Accepting request 226074 from home:dnh:branches:Base:System

Just so we get this upstream(ed) (security) fix in B:S, even though fish is and should stay disabled for now (bnc#856501 / mc ticket #3128). I'm committing this so that we have a common ground to work from.

OBS-URL: https://build.opensuse.org/request/show/226074
OBS-URL: https://build.opensuse.org/package/show/Base:System/mc?expand=0&rev=88

mc-vfs-fish-deleted_source_file.patch

@@ -0,0 +1,120 @@
+diff -rup mc-4.8.11.orig/src/filemanager/file.c mc-4.8.11/src/filemanager/file.c
+--- mc-4.8.11.orig/src/filemanager/file.c	2013-11-29 19:27:07.000000000 +0100
++++ mc-4.8.11/src/filemanager/file.c	2014-01-14 00:09:30.540439661 +0100
+@@ -1914,6 +1914,8 @@ copy_file_file (FileOpTotalContext * tct
+             continue;
+         if (temp_status == FILE_ABORT)
+             return_status = temp_status;
++        if (temp_status == FILE_SKIP)
++            return_status = temp_status;
+         if (temp_status == FILE_SKIPALL)
+             ctx->skip_all = TRUE;
+         break;
+@@ -1924,6 +1926,8 @@ copy_file_file (FileOpTotalContext * tct
+         temp_status = file_error (_("Cannot close target file \"%s\"\n%s"), dst_path);
+         if (temp_status == FILE_RETRY)
+             continue;
++        if (temp_status == FILE_SKIP)
++            return_status = temp_status;
+         if (temp_status == FILE_SKIPALL)
+             ctx->skip_all = TRUE;
+         return_status = temp_status;
+@@ -1957,10 +1961,10 @@ copy_file_file (FileOpTotalContext * tct
+                 if (temp_status == FILE_SKIPALL)
+                 {
+                     ctx->skip_all = TRUE;
+-                    return_status = FILE_CONT;
++                    return_status = FILE_SKIPALL;
+                 }
+                 if (temp_status == FILE_SKIP)
+-                    return_status = FILE_CONT;
++                    return_status = FILE_SKIP;
+                 break;
+             }
+         }
+@@ -1977,10 +1981,10 @@ copy_file_file (FileOpTotalContext * tct
+                     if (temp_status == FILE_SKIPALL)
+                     {
+                         ctx->skip_all = TRUE;
+-                        return_status = FILE_CONT;
++                        return_status = FILE_SKIPALL;
+                     }
+                     if (temp_status == FILE_SKIP)
+-                        return_status = FILE_CONT;
++                        return_status = FILE_SKIP;
+                     break;
+                 }
+             }
+diff -rup mc-4.8.11.orig/src/vfs/fish/fishdef.h mc-4.8.11/src/vfs/fish/fishdef.h
+--- mc-4.8.11.orig/src/vfs/fish/fishdef.h	2013-04-10 22:04:31.000000000 +0200
++++ mc-4.8.11/src/vfs/fish/fishdef.h	2014-01-13 23:54:30.773582204 +0100
+@@ -145,13 +145,19 @@
+ "FILESIZE=${FISH_FILESIZE}\n"                                             \
+ "#STOR $FILESIZE $FILENAME\n"                                             \
+ "echo \"### 001\"\n"                                                      \
++"touch $FILENAME 2>/dev/null\n"                                           \
++"if [ -f $FILENAME ]; then\n"                                             \
++"rm $FILENAME\n"                                                          \
+ "{\n"                                                                     \
+ "    while [ $FILESIZE -gt 0 ]; do\n"                                     \
+ "        cnt=`expr \\( $FILESIZE + 255 \\) / 256`\n"                      \
+ "        n=`dd bs=256 count=$cnt | tee -a \"${FILENAME}\" | wc -c`\n"     \
+ "        FILESIZE=`expr $FILESIZE - $n`\n"                                \
+ "    done\n"                                                              \
+-"}; echo \"### 200\"\n"
++"}; echo \"### 200\"\n"                                                   \
++"else\n"                                                                  \
++"    echo \"### 500\"\n"                                                  \
++"fi\n"
+ 
+ /* default 'appe'  script */
+ #define FISH_APPEND_DEF_CONTENT ""                                        \
+diff -rup mc-4.8.11.orig/src/vfs/fish/helpers/chmod mc-4.8.11/src/vfs/fish/helpers/chmod
+--- mc-4.8.11.orig/src/vfs/fish/helpers/chmod	2013-04-10 22:04:31.000000000 +0200
++++ mc-4.8.11/src/vfs/fish/helpers/chmod	2014-01-13 23:54:30.773582204 +0100
+@@ -1,6 +1,7 @@
+ #CHMOD $FISH_FILEMODE $FISH_FILENAME
+-if chmod ${FISH_FILEMODE} "/${FISH_FILENAME}" 2>/dev/null; then
+-    echo "### 000"
+-else
++chmod ${FISH_FILEMODE} "/${FISH_FILENAME}" 2>/dev/null
++if [ $? -ne 0 ]; then
+     echo "### 500"
++else
++    echo "### 000"
+ fi
+diff -rup mc-4.8.11.orig/src/vfs/fish/helpers/chown mc-4.8.11/src/vfs/fish/helpers/chown
+--- mc-4.8.11.orig/src/vfs/fish/helpers/chown	2013-04-10 22:04:31.000000000 +0200
++++ mc-4.8.11/src/vfs/fish/helpers/chown	2014-01-13 23:54:30.774582155 +0100
+@@ -1,6 +1,7 @@
+ #CHOWN $FISH_FILEOWNER:$FISH_FILEGROUP $FISH_FILENAME
+-if chown ${FISH_FILEOWNER}:${FISH_FILEGROUP} "/${FISH_FILENAME}" ; then
+-    echo "### 000"
+-else
++chown ${FISH_FILEOWNER}:${FISH_FILEGROUP} "/${FISH_FILENAME}"
++if [ $? -ne 0 ]; then
+     echo "### 500"
++else
++    echo "### 000"
+ fi
+diff -rup mc-4.8.11.orig/src/vfs/fish/helpers/send mc-4.8.11/src/vfs/fish/helpers/send
+--- mc-4.8.11.orig/src/vfs/fish/helpers/send	2013-04-10 22:04:31.000000000 +0200
++++ mc-4.8.11/src/vfs/fish/helpers/send	2014-01-13 23:54:30.774582155 +0100
+@@ -1,6 +1,9 @@
+ #STOR $FISH_FILESIZE $FISH_FILENAME
+ FILENAME="/${FISH_FILENAME}"
+ echo "### 001"
++touch $FILENAME 2>/dev/null
++if [ -f $FILENAME ]; then
++rm $FILENAME 2>/dev/null
+ {
+     > "${FILENAME}"
+     bss=4096
+@@ -15,3 +18,6 @@ echo "### 001"
+         FISH_FILESIZE=`expr $FISH_FILESIZE - $n`
+     done
+ }; echo "### 200"
++else
++    echo "### 500"
++fi
+

mc-vfs_fish_helpers_ls-formatstring.diff

@@ -0,0 +1,18 @@
+--- src/vfs/fish/helpers/ls.orig	2013-04-10 22:04:31.000000000 +0200
++++ src/vfs/fish/helpers/ls	2014-03-15 15:35:18.000000000 +0100
+@@ -137,9 +137,13 @@
+     if (S_ISLNK ($mode)) {
+         my $linkname = readlink ("$dirname/$filename");
+         $linkname =~ $strutils_shell_escape_regex;
+-        printf("R%%o %%o $uid.$gid\nS$size\nd$mloctime\n:\"$e_filename\" -> \"$linkname\"\n\n", S_IMODE($mode), S_IFMT($mode));
++        printf("R%%o %%o %%i.%%i\nS%%lld\nd%%s\n:\"%%s\" -> \"%%s\"\n\n",
++             S_IMODE($mode), S_IFMT($mode),
++             $uid, $gid, $size, $mloctime, $e_filename, $linkname);
+     } else {
+-        printf("R%%o %%o $uid.$gid\nS$size\nd$mloctime\n:\"$e_filename\"\n\n", S_IMODE($mode), S_IFMT($mode));
++        printf("R%%o %%o %%i.%%i\nS%%lld\nd%%s\n:\"%%s\"\n\n",
++             S_IMODE($mode), S_IFMT($mode),
++             $uid, $gid, $size, $mloctime, $e_filename);
+     }
+ }
+     printf("### 200\n");

mc.changes

@@ -1,9 +1,31 @@
+-------------------------------------------------------------------
+Sat Mar 15 15:35:23 UTC 2014 - dnh@opensuse.org
+
+- fix bug ("%i" is not an appropriate format for off_t) in
+  mc-vfs_fish_helpers_ls-formatstring.diff, thanks to andrew_b
+  of upstream in mc-ticket:2983
+
+Sat Mar 15 13:58:42 UTC 2014 - dnh@opensuse.org
+
+- add mc-vfs_fish_helpers_ls-formatstring.diff
+  fixing possible format-string attack via filename
+  http://www.midnight-commander.org/ticket/2983
+  until http://www.midnight-commander.org/ticket/3128
+  is fixed, fish should stay disabled though!
+
 -------------------------------------------------------------------
 Thu Jan 30 21:47:13 UTC 2014 - jengelh@inai.de
 
 - Spec metadata update, remove redundant %clean section,
   do parallel build with %_smp_mflags
 
+-------------------------------------------------------------------
+Tue Jan 14 03:37:35 UTC 2014 - dnh@opensuse.org
+
+- add preliminary patch by Sebastian Siebert
+  mc-vfs-fish-deleted_source_file.patch
+  bnc#856501 and http://www.midnight-commander.org/ticket/3128
+
 -------------------------------------------------------------------
 Fri Jan 10 20:51:29 UTC 2014 - dnh@opensuse.org
 

mc.spec

@@ -45,11 +45,20 @@ Patch17:        mc-rpm.patch
 Patch20:        mc-f-keys.patch
 Patch21:        mc-extfs-helpers-deb.patch
 
+# add patch. bnc#856501
+# http://www.midnight-commander.org/ticket/3128
+Patch22:        mc-vfs-fish-deleted_source_file.patch
+
 # add mc-extfs-iso9660-xorriso.patch
 # fixing iso9660 extfs directory handling using xorriso
 # http://www.midnight-commander.org/ticket/3122
 Patch23:        mc-extfs-iso9660-xorriso.patch
 
+# add mc-vfs_fish_helpers_ls-formatstring.diff
+# fixing possible format-string attack via filename
+# bnc#850803, http://www.midnight-commander.org/ticket/2983
+Patch25:        mc-vfs_fish_helpers_ls-formatstring.diff
+
 #debian fixes for vfs
 Patch24:        02_ignore_ftp_chmod_error.patch
 #Debian fixes
@@ -118,6 +127,8 @@ isoinfo (from mkisofs) or xorriso for the iso:// extension.
 %patch18
 %patch20
 %patch21
+%patch22 -p1
+%patch25
 %patch23 -p1
 %patch24
 %patch31