5ddd4e358b
redis 3.2.2, also fix CVE-2013-7458 boo#991250 OBS-URL: https://build.opensuse.org/request/show/416021 OBS-URL: https://build.opensuse.org/package/show/server:database/redis?expand=0&rev=80
48 lines
1.4 KiB
Diff
48 lines
1.4 KiB
Diff
From 71536684a788dc859e42132a2c5a2b7373414375 Mon Sep 17 00:00:00 2001
|
|
From: antirez <antirez@gmail.com>
|
|
Date: Fri, 29 Jul 2016 11:28:16 +0200
|
|
Subject: [PATCH] Update linenoise to fix insecure redis-cli history file
|
|
creation.
|
|
|
|
The problem was fixed in antirez/linenoise repository applying a patch
|
|
contributed by @lamby. Here the new version is updated in the Redis
|
|
source tree.
|
|
|
|
Close #1418
|
|
Close #3322
|
|
---
|
|
deps/linenoise/linenoise.c | 7 ++++++-
|
|
1 file changed, 6 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/deps/linenoise/linenoise.c b/deps/linenoise/linenoise.c
|
|
index a807d9b..fce14a7 100644
|
|
--- a/deps/linenoise/linenoise.c
|
|
+++ b/deps/linenoise/linenoise.c
|
|
@@ -111,6 +111,7 @@
|
|
#include <string.h>
|
|
#include <stdlib.h>
|
|
#include <ctype.h>
|
|
+#include <sys/stat.h>
|
|
#include <sys/types.h>
|
|
#include <sys/ioctl.h>
|
|
#include <unistd.h>
|
|
@@ -1160,10 +1161,14 @@ int linenoiseHistorySetMaxLen(int len) {
|
|
/* Save the history in the specified file. On success 0 is returned
|
|
* otherwise -1 is returned. */
|
|
int linenoiseHistorySave(const char *filename) {
|
|
- FILE *fp = fopen(filename,"w");
|
|
+ mode_t old_umask = umask(S_IXUSR|S_IRWXG|S_IRWXO);
|
|
+ FILE *fp;
|
|
int j;
|
|
|
|
+ fp = fopen(filename,"w");
|
|
+ umask(old_umask);
|
|
if (fp == NULL) return -1;
|
|
+ chmod(filename,S_IRUSR|S_IWUSR);
|
|
for (j = 0; j < history_len; j++)
|
|
fprintf(fp,"%s\n",history[j]);
|
|
fclose(fp);
|
|
--
|
|
2.6.6
|
|
|