- added -CVE-2005-3011.patch (from FreeBSD) against insecure

  tmpfiles creation

Changed files:
    texinfo-CVE-2005-3011.patch -> 1.1
    texinfo.spec -> 1.98

diff --git a/texinfo-CVE-2005-3011.patch b/texinfo-CVE-2005-3011.patch
new file mode 100644 (file)
index 0000000..46a1eea
--- /dev/null
+++ b/texinfo-CVE-2005-3011.patch
@@ -0,0 +1,98 @@
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:01.texindex.asc
+
+Index: contrib/texinfo/util/texindex.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/texinfo/util/texindex.c,v
+retrieving revision 1.1.1.8
+diff -u -p -I__FBSDID -r1.1.1.8 texindex.c
+--- contrib/texinfo/util/texindex.c    23 May 2005 10:46:22 -0000      1.1.1.8
++++ contrib/texinfo/util/texindex.c    8 Jan 2006 23:31:32 -0000
+@@ -384,17 +384,33 @@ For more information about these matters
+     usage (1);
+ }
+ \f
++static char **tv;
++static int tv_alloc;
++static int tv_used;
++
++static int
++findtempname (char *tempname)
++{
++  int i;
++
++  for (i = 0; i < tv_used; i++)
++    if (strcmp (tv[i], tempname) == 0)
++      return (1);
++  return (0);
++}
++
+ /* Return a name for temporary file COUNT. */
+ 
+ static char *
+ maketempname (int count)
+ {
+   static char *tempbase = NULL;
++  char *tempname;
+   char tempsuffix[10];
++  int fd;
+ 
+   if (!tempbase)
+     {
+-      int fd;
+       tempbase = concat (tempdir, "txidxXXXXXX");
+ 
+       fd = mkstemp (tempbase);
+@@ -403,7 +419,52 @@ maketempname (int count)
+     }
+ 
+   sprintf (tempsuffix, ".%d", count);
+-  return concat (tempbase, tempsuffix);
++  tempname = concat (tempbase, tempsuffix);
++  /*
++   * The open logic becomes a bit convoluted. If open(2) fails due to EEXIST,
++   * it's likely because somebody attempted to race us, or because we have
++   * already created this file.
++   */
++  fd = open (tempname, O_CREAT|O_EXCL|O_WRONLY, 0600);
++  if (fd == -1)
++    {
++      /*
++       * If errno is not EEXIST, then open failed for some other reason, so
++       * we should terminate. If errno == EEXIST AND we didn't create this
++       * file, terminate. Otherwise, it's safe to say that errno == EEXIST
++       * because we already created it, in this event, we can just return.
++       */
++      if (errno != EEXIST ||
++        (errno == EEXIST && findtempname (tempname) == 0))
++        pfatal_with_name (tempname);
++      return (tempname);
++    }
++  else if (fd > 0)
++    {
++      close (fd);
++    }
++  if (tv == NULL)
++    {
++      tv_alloc = 16;
++      tv = calloc (tv_alloc, sizeof (char *));
++      if (tv == NULL)
++        {
++          fprintf (stderr, "calloc failed\n");
++          exit (1);
++        }
++    }
++  else if (tv_used == tv_alloc)
++    {
++      tv_alloc += 4;
++      tv = realloc (tv, tv_alloc * sizeof (char *));
++      if (tv == NULL)
++        {
++          fprintf (stderr, "realloc failed");
++          exit (1);
++        }
++    }
++  tv[tv_used++] = strdup (tempname);
++  return tempname;
+ }
+ 
+ 

diff --git a/texinfo.spec b/texinfo.spec
index 1c3e0783a137cbe157594fe6fed2945beea0b9ea..fe0703e6ad9deb89679f7031f76e860469f2128f 100644 (file)
--- a/texinfo.spec
+++ b/texinfo.spec
@@ -16,6 +16,7 @@ Source0:      ftp://ftp.gnu.org/gnu/texinfo/%{name}-%{version}.tar.bz2
 # Source0-md5: 6ba369bbfe4afaa56122e65b3ee3a68c
 Source1:       info.desktop
 Patch0:                %{name}-info.patch
+Patch1:                %{name}-CVE-2005-3011.patch
 URL:           http://texinfo.org/
 BuildRequires: autoconf >= 2.59
 BuildRequires: automake >= 1:1.8
@@ -180,6 +181,7 @@ Narz
 %prep
 %setup -q
 %patch0 -p1
+%patch1 -p2
 
 # nb was added but outdated no not removed
 sed -i -e '/^no$/d' po/LINGUAS