Bug#446236: lha doesn't work with recent glibc upgrade in testing

Sat, 01 Dec 2007 07:48:51 -0800 

On Thu, Oct 11, 2007 at 02:38:15PM +0400, Sergey Lapin wrote:
> That's due to mkstemp call and O_EXCL in subsequent open of the same file.
> I workaround this by removing O_EXCL, but I think it is either some
> problem in glibc or code in lha needs to be reworked.

I fixed it by not using O_EXCL when mkstemp was used previously to
create the file.  The other code paths looked differently so I still use
O_EXCL there in the hope that it does not break.

A proper fix would take the fd returned by mkstemp, but that would
require more intrusive code changes.

NMU patch is attached.

Kind regards
Philipp Kern

diff -u lha-1.14i/debian/changelog lha-1.14i/debian/changelog
--- lha-1.14i/debian/changelog
+++ lha-1.14i/debian/changelog
@@ -1,3 +1,10 @@
+lha (1.14i-10.3) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix subsequent open with O_EXCL after mkstemp (Closes: #446236)
+
+ -- Philipp Kern <[EMAIL PROTECTED]>  Sat, 01 Dec 2007 16:32:52 +0100
+
 lha (1.14i-10.2) unstable; urgency=high
 
   * Non-maintainer upload by testing security team.
diff -u lha-1.14i/debian/patch.CVE-2007-2030.patch 
lha-1.14i/debian/patch.CVE-2007-2030.patch
--- lha-1.14i/debian/patch.CVE-2007-2030.patch
+++ lha-1.14i/debian/patch.CVE-2007-2030.patch
@@ -1,6 +1,7 @@
---- lha-114i/src/lhadd.c
-+++ lha-114i/src/lhadd.c
-@@ -35,6 +35,8 @@ add_one(fp, nafp, hdr)
+diff -Naur lha-1.14i.orig/src/lhadd.c lha-1.14i/src/lhadd.c
+--- lha-1.14i.orig/src/lhadd.c 2000-10-04 16:57:38.000000000 +0200
++++ lha-1.14i/src/lhadd.c      2007-12-01 16:29:29.000000000 +0100
+@@ -35,6 +35,8 @@
        if ((hdr->unix_mode & UNIX_FILE_SYMLINK) == UNIX_FILE_SYMLINK) {
                char            buf[256], *b1, *b2;
                if (!quiet) {
@@ -9,7 +10,16 @@
                        strcpy(buf, hdr->name);
                        b1 = strtok(buf, "|");
                        b2 = strtok(NULL, "|");
-@@ -211,8 +213,11 @@ find_update_files(oafp)
+@@ -108,7 +110,7 @@
+               if (symlink)
+                       fp = NULL;
+               else
+-                      fp = xfopen(name, READ_BINARY);
++                      fp = xfopen(name, READ_BINARY, 0);
+       else {
+               fp = NULL;
+       }
+@@ -211,8 +213,11 @@
                                add_sp(&sp, hdr.name, strlen(hdr.name) + 1);
                }
                else if ((hdr.unix_mode & UNIX_FILE_TYPEMASK) == 
UNIX_FILE_DIRECTORY) {
@@ -21,7 +31,7 @@
                        if (len > 0 && name[len - 1] == '/')
                                name[--len] = '\0';     /* strip tail '/' */
                        if (stat(name, &stbuf) >= 0)    /* exist ? */
-@@ -237,17 +242,21 @@ delete(oafp, nafp)
+@@ -237,17 +242,21 @@
  
        old_header_pos = ftell(oafp);
        while (get_header(oafp, &ahdr)) {
@@ -43,20 +53,42 @@
                else {          /* copy */
                        if (noexec) {
                                fseek(oafp, ahdr.packed_size, SEEK_CUR);
-@@ -276,7 +285,7 @@ build_temporary_file()
+@@ -276,7 +285,7 @@
        signal(SIGHUP, interrupt);
  
        old_umask = umask(077);
 -      afp = xfopen(temporary_name, WRITE_BINARY);
-+      afp = xfopen(temporary_name, "!" WRITE_BINARY);
++      afp = xfopen(temporary_name, "!" WRITE_BINARY, 1);
        remove_temporary_at_error = TRUE;
        temporary_fp = afp;
        umask(old_umask);
---- lha-114i/src/lharc.c
-+++ lha-114i/src/lharc.c
-@@ -1005,10 +1005,18 @@ FILE           *
- xfopen(name, mode)
+@@ -319,13 +328,13 @@
+ {
+       FILE           *oafp, *nafp;
+ 
+-      oafp = xfopen(temporary_name, READ_BINARY);
++      oafp = xfopen(temporary_name, READ_BINARY, 1);
+       if (!strcmp(new_archive_name, "-")) {
+               nafp = stdout;
+               writting_filename = "starndard output";
+       }
+       else {
+-              nafp = xfopen(new_archive_name, WRITE_BINARY);
++              nafp = xfopen(new_archive_name, WRITE_BINARY, 0);
+               writting_filename = archive_name;
+       }
+       reading_filename = temporary_name;
+diff -Naur lha-1.14i.orig/src/lharc.c lha-1.14i/src/lharc.c
+--- lha-1.14i.orig/src/lharc.c 2007-12-01 16:17:19.000000000 +0100
++++ lha-1.14i/src/lharc.c      2007-12-01 16:36:24.000000000 +0100
+@@ -1016,13 +1016,26 @@
+ }
+ 
+ FILE           *
+-xfopen(name, mode)
++xfopen(name, mode, safe)
        char           *name, *mode;
++      int            safe;
  {
 -      FILE           *fp;
 +      FILE           *fp = NULL;
@@ -64,7 +96,11 @@
 +      if (mode[0] == '!') {
 +              int     fd;
  
-+              fd = open(name, O_RDWR|O_CREAT|O_EXCL, 0600);
++              int mask = O_RDWR|O_CREAT;
++              if(safe == 0)
++                      mask |= O_EXCL;
++
++              fd = open(name, mask, 0600);
 +              if (fd < 0 || (fp = fdopen(fd, mode + 1)) == NULL)
 +                      fatal_error(name);
 +      } else {
@@ -74,9 +110,10 @@
  
        return fp;
  }
---- lha-114i/src/lhext.c
-+++ lha-114i/src/lhext.c
-@@ -360,7 +360,6 @@ extract_one(afp, hdr)
+diff -Naur lha-1.14i.orig/src/lhext.c lha-1.14i/src/lhext.c
+--- lha-1.14i.orig/src/lhext.c 2007-12-01 16:17:19.000000000 +0100
++++ lha-1.14i/src/lhext.c      2007-12-01 16:17:39.000000000 +0100
+@@ -360,7 +360,6 @@
                                }
  
                                unlink(bb1);

Attachment: signature.asc
Description: Digital signature

Reply via email to