Fix tramp-make-tramp-temp-file vulnerability, bug #194713.

Package-Manager: portage-2.1.3.12
author: Ulrich Müller <ulm@gentoo.org> 2007-10-06 17:24:02 +0000
committer: Ulrich Müller <ulm@gentoo.org> 2007-10-06 17:24:02 +0000
commit: 2a1072fa934ea9f97322a78d39db6447479bbaf4 (patch)
tree: 7187e18c2caffa1f597d7e017e5cdaa3f55501e3 /app-emacs/tramp
parent: Version bump #194534 by Alon Bar-Lev. (diff)
download: historical-2a1072fa934ea9f97322a78d39db6447479bbaf4.tar.gz
historical-2a1072fa934ea9f97322a78d39db6447479bbaf4.tar.bz2
historical-2a1072fa934ea9f97322a78d39db6447479bbaf4.zip
5 files changed, 291 insertions, 8 deletions
diff --git a/app-emacs/tramp/ChangeLog b/app-emacs/tramp/ChangeLog
index 81f8c0e3aba7..bec6b2780886 100644
--- a/app-emacs/tramp/ChangeLog
+++ b/app-emacs/tramp/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for app-emacs/tramp
 # Copyright 2002-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-emacs/tramp/ChangeLog,v 1.48 2007/09/30 23:58:30 ulm Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-emacs/tramp/ChangeLog,v 1.49 2007/10/06 17:24:01 ulm Exp $
+
+*tramp-2.1.10-r2 (06 Oct 2007)
+
+  06 Oct 2007; Ulrich Mueller <ulm@gentoo.org>
+  +files/tramp-2.1.10-make-tramp-temp-file.patch, +tramp-2.1.10-r2.ebuild:
+  Fix tramp-make-tramp-temp-file vulnerability, bug #194713.
 
   30 Sep 2007; Ulrich Mueller <ulm@gentoo.org> tramp-2.0.55.ebuild,
   tramp-2.0.56.ebuild, tramp-2.1.10-r1.ebuild:
diff --git a/app-emacs/tramp/Manifest b/app-emacs/tramp/Manifest
index 7cf0217e4173..a2c4b4e7adc0 100644
--- a/app-emacs/tramp/Manifest
+++ b/app-emacs/tramp/Manifest
@@ -17,6 +17,10 @@ AUX tramp-2.1.10-fix-texinfo.patch 1064 RMD160 9d4a8baede5ea5481ef2f76899cf3a1b1
 MD5 b2807328de10de4223988096a961cafd files/tramp-2.1.10-fix-texinfo.patch 1064
 RMD160 9d4a8baede5ea5481ef2f76899cf3a1b194a3e28 files/tramp-2.1.10-fix-texinfo.patch 1064
 SHA256 8c69f536f3cd52343e503d8917a37c85297cbfa0a6aeecc38e0e8d39893d37d4 files/tramp-2.1.10-fix-texinfo.patch 1064
+AUX tramp-2.1.10-make-tramp-temp-file.patch 8617 RMD160 260ff4871c3125902ee62e051b9752730531f89d SHA1 bffda456df8a1e28141c4beaafeee6dbf548bc48 SHA256 eb0877e1bc28e006f36d6476e1473f1efcfda80997cc3b5c7490750b8ffc7227
+MD5 db6fc8a054d2c23e4bb7c52deafe9973 files/tramp-2.1.10-make-tramp-temp-file.patch 8617
+RMD160 260ff4871c3125902ee62e051b9752730531f89d files/tramp-2.1.10-make-tramp-temp-file.patch 8617
+SHA256 eb0877e1bc28e006f36d6476e1473f1efcfda80997cc3b5c7490750b8ffc7227 files/tramp-2.1.10-make-tramp-temp-file.patch 8617
 DIST tramp-2.0.55.tar.gz 275399 RMD160 7be593604461b59c1a014ef5e5722822d34a1bf5 SHA1 08bae92622177bb54f88b8f4ad373d690be8aab9 SHA256 22f0cdea36405626ed94e03c6122020fb6f333406b673649165bbf50c936217c
 DIST tramp-2.0.56.tar.gz 290941 RMD160 d081d018f532cbe4353147989646fb714b6eb625 SHA1 726a69309d832cec5d7a16c48dd2e69c477afe7e SHA256 c70cae3992bababf6270842360da7786b2aa5224f481bad578f1b3a156e5fd1e
 DIST tramp-2.1.10.tar.gz 328846 RMD160 208ecfec5b9b45efca5abb5bb85a99189f9cb504 SHA1 abfc752ac13b5ce75ecf41b0ed78262e4891e4b3 SHA256 856c5b7c2b3681ca0cc1cc31fe5c4f7bd4be5922f32af5e612c9263ae11b44b9
@@ -32,10 +36,14 @@ EBUILD tramp-2.1.10-r1.ebuild 1225 RMD160 ed5f16345ac46016aeade6ce29416d76472465
 MD5 e6c5b3d8ca5e2b71e7b3475deb2eb55c tramp-2.1.10-r1.ebuild 1225
 RMD160 ed5f16345ac46016aeade6ce29416d76472465eb tramp-2.1.10-r1.ebuild 1225
 SHA256 81a147675fbbedcf259bfe6f2f1418e0a94a768e198f8edc59d7af37d8754d93 tramp-2.1.10-r1.ebuild 1225
-MISC ChangeLog 7539 RMD160 ce0e9f76ee51bf5a421b371544c434a5414e125f SHA1 a18257b22096f3a4c1d406c8a79fbc7f96adb540 SHA256 683d6888062fa1b66f5fb35e3d1d92434903ee7e652228d62079d55040afab81
-MD5 ccb2d5fe86061ea891dbe6082ce4b68c ChangeLog 7539
-RMD160 ce0e9f76ee51bf5a421b371544c434a5414e125f ChangeLog 7539
-SHA256 683d6888062fa1b66f5fb35e3d1d92434903ee7e652228d62079d55040afab81 ChangeLog 7539
+EBUILD tramp-2.1.10-r2.ebuild 1284 RMD160 4e9fc66e0c39bc4f22e3878cb9209355cd1a9603 SHA1 77c298eb63933c491a89e0c75dae65a9750a9ed8 SHA256 e678d7ec00d10904aec616ffa52cb35676e6c77b68bba496b5fda6588777e182
+MD5 8a2025644e2bc9adbc74e000cc693a8a tramp-2.1.10-r2.ebuild 1284
+RMD160 4e9fc66e0c39bc4f22e3878cb9209355cd1a9603 tramp-2.1.10-r2.ebuild 1284
+SHA256 e678d7ec00d10904aec616ffa52cb35676e6c77b68bba496b5fda6588777e182 tramp-2.1.10-r2.ebuild 1284
+MISC ChangeLog 7755 RMD160 d33c21d461ec108a95a06abb3bfca6b78f5a0e2b SHA1 6ee005786449bd20aac862904e99e18b3ceacd20 SHA256 5846aad08ea940fd81ded438837c0572085f9f5fb5d6c781fdb18aa6020196f3
+MD5 87be42f66a4b7026343aea3884064168 ChangeLog 7755
+RMD160 d33c21d461ec108a95a06abb3bfca6b78f5a0e2b ChangeLog 7755
+SHA256 5846aad08ea940fd81ded438837c0572085f9f5fb5d6c781fdb18aa6020196f3 ChangeLog 7755
 MISC metadata.xml 451 RMD160 71e28c48af6ba4463496e89907df9629e4c7a47f SHA1 0984d540c0d2e6b2cd689050e5391db21e776450 SHA256 b07ccdfcaa084b9a03050ebb0c8fe83c71ecf2509f3b73e05135135f412cb410
 MD5 e3dc0a46b42a08f16a6931edbe72436e metadata.xml 451
 RMD160 71e28c48af6ba4463496e89907df9629e4c7a47f metadata.xml 451
@@ -49,10 +57,13 @@ SHA256 7e1b7285fe940d17e9a50e4849d1864d847589a555c843c3fd5eef4e275dc96d files/di
 MD5 0eddbfd23fd4c90f5606c2efdc2c3961 files/digest-tramp-2.1.10-r1 238
 RMD160 a3e0508c0eaaedcb0d7b6cd1e34ae40030f70d5d files/digest-tramp-2.1.10-r1 238
 SHA256 c6b06bc208430217d7af0c21c5a6c8a2a2e4eb4c0ffff314f3f4ac84c8b48df9 files/digest-tramp-2.1.10-r1 238
+MD5 0eddbfd23fd4c90f5606c2efdc2c3961 files/digest-tramp-2.1.10-r2 238
+RMD160 a3e0508c0eaaedcb0d7b6cd1e34ae40030f70d5d files/digest-tramp-2.1.10-r2 238
+SHA256 c6b06bc208430217d7af0c21c5a6c8a2a2e4eb4c0ffff314f3f4ac84c8b48df9 files/digest-tramp-2.1.10-r2 238
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.7 (GNU/Linux)
 
-iD8DBQFHADg1Oeoy/oIi7uwRAu2iAJ4mQHBYk1rg7XlwBcFIhUPAmKc39QCePwYk
-eN2VxATQf1B2/XA76uKtyBA=
-=2Ou1
+iD8DBQFHB8S8Oeoy/oIi7uwRAnv+AJ4qZFseclgpbvF11T+Q8Ee04dTfDQCfbwrS
+AZCX25tfFzfs6e4gdGxXTLU=
+=MEs5
 -----END PGP SIGNATURE-----
diff --git a/app-emacs/tramp/files/digest-tramp-2.1.10-r2 b/app-emacs/tramp/files/digest-tramp-2.1.10-r2
new file mode 100644
index 000000000000..74633d4d732f
--- /dev/null
+++ b/app-emacs/tramp/files/digest-tramp-2.1.10-r2
@@ -0,0 +1,3 @@
+MD5 668acbb5365caabd9ee4abea10944c63 tramp-2.1.10.tar.gz 328846
+RMD160 208ecfec5b9b45efca5abb5bb85a99189f9cb504 tramp-2.1.10.tar.gz 328846
+SHA256 856c5b7c2b3681ca0cc1cc31fe5c4f7bd4be5922f32af5e612c9263ae11b44b9 tramp-2.1.10.tar.gz 328846
diff --git a/app-emacs/tramp/files/tramp-2.1.10-make-tramp-temp-file.patch b/app-emacs/tramp/files/tramp-2.1.10-make-tramp-temp-file.patch
new file mode 100644
index 000000000000..3c6cc948a25f
--- /dev/null
+++ b/app-emacs/tramp/files/tramp-2.1.10-make-tramp-temp-file.patch
@@ -0,0 +1,216 @@
+--- tramp-2.1.10-orig/lisp/tramp-fish.el	2007-07-16 22:26:17.000000000 +0200
++++ tramp-2.1.10/lisp/tramp-fish.el	2007-10-06 16:49:34.000000000 +0200
+@@ -753,8 +753,8 @@
+     (error "Implementation does not handle immediate return"))
+ 
+   (with-parsed-tramp-file-name default-directory nil
+-    (let ((temp-name-prefix (tramp-make-tramp-temp-file v))
+-	  command input output stderr outbuf tmpfil ret)
++    (let (command input tmpinput output tmpoutput stderr tmpstderr
++		  outbuf tmpfil ret)
+       ;; Compute command.
+       (setq command (mapconcat 'tramp-shell-quote-argument
+ 			       (cons program args) " "))
+@@ -766,15 +766,14 @@
+ 	    ;; INFILE is on the same remote host.
+ 	    (setq input (with-parsed-tramp-file-name infile nil localname))
+ 	  ;; INFILE must be copied to remote host.
+-	  (setq input (concat temp-name-prefix ".in"))
+-	  (copy-file
+-	   infile
+-	   (tramp-make-tramp-file-name method user host input)
+-	   t)))
++	  (setq input (tramp-make-tramp-temp-file v)
++		tmpinput (tramp-make-tramp-file-name method user host input))
++	  (copy-file infile tmpinput t)))
+       (when input (setq command (format "%s <%s" command input)))
+ 
+       ;; Determine output.
+-      (setq output (concat temp-name-prefix ".out"))
++      (setq output (tramp-make-tramp-temp-file v)
++	    tmpoutput (tramp-make-tramp-file-name method user host output))
+       (cond
+        ;; Just a buffer
+        ((bufferp destination)
+@@ -800,7 +799,9 @@
+ 			       (cadr destination) nil localname))
+ 	    ;; stderr must be copied to remote host.  The temporary
+ 	    ;; file must be deleted after execution.
+-	    (setq stderr (concat temp-name-prefix ".err"))))
++	    (setq stderr (tramp-make-tramp-temp-file v)
++		  tmpstderr (tramp-make-tramp-file-name
++			     method user host stderr))))
+ 	 ;; stderr to be discarded
+ 	 ((null (cadr destination))
+ 	  (setq stderr "/dev/null"))))
+@@ -809,9 +810,6 @@
+ 	(setq outbuf (current-buffer))))
+       (when stderr (setq command (format "%s 2>%s" command stderr)))
+ 
+-      ;; If we have a temporary file, it must be removed after operation.
+-      (when (and input (string-match temp-name-prefix input))
+-	(setq command (format "%s; rm %s" command input)))
+       ;; Goto working directory.
+       (unless
+ 	  (tramp-fish-send-command-and-check
+@@ -839,16 +837,15 @@
+ 	    ;; We should show the output anyway.
+ 	    (when outbuf
+ 	      (with-current-buffer outbuf (insert-file-contents tmpfil))
+-	      (when display (display-buffer outbuf)))
+-	    ;; Remove output file.
+-	    (delete-file (tramp-make-tramp-file-name method user host output)))
++	      (when display (display-buffer outbuf))))
+ 	;; When the user did interrupt, we should do it also.
+ 	(error (setq ret 1)))
+-      (unless ret
+-	;; Provide error file.
+-	(when (and stderr (string-match temp-name-prefix stderr))
+-	  (rename-file (tramp-make-tramp-file-name method user host stderr)
+-		       (cadr destination) t)))
++
++      ;; Provide error file.
++      (when tmpstderr (rename-file tmpstderr (cadr destination) t))
++      ;; Cleanup.
++      (when tmpinput (delete-file tmpinput))
++      (when tmpoutput (delete-file tmpoutput))
+       ;; Return exit status.
+       ret)))
+ 
+--- tramp-2.1.10-orig/lisp/tramp.el	2007-10-06 16:48:43.000000000 +0200
++++ tramp-2.1.10/lisp/tramp.el	2007-10-06 16:49:34.000000000 +0200
+@@ -3069,7 +3069,7 @@
+ 
+       ;; Compose copy command.
+       (setq spec `((?h . ,host) (?u . ,user) (?p . ,port)
+-		   (?t . ,(tramp-make-tramp-temp-file v))
++		   (?t . ,(tramp-make-tramp-temp-file v 'dont-create))
+ 		   (?k . ,(if keep-date " " "")))
+ 	    copy-program (tramp-get-method-parameter
+ 			  method 'tramp-copy-program)
+@@ -3478,13 +3478,42 @@
+ 			      (tramp-temporary-file-directory)))
+    (file-name-extension filename t)))
+ 
+-(defsubst tramp-make-tramp-temp-file (vec)
+-  (format
+-   "/tmp/%s%s"
+-   tramp-temp-name-prefix
+-   (if (get-buffer-process (tramp-get-connection-buffer vec))
+-       (process-id (get-buffer-process (tramp-get-connection-buffer vec)))
+-     (emacs-pid))))
++(defsubst tramp-make-tramp-temp-file (vec &optional dont-create)
++  "Create a temporary file on the remote host identified by VEC.
++Return the local name of the temporary file.
++If DONT-CREATE is non-nil, just the file name is returned without
++creation of the temporary file.  This is not the preferred way to run,
++but it is necessary during connection setup, because we cannot create
++a remote file at this time.  This parameter shall NOT be set to
++non-nil else."
++  (if dont-create
++      ;; It sounds a little bit stupid to create a LOCAL file name.
++      ;; But we intend to use the remote directory "/tmp", and we have
++      ;; no chance to check whether a temporary file exists already
++      ;; remotely, because we have no working connection yet.
++      (make-temp-name (expand-file-name tramp-temp-name-prefix "/tmp"))
++
++    (let ((prefix
++	   (tramp-make-tramp-file-name
++	    (tramp-file-name-method vec)
++	    (tramp-file-name-user vec)
++	    (tramp-file-name-host vec)
++	    (expand-file-name tramp-temp-name-prefix "/tmp")))
++	  result)
++      (while (not result)
++	;; `make-temp-file' would be the first choice for
++	;; implementation.  But it calls `write-region' internally,
++	;; which also needs a temporary file - we would end in an
++	;; infinite loop.
++	(setq result (make-temp-name prefix))
++	(if (file-exists-p result)
++	    (setq result nil)
++	  ;; This creates the file by side effect.
++	  (set-file-times result)
++	  (set-file-modes result (tramp-octal-to-decimal "0700"))))
++
++      ;; Return the local part.
++      (with-parsed-tramp-file-name result nil localname))))
+ 
+ (defun tramp-handle-executable-find (command)
+   "Like `executable-find' for Tramp files."
+@@ -3536,8 +3565,7 @@
+     (error "Implementation does not handle immediate return"))
+ 
+   (with-parsed-tramp-file-name default-directory nil
+-    (let ((temp-name-prefix (tramp-make-tramp-temp-file v))
+-	  command input stderr outbuf ret)
++    (let (command input tmpinput stderr tmpstderr outbuf ret)
+       ;; Compute command.
+       (setq command (mapconcat 'tramp-shell-quote-argument
+ 			       (cons program args) " "))
+@@ -3549,11 +3577,9 @@
+ 	    ;; INFILE is on the same remote host.
+ 	    (setq input (with-parsed-tramp-file-name infile nil localname))
+ 	  ;; INFILE must be copied to remote host.
+-	  (setq input (concat temp-name-prefix ".in"))
+-	  (copy-file
+-	   infile
+-	   (tramp-make-tramp-file-name method user host input)
+-	   t)))
++	  (setq input (tramp-make-tramp-temp-file v)
++		tmpinput (tramp-make-tramp-file-name method user host input))
++	  (copy-file infile tmpinput t)))
+       (when input (setq command (format "%s <%s" command input)))
+ 
+       ;; Determine output.
+@@ -3582,7 +3608,9 @@
+ 			       (cadr destination) nil localname))
+ 	    ;; stderr must be copied to remote host.  The temporary
+ 	    ;; file must be deleted after execution.
+-	    (setq stderr (concat temp-name-prefix ".err"))))
++	    (setq stderr (tramp-make-tramp-temp-file v)
++		  tmpstderr (tramp-make-tramp-file-name
++			     method user host stderr))))
+ 	 ;; stderr to be discarded
+ 	 ((null (cadr destination))
+ 	  (setq stderr "/dev/null"))))
+@@ -3591,9 +3619,6 @@
+ 	(setq outbuf (current-buffer))))
+       (when stderr (setq command (format "%s 2>%s" command stderr)))
+ 
+-      ;; If we have a temporary file, it must be removed after operation.
+-      (when (and input (string-match temp-name-prefix input))
+-	(setq command (format "%s; rm %s" command input)))
+       ;; Goto working directory.
+       (tramp-send-command
+        v (format "cd %s" (tramp-shell-quote-argument localname)))
+@@ -3610,13 +3635,13 @@
+ 	(error
+ 	 (kill-buffer (tramp-get-connection-buffer v))
+ 	 (setq ret 1)))
+-      (unless ret
+-	;; Check return code.
+-	(setq ret (tramp-send-command-and-check v nil))
+-	;; Provide error file.
+-	(when (and stderr (string-match temp-name-prefix stderr))
+-	  (rename-file (tramp-make-tramp-file-name method user host stderr)
+-		       (cadr destination) t)))
++
++      ;; Check return code.
++      (unless ret (setq ret (tramp-send-command-and-check v nil)))
++      ;; Provide error file.
++      (when tmpstderr (rename-file tmpstderr (cadr destination) t))
++      ;; Cleanup.
++      (when tmpinput (delete-file tmpinput))
+       ;; Return exit status.
+       ret)))
+ 
+@@ -6013,7 +6038,7 @@
+ 	     l-user (or l-user "")
+ 	     l-port (or l-port "")
+ 	     spec `((?h . ,l-host) (?u . ,l-user) (?p . ,l-port)
+-		    (?t . ,(tramp-make-tramp-temp-file vec)))
++		    (?t . ,(tramp-make-tramp-temp-file vec 'dont-create)))
+ 	     command
+ 	     (concat
+ 	      command " "
diff --git a/app-emacs/tramp/tramp-2.1.10-r2.ebuild b/app-emacs/tramp/tramp-2.1.10-r2.ebuild
new file mode 100644
index 000000000000..0bc79ae70600
--- /dev/null
+++ b/app-emacs/tramp/tramp-2.1.10-r2.ebuild
@@ -0,0 +1,47 @@
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-emacs/tramp/tramp-2.1.10-r2.ebuild,v 1.1 2007/10/06 17:24:01 ulm Exp $
+
+inherit elisp eutils
+
+DESCRIPTION="Edit remote files like ange-ftp but with rlogin, telnet and/or ssh"
+HOMEPAGE="http://savannah.gnu.org/projects/tramp/"
+SRC_URI="mirror://gnu/${PN}/${P}.tar.gz"
+
+LICENSE="GPL-3 FDL-1.2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~ppc ~sparc ~x86"
+IUSE=""
+
+SITEFILE=51${PN}-gentoo.el
+
+src_unpack() {
+	unpack ${A}
+	epatch "${FILESDIR}/${P}-fix-texinfo.patch"
+	epatch "${FILESDIR}/${P}-copy-tree-gentoo.patch"
+	epatch "${FILESDIR}/${P}-make-tramp-temp-file.patch"
+}
+
+src_compile() {
+	econf || die "econf failed"
+	emake || die "emake failed"
+	elisp-make-autoload-file lisp/${PN}-autoloads.el lisp \
+		|| die "elisp-make-autoload-file failed"
+}
+
+src_install() {
+	einstall lispdir="${D}${SITELISP}/tramp" || die
+
+	mv "${D}/usr/share/info/tramp" "${D}/usr/share/info/tramp-info"
+
+	dohtml texi/*.html
+	if [ -f texi/tramp.dvi ]; then
+		insinto /usr/share/doc/${PF}
+		doins texi/tramp.dvi
+	fi
+
+	elisp-install ${PN} lisp/${PN}-autoloads.el
+	elisp-site-file-install "${FILESDIR}/${SITEFILE}"
+
+	dodoc README ChangeLog CONTRIBUTORS || die "dodoc failed"
+}
author	Ulrich Müller <ulm@gentoo.org>	2007-10-06 17:24:02 +0000
committer	Ulrich Müller <ulm@gentoo.org>	2007-10-06 17:24:02 +0000
commit	2a1072fa934ea9f97322a78d39db6447479bbaf4 (patch)
tree	7187e18c2caffa1f597d7e017e5cdaa3f55501e3 /app-emacs/tramp
parent	Version bump #194534 by Alon Bar-Lev. (diff)
download	historical-2a1072fa934ea9f97322a78d39db6447479bbaf4.tar.gz historical-2a1072fa934ea9f97322a78d39db6447479bbaf4.tar.bz2 historical-2a1072fa934ea9f97322a78d39db6447479bbaf4.zip