On Sun Jul 01, 2007 at 20:54:24 +0200, Daniel Baumann wrote:
> I assume that the 0.1.4-2etch1 upload a few minutes ago was a security
> upload of yours, hence I'll wait until this appears and upload then a
> fixed package to sid.
yes that is correct.
If you're happy to upload soon that would be great. I'll attach the
patch I used.
Steve
--
# Commercial Debian GNU/Linux Support
http://www.linux-administration.org/
diff -u gsambad-0.1.4/config.sub gsambad-0.1.4/config.sub
--- gsambad-0.1.4/config.sub
+++ gsambad-0.1.4/config.sub
@@ -4,7 +4,7 @@
# 2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation,
# Inc.
-timestamp='2006-09-20'
+timestamp='2006-07-02'
# This file is (in principle) common to ALL GNU software.
# The presence of a machine in this file suggests that SOME GNU software
@@ -276,7 +276,6 @@
| pdp10 | pdp11 | pj | pjl \
| powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \
| pyramid \
- | score \
| sh | sh[1234] | sh[24]a | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
| sh64 | sh64le \
| sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \
@@ -285,7 +284,7 @@
| tahoe | thumb | tic4x | tic80 | tron \
| v850 | v850e \
| we32k \
- | x86 | xc16x | xscale | xscalee[bl] | xstormy16 | xtensa \
+ | x86 | xscale | xscalee[bl] | xstormy16 | xtensa \
| z8k)
basic_machine=$basic_machine-unknown
;;
@@ -368,7 +367,7 @@
| tron-* \
| v850-* | v850e-* | vax-* \
| we32k-* \
- | x86-* | x86_64-* | xc16x-* | xps100-* | xscale-* | xscalee[bl]-* \
+ | x86-* | x86_64-* | xps100-* | xscale-* | xscalee[bl]-* \
| xstormy16-* | xtensa-* \
| ymp-* \
| z8k-*)
@@ -910,10 +909,6 @@
sb1el)
basic_machine=mipsisa64sb1el-unknown
;;
- sde)
- basic_machine=mipsisa32-sde
- os=-elf
- ;;
sei)
basic_machine=mips-sei
os=-seiux
@@ -1371,9 +1366,6 @@
# system, and we'll never get to this point.
case $basic_machine in
- score-*)
- os=-elf
- ;;
spu-*)
os=-elf
;;
diff -u gsambad-0.1.4/debian/changelog gsambad-0.1.4/debian/changelog
--- gsambad-0.1.4/debian/changelog
+++ gsambad-0.1.4/debian/changelog
@@ -1,4 +1,12 @@
-gsambad (0.1.4-2) unstable; urgency=medium
+gsambad (0.1.4-2etch1) stable-security; urgency=high
+
+ * Non-maintainer upload by The Security Team.
+ * Avoid unsafe usage of temporary files.
+ [CVE-2007-2838]
+
+ -- Steve Kemp <[EMAIL PROTECTED]> Thu, 28 Jun 2007 16:47:39 +0000
+
+gsambad (0.1.4-2) unstable; urgency=medium
* Adjusting the icondir.
* Makeing use of su-to-root in the desktop file.
only in patch2:
unchanged:
--- gsambad-0.1.4.orig/src/populate_conns.c
+++ gsambad-0.1.4/src/populate_conns.c
@@ -48,7 +48,8 @@
long file_size=0, old_pos=0;
gchar *combined=NULL;
gchar *utf8=NULL;
-
+ char command_buffer[1024];
+ char * filename;
gtk_list_store_clear(widgets->conns_store);
/* This attempt to show useful output is probably quite
@@ -64,20 +65,37 @@
fflush(stdin);
fflush(stdout);
- /* Write the output of smbstatus to a tempfile, FIXME: Static paths and generally notgoodtoday */
- if((fp=popen("touch /tmp/gsambadtmp && chmod 600 /tmp/gsambadtmp && smbstatus 2>&1> /tmp/gsambadtmp", "w"))==NULL)
+ /* make a secure temporary file */
+ filename = tempnam( "/tmp", "p_c.c" );
+
+ /* Write the output of smbstatus to a tempfile. */
+ snprintf( command_buffer, sizeof(command_buffer) - 1,
+ "touch %s && chmod 600 %s && smbstatus 2>&1> %s",
+ filename, filename, filename );
+
+ if((fp=popen(command_buffer, "w"))==NULL)
{
+ /* free memory */
+ free( filename );
+
/* Dont show a popup */
return;
}
pclose(fp);
/* We want it in a tempfile so we can scroll around in it properly */
- if((fp=fopen("/tmp/gsambadtmp", "r"))==NULL) // FIXME: Static paths
+ if((fp=fopen(filename, "r"))==NULL) // FIXME: Static paths
{
+ /* free memory */
+ free( filename );
+
/* Dont show a popup */
return;
}
+
+ /* free memory */
+ free( filename );
+
fseek(fp, 0, SEEK_END);
file_size = ftell(fp);
rewind(fp);
