[med-svn] r2878 - trunk/packages/arb/trunk/debian/patches
tille at alioth.debian.org
tille at alioth.debian.org
Mon Dec 29 17:50:03 UTC 2008
Author: tille
Date: 2008-12-29 17:50:02 +0000 (Mon, 29 Dec 2008)
New Revision: 2878
Added:
trunk/packages/arb/trunk/debian/patches/tmpfile_CVE-2008-5378.patch
Modified:
trunk/packages/arb/trunk/debian/patches/series
Log:
Patches for CVE-2008-5378
Modified: trunk/packages/arb/trunk/debian/patches/series
===================================================================
--- trunk/packages/arb/trunk/debian/patches/series 2008-12-29 16:19:37 UTC (rev 2877)
+++ trunk/packages/arb/trunk/debian/patches/series 2008-12-29 17:50:02 UTC (rev 2878)
@@ -5,3 +5,4 @@
20_Makefiles
ARB_release200712_gcc4.3.1.patch
20_tmpfile_issue.patch
+tmpfile_CVE-2008-5378.patch
Added: trunk/packages/arb/trunk/debian/patches/tmpfile_CVE-2008-5378.patch
===================================================================
--- trunk/packages/arb/trunk/debian/patches/tmpfile_CVE-2008-5378.patch (rev 0)
+++ trunk/packages/arb/trunk/debian/patches/tmpfile_CVE-2008-5378.patch 2008-12-29 17:50:02 UTC (rev 2878)
@@ -0,0 +1,94 @@
+This patch fixes tmpfile issues reported in CVE-2008-5378
+--- arb-0.0.20071207.1.orig/SH/arb_fastdnaml
++++ arb-0.0.20071207.1/SH/arb_fastdnaml
+@@ -1,9 +1,10 @@
+ #!/bin/sh
+ tmp=`mktemp -t arb_fdnaml_XXXXXXXXXX`
++pidfile=`mktemp -p /tmp foo_${USER}_${PPID}_XXXXXX`
+ mv infile $tmp
+ nice -19 $1 < $tmp &
+ sig=$!
+-/bin/echo "$sig $$ \c" >>/tmp/arb_pids_${USER}_${ARB_PID}
++/bin/echo "$sig $$ \c" >>"$pidfile"
+ wait
+ # echo $tmp not deleted for debugging purposes
+ rm -f $tmp
+--- arb-0.0.20071207.1.orig/ARBDB/adcomm.c
++++ arb-0.0.20071207.1/ARBDB/adcomm.c
+@@ -135,7 +135,8 @@
+ {
+ const char *ap = GB_getenv("ARB_PID");
+ if (!ap ) ap = "";
+- sprintf(buffer,"/tmp/arb_panic_%s_%s",GB_getenvUSER(),ap);
++ sprintf(buffer,"/tmp/arb_panic_%s_%s_XXXXXX",GB_getenvUSER(),ap);
++ buffer = mktemp(buffer);
+ }
+ fprintf(stderr,"**** ARB DATABASE SERVER GOT a HANGUP SIGNAL ****\n");
+ fprintf(stderr,"- Looking for file '%s'\n",buffer);
+@@ -2076,7 +2077,8 @@
+ if (lastpid == pid) return 0;
+ if (lastpid == -25) return 0; /* never install */
+ lastpid = pid;
+- sprintf(filename,"/tmp/arb_pids_%s_%s",user,arb_pid);
++ sprintf(filename,"/tmp/arb_pids_%s_%s_XXXXXX",user,arb_pid);
++ filename = mktemp(filename);
+ pidfile = fopen(filename,"a");
+ if (!pidfile) return GB_export_error("Cannot open pid file '%s'",filename);
+ fprintf(pidfile,"%li ",pid);
+--- arb-0.0.20071207.1.orig/SH/arb_clean
++++ arb-0.0.20071207.1/SH/arb_clean
+@@ -9,9 +9,14 @@
+ pidfiles=/tmp/arb_pids_${USER}_${ARB_PID}
+ fi
+
+-if [ "\"X$pidfiles\"" != "X" ]; then
++# Make sure files to remove are no symbolic links
++if [ "\"X$pidfiles\"" != "X" -a -f "$pidfiles" ]; then
+ kill -9 `cat $pidfiles` >/dev/null 2>&1
+ rm -f $pidfiles
+ fi
+
+-rm -f /tmp/arb_*_${USER}_${ARB_PID}*
++for pidfile in /tmp/arb_*_${USER}_${ARB_PID}* ; do
++ if [ -f "$pidfile" ] ; then
++ rm -f "$pidfile"
++ fi
++done
+--- arb-0.0.20071207.1.orig/SH/arb_panic
++++ arb-0.0.20071207.1/SH/arb_panic
+@@ -22,26 +22,30 @@
+ echo " --------------------------------"
+
+ for i in $chooser ; do
+- /bin/echo " - >" `ls $i` "<";
++ if [ ! -L "$i" ] ; then
++ /bin/echo " - >" `ls $i` "<";
++ fi
+ done
+ echo " --------------------------------"
+
+ echo "Please choose one line and enter the rightmost number"
+
+ read ARB_PID
+-if [ ! -f /tmp/arb_pids_${USER}_${ARB_PID} ]; then
+- err "Incorrect Choice"
++for arbpid in /tmp/arb_pids_${USER}_${ARB_PID}* ; do
++ if [ ! -f "$arbpid" ]; then
++ err "Incorrect Choice"
++ fi
+ fi
+
+ seperator
+ echo "Please enter file name (full path):"
+ read FILE
+
+-panicfile="/tmp/arb_panic_${USER}_${ARB_PID}"
++panicfile=`mktemp -p /tmp arb_panic_${USER}_${ARB_PID}_XXXXXX`
+ rm -f $panicfile
+ echo "$FILE" >$panicfile
+ ok=false
+-for i in `cat /tmp/arb_pids_${USER}_${ARB_PID}`; do
++for i in `cat /tmp/arb_pids_${USER}_${ARB_PID}*`; do
+ if kill -1 $i 2>/dev/null; then
+ ok=true
+ break
More information about the debian-med-commit
mailing list