[med-svn] r2880 - in trunk/packages/arb/trunk/debian: . patches
tille at alioth.debian.org
tille at alioth.debian.org
Mon Dec 29 23:35:12 UTC 2008
Author: tille
Date: 2008-12-29 23:35:12 +0000 (Mon, 29 Dec 2008)
New Revision: 2880
Modified:
trunk/packages/arb/trunk/debian/arb-common.config
trunk/packages/arb/trunk/debian/changelog
trunk/packages/arb/trunk/debian/patches/tmpfile_CVE-2008-5378.patch
Log:
Enhanced patch for CVE-2008-5378
Modified: trunk/packages/arb/trunk/debian/arb-common.config
===================================================================
--- trunk/packages/arb/trunk/debian/arb-common.config 2008-12-29 17:58:30 UTC (rev 2879)
+++ trunk/packages/arb/trunk/debian/arb-common.config 2008-12-29 23:35:12 UTC (rev 2880)
@@ -15,7 +15,7 @@
## This returns the group including the members of the group which are needed later
TESTGROUP=`getent group ${GROUP}` || true
if [ -z "${TESTGROUP}" ] ; then
- /usr/sbin/addgroup --system "${GROUP}" >/dev/null
+ addgroup --system "${GROUP}" >/dev/null
# if the group was just created it can not have any users ...
PROGUSERS="none"
fi
Modified: trunk/packages/arb/trunk/debian/changelog
===================================================================
--- trunk/packages/arb/trunk/debian/changelog 2008-12-29 17:58:30 UTC (rev 2879)
+++ trunk/packages/arb/trunk/debian/changelog 2008-12-29 23:35:12 UTC (rev 2880)
@@ -1,3 +1,10 @@
+arb (0.0.20071207.1-6) unstable; urgency=low
+
+ * Save use of /tmp in arb-kill
+ Closes: #508942
+
+ -- Andreas Tille <tille at debian.org> Mon, 22 Dec 2008 14:33:38 +0100
+
arb (0.0.20071207.1-5) unstable; urgency=low
* Fix tempfile issues in upstream scripts
Modified: trunk/packages/arb/trunk/debian/patches/tmpfile_CVE-2008-5378.patch
===================================================================
--- trunk/packages/arb/trunk/debian/patches/tmpfile_CVE-2008-5378.patch 2008-12-29 17:58:30 UTC (rev 2879)
+++ trunk/packages/arb/trunk/debian/patches/tmpfile_CVE-2008-5378.patch 2008-12-29 23:35:12 UTC (rev 2880)
@@ -21,20 +21,38 @@
if (!ap ) ap = "";
- sprintf(buffer,"/tmp/arb_panic_%s_%s",GB_getenvUSER(),ap);
+ sprintf(buffer,"/tmp/arb_panic_%s_%s_XXXXXX",GB_getenvUSER(),ap);
-+ buffer = mktemp(buffer);
++ mktemp(buffer);
}
fprintf(stderr,"**** ARB DATABASE SERVER GOT a HANGUP SIGNAL ****\n");
fprintf(stderr,"- Looking for file '%s'\n",buffer);
-@@ -2076,7 +2077,8 @@
+@@ -2066,7 +2067,8 @@
+ {
+ static long lastpid = 0;
+ long pid = getpid();
+- FILE *pidfile;
++ char buffer[1000];
++ int fh;
+ char filename[1000];
+ const char *user = GB_getenvUSER();
+ const char *arb_pid = GB_getenv("ARB_PID");
+@@ -2076,10 +2078,12 @@
if (lastpid == pid) return 0;
if (lastpid == -25) return 0; /* never install */
lastpid = pid;
- sprintf(filename,"/tmp/arb_pids_%s_%s",user,arb_pid);
+- pidfile = fopen(filename,"a");
+- if (!pidfile) return GB_export_error("Cannot open pid file '%s'",filename);
+- fprintf(pidfile,"%li ",pid);
+- fclose(pidfile);
+ sprintf(filename,"/tmp/arb_pids_%s_%s_XXXXXX",user,arb_pid);
-+ filename = mktemp(filename);
- pidfile = fopen(filename,"a");
- if (!pidfile) return GB_export_error("Cannot open pid file '%s'",filename);
- fprintf(pidfile,"%li ",pid);
++ fh = mkstemp(filename);
++ /* pidfile = fopen(filename,"a"); */
++ if (!fh) return GB_export_error("Cannot open pid file '%s'",filename);
++ snprintf(buffer,256,"%li ",pid);
++ write(fh, buffer, sizeof(buffer));
++ close(fh);
+ return 0;
+ }
--- arb-0.0.20071207.1.orig/SH/arb_clean
+++ arb-0.0.20071207.1/SH/arb_clean
@@ -9,9 +9,14 @@
@@ -72,11 +90,12 @@
read ARB_PID
-if [ ! -f /tmp/arb_pids_${USER}_${ARB_PID} ]; then
- err "Incorrect Choice"
+-fi
+for arbpid in /tmp/arb_pids_${USER}_${ARB_PID}* ; do
+ if [ ! -f "$arbpid" ]; then
+ err "Incorrect Choice"
+ fi
- fi
++done
seperator
echo "Please enter file name (full path):"
More information about the debian-med-commit
mailing list