 count=$cnt | tee -a \"${FILENAME}\" | wc -c`\n"     \
+ "        FILESIZE=`expr $FILESIZE - $n`\n"                                \
+ "    done\n"                                                              \
+-"}; echo \"### 200\"\n"
+"}; echo \"### 200\"\n"                                                   \
+"else\n"                                                                  \
+"    echo \"### 500\"\n"                                                  \
+"fi\n"
+ 
+ /* default 'appe'  script */
+ #define FISH_APPEND_DEF_CONTENT ""                                        \
+diff -rup mc-4.8.11.orig/src/vfs/fish/helpers/chmod mc-4.8.11/src/vfs/fish/helpers/chmod
+--- mc-4.8.11.orig/src/vfs/fish/helpers/chmod	2013-04-10 22:04:31.000000000 +0200
+++ mc-4.8.11/src/vfs/fish/helpers/chmod	2014-01-13 23:54:30.773582204 +0100
+@@ -1,6 +1,7 @@
+ #CHMOD $FISH_FILEMODE $FISH_FILENAME
+-if chmod ${FISH_FILEMODE} "/${FISH_FILENAME}" 2>/dev/null; then
+-    echo "### 000"
+-else
+chmod ${FISH_FILEMODE} "/${FISH_FILENAME}" 2>/dev/null
+if [ $? -ne 0 ]; then
+     echo "### 500"
+else
+    echo "### 000"
+ fi
+diff -rup mc-4.8.11.orig/src/vfs/fish/helpers/chown mc-4.8.11/src/vfs/fish/helpers/chown
+--- mc-4.8.11.orig/src/vfs/fish/helpers/chown	2013-04-10 22:04:31.000000000 +0200
+++ mc-4.8.11/src/vfs/fish/helpers/chown	2014-01-13 23:54:30.774582155 +0100
+@@ -1,6 +1,7 @@
+ #CHOWN $FISH_FILEOWNER:$FISH_FILEGROUP $FISH_FILENAME
+-if chown ${FISH_FILEOWNER}:${FISH_FILEGROUP} "/${FISH_FILENAME}" ; then
+-    echo "### 000"
+-else
+chown ${FISH_FILEOWNER}:${FISH_FILEGROUP} "/${FISH_FILENAME}"
+if [ $? -ne 0 ]; then
+     echo "### 500"
+else
+    echo "### 000"
+ fi
+diff -rup mc-4.8.11.orig/src/vfs/fish/helpers/send mc-4.8.11/src/vfs/fish/helpers/send
+--- mc-4.8.11.orig/src/vfs/fish/helpers/send	2013-04-10 22:04:31.000000000 +0200
+++ mc-4.8.11/src/vfs/fish/helpers/send	2014-01-13 23:54:30.774582155 +0100
+@@ -1,6 +1,9 @@
+ #STOR $FISH_FILESIZE $FISH_FILENAME
+ FILENAME="/${FISH_FILENAME}"
+ echo "### 001"
+touch $FILENAME 2>/dev/null
+if [ -f $FILENAME ]; then
+rm $FILENAME 2>/dev/null
+ {
+     > "${FILENAME}"
+     bss=4096
+@@ -15,3 +18,6 @@ echo "### 001"
+         FISH_FILESIZE=`expr $FISH_FILESIZE - $n`
+     done
+ }; echo "### 200"
+else
+    echo "### 500"
+fi
+
--- a/mc-vfs_fish_helpers_ls-formatstring.diff
+++ b/mc-vfs_fish_helpers_ls-formatstring.diff
@ -0,0 +1,18 @@
+--- src/vfs/fish/helpers/ls.orig	2013-04-10 22:04:31.000000000 +0200
+++ src/vfs/fish/helpers/ls	2014-03-15 15:35:18.000000000 +0100
+@@ -137,9 +137,13 @@
+     if (S_ISLNK ($mode)) {
+         my $linkname = readlink ("$dirname/$filename");
+         $linkname =~ $strutils_shell_escape_regex;
+-        printf("R%%o %%o $uid.$gid\nS$size\nd$mloctime\n:\"$e_filename\" -> \"$linkname\"\n\n", S_IMODE($mode), S_IFMT($mode));
+        printf("R%%o %%o %%i.%%i\nS%%lld\nd%%s\n:\"%%s\" -> \"%%s\"\n\n",
+             S_IMODE($mode), S_IFMT($mode),
+             $uid, $gid, $size, $mloctime, $e_filename, $linkname);
+     } else {
+-        printf("R%%o %%o $uid.$gid\nS$size\nd$mloctime\n:\"$e_filename\"\n\n", S_IMODE($mode), S_IFMT($mode));
+        printf("R%%o %%o %%i.%%i\nS%%lld\nd%%s\n:\"%%s\"\n\n",
+             S_IMODE($mode), S_IFMT($mode),
+             $uid, $gid, $size, $mloctime, $e_filename);
+     }
+ }
+     printf("### 200\n");
--- a/mc.changes
+++ b/mc.changes
@ -1,9 +1,31 @@
+-------------------------------------------------------------------
+Sat Mar 15 15:35:23 UTC 2014 - dnh@opensuse.org
+
+- fix bug ("%i" is not an appropriate format for off_t) in
+  mc-vfs_fish_helpers_ls-formatstring.diff, thanks to andrew_b
+  of upstream in mc-ticket:2983
+
+Sat Mar 15 13:58:42 UTC 2014 - dnh@opensuse.org
+
+- add mc-vfs_fish_helpers_ls-formatstring.diff
+  fixing possible format-string attack via filename
+  http://www.midnight-commander.org/ticket/2983
+  until http://www.midnight-commander.org/ticket/3128
+  is fixed, fish should stay disabled though!
+
 -------------------------------------------------------------------
 Thu Jan 30 21:47:13 UTC 2014 - jengelh@inai.de

 - Spec metadata update, remove redundant %clean section,
  do parallel build with %_smp_mflags

+-------------------------------------------------------------------
+Tue Jan 14 03:37:35 UTC 2014 - dnh@opensuse.org
+
+- add preliminary patch by Sebastian Siebert
+  mc-vfs-fish-deleted_source_file.patch
+  bnc#856501 and http://www.midnight-commander.org/ticket/3128
+
 -------------------------------------------------------------------
 Fri Jan 10 20:51:29 UTC 2014 - dnh@opensuse.org

--- a/mc.spec
+++ b/mc.spec
@ -45,11 +45,20 @@ Patch17:        mc-rpm.patch
 Patch20:        mc-f-keys.patch
 Patch21:        mc-extfs-helpers-deb.patch

+# add patch. bnc#856501
+# http://www.midnight-commander.org/ticket/3128
+Patch22:        mc-vfs-fish-deleted_source_file.patch
+
 # add mc-extfs-iso9660-xorriso.patch
 # fixing iso9660 extfs directory handling using xorriso
 # http://www.midnight-commander.org/ticket/3122
 Patch23:        mc-extfs-iso9660-xorriso.patch

+# add mc-vfs_fish_helpers_ls-formatstring.diff
+# fixing possible format-string attack via filename
+# bnc#850803, http://www.midnight-commander.org/ticket/2983
+Patch25:        mc-vfs_fish_helpers_ls-formatstring.diff
+
 #debian fixes for vfs
 Patch24:        02_ignore_ftp_chmod_error.patch
 #Debian fixes
@ -118,6 +127,8 @@ isoinfo (from mkisofs) or xorriso for the iso:// extension.
 %patch18
 %patch20
 %patch21
+%patch22 -p1
+%patch25
 %patch23 -p1
 %patch24
 %patch31