From 261428eda1d830ae19e4d9e42dda1920b661b475 Mon Sep 17 00:00:00 2001 From: Christoph Berg Date: Tue, 12 Dec 2006 14:49:24 +0100 Subject: [PATCH] mutt (1.5.13-1.1) unstable; urgency=high * Non-maintainer upload. * Add upstream patch to fix insecure temp file generation (Closes: #396104, CVE-2006-5297, CVE-2006-5298). --- .bzrtags | 2 - debian/changelog | 8 ++ debian/patches/misc/tempfile-race.diff | 100 +++++++++++++++++++++++++ debian/patches/series | 1 + 4 files changed, 109 insertions(+), 2 deletions(-) delete mode 100644 .bzrtags create mode 100644 debian/patches/misc/tempfile-race.diff diff --git a/.bzrtags b/.bzrtags deleted file mode 100644 index 0e53636..0000000 --- a/.bzrtags +++ /dev/null @@ -1,2 +0,0 @@ -mutt_1.5.13-1 dato@net.com.org.es-20060816141121-442881eadb8908b8 -mutt_1.5.12-1 dato@net.com.org.es-20060715005349-36ed452cae764091 diff --git a/debian/changelog b/debian/changelog index 125b1ca..09e3f0a 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +mutt (1.5.13-1.1) unstable; urgency=high + + * Non-maintainer upload. + * Add upstream patch to fix insecure temp file generation + (Closes: #396104, CVE-2006-5297, CVE-2006-5298). + + -- Christoph Berg Tue, 12 Dec 2006 14:49:24 +0100 + mutt (1.5.13-1) unstable; urgency=low * New upstream release, with a new pattern to match full threads (see diff --git a/debian/patches/misc/tempfile-race.diff b/debian/patches/misc/tempfile-race.diff new file mode 100644 index 0000000..152ec05 --- /dev/null +++ b/debian/patches/misc/tempfile-race.diff @@ -0,0 +1,100 @@ +From: roessler +Date: Mon, 9 Oct 2006 13:39:38 +0000 (+0000) +Subject: From: Thomas Roessler +X-Git-Url: http://dev.mutt.org/cgi-bin/gitweb.cgi?p=mutt/.git;a=commitdiff;h=f6404a53a2b7a9a3b36d89def185e1192abdd108 + + From: Thomas Roessler + + Even more paranoid temporary file creation. +--- + +--- a/lib.c ++++ b/lib.c +@@ -481,14 +481,85 @@ int safe_rename (const char *src, const + return 0; + } + ++/* Create a temporary directory next to a file name */ ++ ++int mutt_mkwrapdir (const char *path, char *newfile, size_t nflen, ++ char *newdir, size_t ndlen) ++{ ++ const char *basename; ++ char parent[_POSIX_PATH_MAX]; ++ char *p; ++ int rv; ++ ++ strfcpy (parent, NONULL (path), sizeof (parent)); ++ ++ if ((p = strrchr (parent, '/'))) ++ { ++ *p = '\0'; ++ basename = p + 1; ++ } ++ else ++ { ++ strfcpy (parent, ".", sizeof (parent)); ++ basename = path; ++ } ++ ++ do ++ { ++ snprintf (newdir, ndlen, "%s/%s", parent, ".muttXXXXXX"); ++ mktemp (newdir); ++ } ++ while ((rv = mkdir (newdir, 0700)) == -1 && errno == EEXIST); ++ ++ if (rv == -1) ++ return -1; ++ ++ snprintf (newfile, nflen, "%s/%s", newdir, NONULL(basename)); ++ return 0; ++} ++ ++int mutt_put_file_in_place (const char *path, const char *safe_file, const char *safe_dir) ++{ ++ int rv; ++ ++ rv = safe_rename (safe_file, path); ++ unlink (safe_file); ++ rmdir (safe_dir); ++ return rv; ++} ++ + int safe_open (const char *path, int flags) + { + struct stat osb, nsb; + int fd; + +- if ((fd = open (path, flags, 0600)) < 0) +- return fd; ++ if (flags & O_EXCL) ++ { ++ char safe_file[_POSIX_PATH_MAX]; ++ char safe_dir[_POSIX_PATH_MAX]; + ++ if (mutt_mkwrapdir (path, safe_file, sizeof (safe_file), ++ safe_dir, sizeof (safe_dir)) == -1) ++ return -1; ++ ++ if ((fd = open (safe_file, flags, 0600)) < 0) ++ { ++ rmdir (safe_dir); ++ return fd; ++ } ++ ++ if (mutt_put_file_in_place (path, safe_file, safe_dir) == -1) ++ { ++ close (fd); ++ return -1; ++ } ++ } ++ else ++ { ++ if ((fd = open (path, flags, 0600)) < 0) ++ return fd; ++ } ++ + /* make sure the file is not symlink */ + if (lstat (path, &osb) < 0 || fstat (fd, &nsb) < 0 || + compare_stat(&osb, &nsb) == -1) diff --git a/debian/patches/series b/debian/patches/series index 31c4104..71f9528 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -17,6 +17,7 @@ debian-specific/correct_docdir_in_man_page.diff -p0 debian-specific/dont_document_not_present_features.diff -p0 misc/define-pgp_getkeys_command.diff -p0 +misc/tempfile-race.diff misc/autotools-update.diff -p0 upstream/thread_pattern_in_UPDATING.diff -p0 -- 2.43.0