r1840 - trunk/texinfo

Sat, 30 Jun 2007 07:48:57 -0700 

Author: matthew
Date: 2007-06-30 08:48:49 -0600 (Sat, 30 Jun 2007)
New Revision: 1840

Added:
   trunk/texinfo/texinfo-4.9-multibyte-1.patch
   trunk/texinfo/texinfo-4.9-tempfile_fix-1.patch
Log:
Add patches for latest version of Texinfo.

Added: trunk/texinfo/texinfo-4.9-multibyte-1.patch
===================================================================
--- trunk/texinfo/texinfo-4.9-multibyte-1.patch                         (rev 0)
+++ trunk/texinfo/texinfo-4.9-multibyte-1.patch 2007-06-30 14:48:49 UTC (rev 
1840)
@@ -0,0 +1,44 @@
+Submitted By: Alexander E. Patrakov
+Date: 2005-07-12
+Initial Package Version: 4.8
+Upstream Status: Hack, won't submit
+Origin: Alexander E. Patrakov
+Description: Info assumes that a string width in character cells is the
+same as its length in bytes. This patch avoids cases when this assumption
+is not true.
+
+diff -ur texinfo-4.8/info/info.c texinfo-4.8.hacked/info/info.c
+--- texinfo-4.8/info/info.c    2004-04-11 23:56:45.000000000 +0600
++++ texinfo-4.8.hacked/info/info.c     2005-07-12 12:11:34.852485776 +0600
+@@ -154,6 +154,10 @@
+ #ifdef HAVE_SETLOCALE
+   /* Set locale via LC_ALL.  */
+   setlocale (LC_ALL, "");
++  /* But don't use translated messages in the case when
++     string width and length can differ */
++  if (MB_CUR_MAX > 1)
++    setlocale(LC_MESSAGES, "C");
+ #endif
+ 
+ #ifdef ENABLE_NLS
+diff -ur texinfo-4.8/info/man.c texinfo-4.8.hacked/info/man.c
+--- texinfo-4.8/info/man.c     2004-04-11 23:56:46.000000000 +0600
++++ texinfo-4.8.hacked/info/man.c      2005-07-12 12:08:40.267026800 +0600
+@@ -325,6 +325,17 @@
+       freopen (NULL_DEVICE, "r", stdin);
+       dup2 (pipes[1], fileno (stdout));
+ 
++      if (MB_CUR_MAX > 1)
++        {
++          /* Info has trouble wrapping man output if it contains
++             multibyte characters */
++          setenv("LANGUAGE", "C", 1);
++          setenv("LANG", "C", 1);
++          setenv("LC_MESSAGES", "C", 1);
++          setenv("LC_CTYPE", "C", 1);
++          setenv("LC_ALL", "C", 1);
++        }
++
+       execv (formatter_args[0], formatter_args);
+ 
+       /* If we get here, we couldn't exec, so close out the pipe and

Added: trunk/texinfo/texinfo-4.9-tempfile_fix-1.patch
===================================================================
--- trunk/texinfo/texinfo-4.9-tempfile_fix-1.patch                              
(rev 0)
+++ trunk/texinfo/texinfo-4.9-tempfile_fix-1.patch      2007-06-30 14:48:49 UTC 
(rev 1840)
@@ -0,0 +1,80 @@
+Updated By: Bruce Dubbs (bdubbs -aT- linuxfromscratch -DoT- org)
+Date: 2005-12-12
+Submitted By: Archaic (archaic -aT- linuxfromscratch -DoT- org)
+Date: 2005-10-08
+Initial Package Version: 4.8
+Origin: 
http://gentoo.kems.net/gentoo-portage/sys-apps/texinfo/files/texinfo-4.8-tempfile.patch
+Upstream Status: A few patches are floating around in Debian BZ #328365 of 
which
+                 upstream hasn't made a full commitment on yet.
+Description: (CAN-2005-3011) texindex in texinfo 4.8 and earlier allows local
+             users to overwrite arbitrary files via a symlink attack on
+             temporary files.
+Update: Changed to not pass a constant string to mktemp().
+
+diff -Naur texinfo-4.8.orig/util/texindex.c texinfo-4.8/util/texindex.c
+--- texinfo-4.8.orig/util/texindex.c   2005-12-11 23:29:08.000000000 -0600
++++ texinfo-4.8/util/texindex.c        2005-12-11 23:33:31.000000000 -0600
+@@ -99,6 +99,9 @@
+ /* Directory to use for temporary files.  On Unix, it ends with a slash.  */
+ char *tempdir;
+ 
++/* Basename for temp files inside of tempdir.  */
++char *tempbase;
++
+ /* Number of last temporary file.  */
+ int tempcount;
+ 
+@@ -153,6 +156,7 @@
+ main (int argc, char **argv)
+ {
+   int i;
++  char template[]="txidxXXXXXX";
+ 
+   tempcount = 0;
+   last_deleted_tempcount = 0;
+@@ -190,6 +194,11 @@
+ 
+   decode_command (argc, argv);
+ 
++  /* XXX mkstemp not appropriate, as we need to have somewhat predictable
++   * names. But race condition was fixed, see maketempname. 
++   */
++  tempbase = mktemp (template);
++
+   /* Process input files completely, one by one.  */
+ 
+   for (i = 0; i < num_infiles; i++)
+@@ -389,21 +398,21 @@
+ static char *
+ maketempname (int count)
+ {
+-  static char *tempbase = NULL;
+   char tempsuffix[10];
+-
+-  if (!tempbase)
+-    {
+-      int fd;
+-      tempbase = concat (tempdir, "txidxXXXXXX");
+-
+-      fd = mkstemp (tempbase);
+-      if (fd == -1)
+-        pfatal_with_name (tempbase);
+-    }
++  char *name, *tmp_name;
++  int fd;
+ 
+   sprintf (tempsuffix, ".%d", count);
+-  return concat (tempbase, tempsuffix);
++  tmp_name = concat (tempdir, tempbase);
++  name = concat (tmp_name, tempsuffix);
++  free(tmp_name);
++
++  fd = open (name, O_CREAT|O_EXCL|O_WRONLY, 0600);
++  if (fd == -1)
++    pfatal_with_name (name);
++
++  close(fd);
++  return name;
+ }
+ 
+

-- 
http://linuxfromscratch.org/mailman/listinfo/patches
FAQ: http://www.linuxfromscratch.org/faq/
Unsubscribe: See the above information page

Reply via email to