Report forwarded to debian-bugs-dist@lists.debian.org, Josip Rodin <joy-packages@debian.org>: Bug#328365; Package texinfo.
(full text, mbox, link).
Acknowledgement sent to Frank Lichtenheld <djpig@debian.org>:
New Bug report received and forwarded. Copy sent to Josip Rodin <joy-packages@debian.org>.
(full text, mbox, link).
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: temporary file race in texindex
Date: Wed, 14 Sep 2005 23:30:43 +0200
Package: texinfo
Version: 4.7-2.2
Severity: important
Tags: security
There is a race condition on creating temporary files in texindex.
The following function generates the name of the temporary file:
static char *
maketempname (int count)
{
static char *tempbase = NULL;
char tempsuffix[10];
if (!tempbase)
{
int fd;
tempbase = concat (tempdir, "txidxXXXXXX");
fd = mkstemp (tempbase);
if (fd == -1)
pfatal_with_name (tempbase);
}
sprintf (tempsuffix, ".%d", count);
return concat (tempbase, tempsuffix);
}
which is used later as
char *outname = maketempname (++tempcount);
FILE *ostream = fopen (outname, "w");
Since the further filenames are deterministic after the first one
is generated, this is easily exploitable.
The use case is rather rare though since the temporary file are only
generated if the file to sort is longer than 50.000 lines which is
probably not too common.
In OpenBSD this seems to have been fixed in 2000 (sic!), see this patch
http://www.openbsd.org/cgi-bin/cvsweb/src/gnu/usr.bin/texinfo/util/texindex.c.diff?r1=1.2&r2=1.3
(which probably doesn't apply today cleanly anymore but could be adapted).
It introduces a possibility for DoS but fixes the race...
Gruesse,
Frank Lichtenheld
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.8-2-k7
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Versions of packages texinfo depends on:
ii libc6 2.3.5-6 GNU C Library: Shared libraries an
texinfo recommends no packages.
-- no debconf information
Tags added: patch
Request was from Nico Golde <nico@ngolde.de>
to control@bugs.debian.org.
(full text, mbox, link).
Tags removed: patch
Request was from Nico Golde <nico@ngolde.de>
to control@bugs.debian.org.
(full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, Josip Rodin <joy-packages@debian.org>: Bug#328365; Package texinfo.
(full text, mbox, link).
Acknowledgement sent to Martin Pitt <martin.pitt@canonical.com>:
Extra info received and forwarded to list. Copy sent to Josip Rodin <joy-packages@debian.org>.
(full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, Josip Rodin <joy-packages@debian.org>: Bug#328365; Package texinfo.
(full text, mbox, link).
Acknowledgement sent to Frank Küster <frank@kuesterei.ch>:
Extra info received and forwarded to list. Copy sent to Josip Rodin <joy-packages@debian.org>.
(full text, mbox, link).
Cc: 328365@bugs.debian.org, Frank Lichtenheld <djpig@debian.org>,
Norbert
Preining <preining@logic.at>, bug-texinfo@gnu.org
Subject: temporary file race in texindex (was: CAN number)
Date: Wed, 28 Sep 2005 16:11:48 +0200
Martin Pitt <martin.pitt@canonical.com> wrote:
> Hi!
>
> This has been assigned CAN-2005-3011, please mention this number in
> the changelog when you fix this to allow easy tracking.
The current version, 4.8, is as well vulnerable:
frank@alhambra:~$ diff -u src/packages_for_sponsoring/texinfo-4.{7,8}/util/texindex.c
--- src/packages_for_sponsoring/texinfo-4.7/util/texindex.c 2004-03-18 23:26:53.000000000 +0100
+++ src/packages_for_sponsoring/texinfo-4.8/util/texindex.c 2004-04-11 19:56:47.000000000 +0200
@@ -1,5 +1,5 @@
/* texindex -- sort TeX index dribble output into an actual index.
- $Id: texindex.c,v 1.3 2004/03/18 22:26:53 karl Exp $
+ $Id: texindex.c,v 1.11 2004/04/11 17:56:47 karl Exp $
Copyright (C) 1987, 1991, 1992, 1996, 1997, 1998, 1999, 2000, 2001,
2002, 2003, 2004 Free Software Foundation, Inc.
I have no idea whether and how I can (request to) change the info in the CVE database.
Regards, Frank
P.S. Frank, since you seem to be working on the source code of 4.7,
maybe you want to join the discussion in #320413 about taking over the
package from Josip, who seems to be MIA.
--
Frank Küster
Inst. f. Biochemie der Univ. Zürich
Debian Developer
Information forwarded to debian-bugs-dist@lists.debian.org, Josip Rodin <joy-packages@debian.org>: Bug#328365; Package texinfo.
(full text, mbox, link).
Acknowledgement sent to Martin Pitt <mpitt@debian.org>:
Extra info received and forwarded to list. Copy sent to Josip Rodin <joy-packages@debian.org>.
(full text, mbox, link).
Hi Frank!
Frank Küster [2005-09-28 16:11 +0200]:
> The current version, 4.8, is as well vulnerable:
>
> frank@alhambra:~$ diff -u src/packages_for_sponsoring/texinfo-4.{7,8}/util/texindex.c
> --- src/packages_for_sponsoring/texinfo-4.7/util/texindex.c 2004-03-18 23:26:53.000000000 +0100
> +++ src/packages_for_sponsoring/texinfo-4.8/util/texindex.c 2004-04-11 19:56:47.000000000 +0200
> @@ -1,5 +1,5 @@
> /* texindex -- sort TeX index dribble output into an actual index.
> - $Id: texindex.c,v 1.3 2004/03/18 22:26:53 karl Exp $
> + $Id: texindex.c,v 1.11 2004/04/11 17:56:47 karl Exp $
>
> Copyright (C) 1987, 1991, 1992, 1996, 1997, 1998, 1999, 2000, 2001,
> 2002, 2003, 2004 Free Software Foundation, Inc.
Lol, I hope this is not the only difference between the versions. :-)
> I have no idea whether and how I can (request to) change the info in
> the CVE database.
You can mail cve@mitre.org and explain the issue, they will correct
it.
Thanks!
Martin
--
Martin Pitt http://www.piware.de
Ubuntu Developer http://www.ubuntulinux.org
Debian Developer http://www.debian.org
Information forwarded to debian-bugs-dist@lists.debian.org, Josip Rodin <joy-packages@debian.org>: Bug#328365; Package texinfo.
(full text, mbox, link).
Acknowledgement sent to Frank Lichtenheld <djpig@debian.org>:
Extra info received and forwarded to list. Copy sent to Josip Rodin <joy-packages@debian.org>.
(full text, mbox, link).
Subject: Re: temporary file race in texindex (was: CAN number)
Date: Wed, 28 Sep 2005 17:12:29 +0200
On Wed, Sep 28, 2005 at 04:11:48PM +0200, Frank Küster wrote:
> P.S. Frank, since you seem to be working on the source code of 4.7,
> maybe you want to join the discussion in #320413 about taking over the
> package from Josip, who seems to be MIA.
All my involvements with texinfo were either from the release team
perspective (as it is a basic package) or (in this case) out of
accident (one of my packages contains a local copy of the texinfo code
and I did a little security audit of it).
Please go ahead and highjack the package, it seems clearly warranted.
But I will not offer to co-maintain it, sorry...
Gruesse,
--
Frank Lichtenheld <djpig@debian.org>
www: http://www.djpig.de/
Information forwarded to debian-bugs-dist@lists.debian.org, Josip Rodin <joy-packages@debian.org>: Bug#328365; Package texinfo.
(full text, mbox, link).
Acknowledgement sent to karl@freefriends.org (Karl Berry):
Extra info received and forwarded to list. Copy sent to Josip Rodin <joy-packages@debian.org>.
(full text, mbox, link).
Subject: Re: temporary file race in texindex (was: CAN number)
Date: Wed, 28 Sep 2005 10:58:51 -0500
> This has been assigned CAN-2005-3011, please mention this number in
> the changelog when you fix this to allow easy tracking.
Someone, please send me the actual bug report, and (hopefully) a fix.
Thanks,
karl
Information forwarded to debian-bugs-dist@lists.debian.org, Josip Rodin <joy-packages@debian.org>: Bug#328365; Package texinfo.
(full text, mbox, link).
Acknowledgement sent to Frank Lichtenheld <djpig@debian.org>:
Extra info received and forwarded to list. Copy sent to Josip Rodin <joy-packages@debian.org>.
(full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, Josip Rodin <joy-packages@debian.org>: Bug#328365; Package texinfo.
(full text, mbox, link).
Acknowledgement sent to Frank Küster <frank@kuesterei.ch>:
Extra info received and forwarded to list. Copy sent to Josip Rodin <joy-packages@debian.org>.
(full text, mbox, link).
karl@freefriends.org (Karl Berry) wrote:
> > This has been assigned CAN-2005-3011, please mention this number in
> > the changelog when you fix this to allow easy tracking.
>
> Someone, please send me the actual bug report, and (hopefully) a fix.
Excuse me - any Debian bug report can be accessed via its bug number, so
this time it is
http://bugs.debian.org/328365
The text is:
,----
| There is a race condition on creating temporary files in texindex.
| The following function generates the name of the temporary file:
| static char *
| maketempname (int count)
| {
| static char *tempbase = NULL;
| char tempsuffix[10];
|
| if (!tempbase)
| {
| int fd;
| tempbase = concat (tempdir, "txidxXXXXXX");
|
| fd = mkstemp (tempbase);
| if (fd == -1)
| pfatal_with_name (tempbase);
| }
|
| sprintf (tempsuffix, ".%d", count);
| return concat (tempbase, tempsuffix);
| }
|
| which is used later as
|
| char *outname = maketempname (++tempcount);
| FILE *ostream = fopen (outname, "w");
|
| Since the further filenames are deterministic after the first one
| is generated, this is easily exploitable.
| The use case is rather rare though since the temporary file are only
| generated if the file to sort is longer than 50.000 lines which is
| probably not too common.
`----
Frank also commented on a potential patch:
,----
| In OpenBSD this seems to have been fixed in 2000 (sic!), see this patch
| http://www.openbsd.org/cgi-bin/cvsweb/src/gnu/usr.bin/texinfo/util/texindex.c.diff?r1=1.2&r2=1.3
| (which probably doesn't apply today cleanly anymore but could be adapted).
| It introduces a possibility for DoS but fixes the race...
|
`----
I don't see why texindex cannot simply use completely random filenames?
They are saved in an array and accessed as tempfiles[i], anyway.
Regards, Frank
--
Frank Küster
Inst. f. Biochemie der Univ. Zürich
Debian Developer
Information forwarded to debian-bugs-dist@lists.debian.org, Josip Rodin <joy-packages@debian.org>: Bug#328365; Package texinfo.
(full text, mbox, link).
Acknowledgement sent to Frank Küster <frank@kuesterei.ch>:
Extra info received and forwarded to list. Copy sent to Josip Rodin <joy-packages@debian.org>.
(full text, mbox, link).
karl@freefriends.org (Karl Berry) wrote:
> > This has been assigned CAN-2005-3011, please mention this number in
> > the changelog when you fix this to allow easy tracking.
>
> Someone, please send me the actual bug report, and (hopefully) a fix.
Karl, I forgot to ask you what happened to texindex.c between 4.7 and
4.8: It increased its revision control version number from 1.3 to 1.11,
but there are no changes - have they all been reverted?
Regards, Frank
--
Frank Küster
Inst. f. Biochemie der Univ. Zürich
Debian Developer
Information forwarded to debian-bugs-dist@lists.debian.org, Josip Rodin <joy-packages@debian.org>: Bug#328365; Package texinfo.
(full text, mbox, link).
Acknowledgement sent to karl@freefriends.org (Karl Berry):
Extra info received and forwarded to list. Copy sent to Josip Rodin <joy-packages@debian.org>.
(full text, mbox, link).
It increased its revision control version number from 1.3 to 1.11,
but there are no changes - have they all been reverted?
There were no changes to texindex.c. The $Id$ change isn't meaningful
-- it happened because of temporarily moving Texinfo to berlios (because
savannah was dead for months) and then moving it back.
| In OpenBSD this seems to have been fixed in 2000 (sic!), see this patch
Since the BSD folks (or Red Hat or anyone else but you, pretty much)
never bother to forward me any bugs or fixes they make, it's only by
random chance like this that I find out about them. I rarely have time
to go seeking them out.
I don't see why texindex cannot simply use completely random filenames?
Sounds fine to me. Any chance of sending me a clean patch? The BSD
patch has so many conflicts that it is hard to tell what is really being
changed in this regard.
Thanks,
k
Information forwarded to debian-bugs-dist@lists.debian.org, Josip Rodin <joy-packages@debian.org>: Bug#328365; Package texinfo.
(full text, mbox, link).
Acknowledgement sent to Henry Jensen <jensen@scan-plus.de>:
Extra info received and forwarded to list. Copy sent to Josip Rodin <joy-packages@debian.org>.
(full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, Josip Rodin <joy-packages@debian.org>: Bug#328365; Package texinfo.
(full text, mbox, link).
Acknowledgement sent to karl@freefriends.org (Karl Berry):
Extra info received and forwarded to list. Copy sent to Josip Rodin <joy-packages@debian.org>.
(full text, mbox, link).
I've adapted the OpenBSD stuff and created a patch. Maybe
you want to look at it if this works.
Thanks for doing this.
In general, the OpenBSD code seems to be a couple versions back, as it
has K&R function definitions and omits a couple other changes I made
(quite) a while ago.
I wonder if you could start with the current texindex.c and make a patch
with only the mk*temp changes? I could separate it out from your patch
given time, but it will happen that much faster if you wouldn't mind
going that extra step.
The race-condition fix itself looks fine to me, although I admit I am
not especially expert at such things.
Thanks again,
Karl
Information forwarded to debian-bugs-dist@lists.debian.org, Josip Rodin <joy-packages@debian.org>: Bug#328365; Package texinfo.
(full text, mbox, link).
Acknowledgement sent to Norbert Preining <preining@logic.at>:
Extra info received and forwarded to list. Copy sent to Josip Rodin <joy-packages@debian.org>.
(full text, mbox, link).
On Fre, 30 Sep 2005, Karl Berry wrote:
> I've adapted the OpenBSD stuff and created a patch. Maybe
> you want to look at it if this works.
>
> Thanks for doing this.
>
> In general, the OpenBSD code seems to be a couple versions back, as it
> has K&R function definitions and omits a couple other changes I made
> (quite) a while ago.
In fact the patch seems to be against texinfo-4.8, the last released
version of texinfo.
One question: For the upcoming texinfo-4.8 package in Debian, can I use
the patch of Henry, Karl?
Best wishes
Norbert
-------------------------------------------------------------------------------
Dr. Norbert Preining <preining AT logic DOT at> Università di Siena
sip:preining@at43.tuwien.ac.at +43 (0) 59966-690018
gpg DSA: 0x09C5B094 fp: 14DF 2E6C 0307 BE6D AD76 A9C0 D2BF 4AA3 09C5 B094
-------------------------------------------------------------------------------
MEATHOP (n.)
One who sets off for the scene of an aircraft crash with a picnic
hamper.
--- Douglas Adams, The Meaning of Liff
Information forwarded to debian-bugs-dist@lists.debian.org, Josip Rodin <joy-packages@debian.org>: Bug#328365; Package texinfo.
(full text, mbox, link).
Acknowledgement sent to karl@freefriends.org (Karl Berry):
Extra info received and forwarded to list. Copy sent to Josip Rodin <joy-packages@debian.org>.
(full text, mbox, link).
In fact the patch seems to be against texinfo-4.8, the last released
version of texinfo.
Well, the patch applies, but that's not what I was saying.
One question: For the upcoming texinfo-4.8 package in Debian, can I use
the patch of Henry, Karl?
It's up to you, but I don't advise it. It reverts many declarations to
K&R form (i.e., a much older texindex.c). Aside from that, it also
reverts at least one bug fix I made regarding initials (years ago).
Perhaps you or someone could work on just making a patch which fixes the
race condition without all the other extraneous (and undesirable) changes.
That would help me.
Thanks,
Karl
Information forwarded to debian-bugs-dist@lists.debian.org, Josip Rodin <joy-packages@debian.org>: Bug#328365; Package texinfo.
(full text, mbox, link).
Acknowledgement sent to Norbert Preining <preining@logic.at>:
Extra info received and forwarded to list. Copy sent to Josip Rodin <joy-packages@debian.org>.
(full text, mbox, link).
On Son, 02 Okt 2005, Karl Berry wrote:
> It's up to you, but I don't advise it. It reverts many declarations to
> K&R form (i.e., a much older texindex.c). Aside from that, it also
> reverts at least one bug fix I made regarding initials (years ago).
>
> Perhaps you or someone could work on just making a patch which fixes the
> race condition without all the other extraneous (and undesirable) changes.
> That would help me.
Can you please comment on my first try on this, attached. I removed all
the unneccessary stuff I found, and it still compiles.
Please comment.
Best wishes
Norbert
-------------------------------------------------------------------------------
Dr. Norbert Preining <preining AT logic DOT at> Università di Siena
sip:preining@at43.tuwien.ac.at +43 (0) 59966-690018
gpg DSA: 0x09C5B094 fp: 14DF 2E6C 0307 BE6D AD76 A9C0 D2BF 4AA3 09C5 B094
-------------------------------------------------------------------------------
SCORRIER (n.)
A small hunting dog trained to snuffle amongst your private parts.
--- Douglas Adams, The Meaning of Liff
Information forwarded to debian-bugs-dist@lists.debian.org, Josip Rodin <joy-packages@debian.org>: Bug#328365; Package texinfo.
(full text, mbox, link).
Acknowledgement sent to karl@freefriends.org (Karl Berry):
Extra info received and forwarded to list. Copy sent to Josip Rodin <joy-packages@debian.org>.
(full text, mbox, link).
Can you please comment on my first try on this, attached.
That looks just fine. I'll apply it later today or tomorrow. Thanks
Norbert!
Information forwarded to debian-bugs-dist@lists.debian.org, Josip Rodin <joy-packages@debian.org>: Bug#328365; Package texinfo.
(full text, mbox, link).
Acknowledgement sent to Florian Weimer <fw@deneb.enyo.de>:
Extra info received and forwarded to list. Copy sent to Josip Rodin <joy-packages@debian.org>.
(full text, mbox, link).
Cc: 328365@bugs.debian.org, Karl Berry <karl@freefriends.org>, jensen@scan-plus.de, frank@kuesterei.ch
Subject: Re: Bug#328365: temporary file race in texindex
Date: Wed, 05 Oct 2005 13:06:39 +0200
* Norbert Preining:
> + fd = open (name, O_CREAT|O_EXCL|O_WRONLY, 0666);
0600? 0666 might lead to an information leak.
> @@ -1615,14 +1626,15 @@
> /* Return a newly-allocated string concatenating S1 and S2. */
This comment is outdated after the patch.
Information forwarded to debian-bugs-dist@lists.debian.org, Josip Rodin <joy-packages@debian.org>: Bug#328365; Package texinfo.
(full text, mbox, link).
Acknowledgement sent to Norbert Preining <preining@logic.at>:
Extra info received and forwarded to list. Copy sent to Josip Rodin <joy-packages@debian.org>.
(full text, mbox, link).
Cc: 328365@bugs.debian.org, Karl Berry <karl@freefriends.org>,
jensen@scan-plus.de, frank@kuesterei.ch
Subject: Re: Bug#328365: temporary file race in texindex
Date: Wed, 5 Oct 2005 15:15:09 +0200
Karl?
Your cvs also shows 0666. I guess 0600 would be ok.
On Mit, 05 Okt 2005, Florian Weimer wrote:
> * Norbert Preining:
>
> > + fd = open (name, O_CREAT|O_EXCL|O_WRONLY, 0666);
>
> 0600? 0666 might lead to an information leak.
>
> > @@ -1615,14 +1626,15 @@
> > /* Return a newly-allocated string concatenating S1 and S2. */
>
> This comment is outdated after the patch.
Best wishes
Norbert
-------------------------------------------------------------------------------
Dr. Norbert Preining <preining AT logic DOT at> Università di Siena
sip:preining@at43.tuwien.ac.at +43 (0) 59966-690018
gpg DSA: 0x09C5B094 fp: 14DF 2E6C 0307 BE6D AD76 A9C0 D2BF 4AA3 09C5 B094
-------------------------------------------------------------------------------
BRECON
That part of the toenail which is designed to snag on nylon sheets.
--- Douglas Adams, The Meaning of Liff
Information forwarded to debian-bugs-dist@lists.debian.org, Josip Rodin <joy-packages@debian.org>: Bug#328365; Package texinfo.
(full text, mbox, link).
Acknowledgement sent to karl@freefriends.org (Karl Berry):
Extra info received and forwarded to list. Copy sent to Josip Rodin <joy-packages@debian.org>.
(full text, mbox, link).
Subject: Re: Bug#328365: temporary file race in texindex
Date: Wed, 5 Oct 2005 18:51:35 -0500
0600? 0666 might lead to an information leak.
Thanks, changed.
This comment is outdated after the patch.
Right. I fixed that comment and a couple other minor things when I applied.
Thanks,
Karl
Information forwarded to debian-bugs-dist@lists.debian.org, Josip Rodin <joy-packages@debian.org>: Bug#328365; Package texinfo.
(full text, mbox, link).
Acknowledgement sent to Martin Pitt <martin.pitt@canonical.com>:
Extra info received and forwarded to list. Copy sent to Josip Rodin <joy-packages@debian.org>.
(full text, mbox, link).
Hi!
Since the previously proposed patch is very intrusive and not really
appropriate for a security update, I created my own minimal patch:
http://patches.ubuntu.com/patches/texinfo.CAN-2005-3011.diff
It basically uses the same strategy without touching other code parts.
Maybe it is useful for somebody.
Thanks,
Martin
--
Martin Pitt http://www.piware.de
Ubuntu Developer http://www.ubuntu.com
Debian Developer http://www.debian.org
In a world without walls and fences, who needs Windows and Gates?
Information forwarded to debian-bugs-dist@lists.debian.org, Josip Rodin <joy-packages@debian.org>: Bug#328365; Package texinfo.
(full text, mbox, link).
Acknowledgement sent to Norbert Preining <preining@logic.at>:
Extra info received and forwarded to list. Copy sent to Josip Rodin <joy-packages@debian.org>.
(full text, mbox, link).
Subject: Re: Ubuntu patch for texinfo (CAN-2005-3011)
Date: Thu, 6 Oct 2005 12:19:48 +0200
On Don, 06 Okt 2005, Martin Pitt wrote:
> Since the previously proposed patch is very intrusive and not really
> appropriate for a security update, I created my own minimal patch:
>
> http://patches.ubuntu.com/patches/texinfo.CAN-2005-3011.diff
This one seems to be a bit limited. Maybe you want to take a look into
the patch I included into texinfo_4.8-1 (uploaded soon, sponsored by
Frank), which is more or less the CVS fix of Karl.
http://www.tug.org/texlive/Debian/texinfo/texinfo_4.8-1.diff.gz
Best wishes
Norbert
-------------------------------------------------------------------------------
Dr. Norbert Preining <preining AT logic DOT at> Università di Siena
sip:preining@at43.tuwien.ac.at +43 (0) 59966-690018
gpg DSA: 0x09C5B094 fp: 14DF 2E6C 0307 BE6D AD76 A9C0 D2BF 4AA3 09C5 B094
-------------------------------------------------------------------------------
TYNE and WEAR (nouns)
The 'Tyne' is the small priceless or vital object accidentally dropped
on the floor (e.g. diamond tie clip, contact lens) and the 'wear' is
the large immovable object (e.g. Welsh dresser, car-crusher) that it
shelters under.
--- Douglas Adams, The Meaning of Liff
Information forwarded to debian-bugs-dist@lists.debian.org, Josip Rodin <joy-packages@debian.org>: Bug#328365; Package texinfo.
(full text, mbox, link).
Acknowledgement sent to Martin Pitt <mpitt@debian.org>:
Extra info received and forwarded to list. Copy sent to Josip Rodin <joy-packages@debian.org>.
(full text, mbox, link).
Hi Norbert!
Norbert Preining [2005-10-06 12:19 +0200]:
> On Don, 06 Okt 2005, Martin Pitt wrote:
> > Since the previously proposed patch is very intrusive and not really
> > appropriate for a security update, I created my own minimal patch:
> >
> > http://patches.ubuntu.com/patches/texinfo.CAN-2005-3011.diff
>
> This one seems to be a bit limited.
As far as I can see, it should prevent the race condition as good as
your patch.
> Maybe you want to take a look into the patch I included into
> texinfo_4.8-1 (uploaded soon, sponsored by Frank), which is more or
> less the CVS fix of Karl.
I'm aware of this patch, but it is far too intrusive (for my taste) as
a patch for a security update for a stable release. It was meant to be
an appropirate fix for Sarge and Ubuntu stable releases; I didn't want
you to change the Sid patch, that's fine. :-)
Martin
--
Martin Pitt http://www.piware.de
Ubuntu Developer http://www.ubuntu.com
Debian Developer http://www.debian.org
In a world without walls and fences, who needs Windows and Gates?
Source: texinfo
Source-Version: 4.8-1
We believe that the bug you reported is fixed in the latest version of
texinfo, which is due to be installed in the Debian FTP archive:
info_4.8-1_i386.deb
to pool/main/t/texinfo/info_4.8-1_i386.deb
texinfo_4.8-1.diff.gz
to pool/main/t/texinfo/texinfo_4.8-1.diff.gz
texinfo_4.8-1.dsc
to pool/main/t/texinfo/texinfo_4.8-1.dsc
texinfo_4.8-1_i386.deb
to pool/main/t/texinfo/texinfo_4.8-1_i386.deb
texinfo_4.8.orig.tar.gz
to pool/main/t/texinfo/texinfo_4.8.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 328365@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Norbert Preining <preining@logic.at> (supplier of updated texinfo package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 3 Oct 2005 13:01:02 +0200
Source: texinfo
Binary: texinfo info
Architecture: source i386
Version: 4.8-1
Distribution: unstable
Urgency: medium
Maintainer: Norbert Preining <preining@logic.at>
Changed-By: Norbert Preining <preining@logic.at>
Description:
info - Standalone GNU Info documentation browser
texinfo - Documentation system for on-line information and printed output
Closes: 181793193856204202205022221988253124259280259561261742263853265605267497277754277921285983293053293337308280313844314513320413328365330219
Changes:
texinfo (4.8-1) unstable; urgency=medium
.
* Urgency medium because we fix security bug #328365, see second last
item.
* New maintainer: Taking over from Josip Rodin <joy-packages@debian.org>
as he seems to have abandoned texinfo.
* Acknowledge previous NMU (Closes: #267497, #259280)
* new upstream release
- provides texi2pdf (Closes: #320413)
- fixes loss of pipe character in TeX verbatim mode (Closes: #181793)
- fixes incorrect html output (Closes: #204202, #205022)
- output correct XML (Closes: #221988)
- adds commands for sans serif fonts (Closes: #277754)
- fixes crash on first backspace (Closes: #259561)
- fixes buffer overflow in 'Follow xref' (Closes: #263853)
- fixes various navigation crashes (Closes: #265605, #293337, #308280,
#314513)
- fixes segfault with --xml and -D (Closes: #330219)
- fixes segfault with -f'*manpages*' (Closes: #193856)
* install texinfo HTML documentation (Closes: #277921)
* include changes by Pierre Machard for Replaces (Closes: #261742)
* make postinst script POSIX-compliant, don't use command (Closes: #293053)
* fix de.po, thanks Jens Seidel (Closes: #313844)
* install install-info as ginstall-info (Closes: #285983)
* bumped Standards-Version to 3.6.2.1 (no changes necessary)
* change debian compat version to 4
* dump most patches from previous versions as they are incorporated
upstream, and change to dpatch system, adding Build-Depends on dpatch
* fixes to bashism in postinst scripts, fix wrong adress of FSF
* add manpage for texi2pdf from teTeX 2.0.2
* Now depends on tex-common, or tetex-bin until teTeX-3.0 is in unstable.
* texinfo formats are not necessary anymore, since texi2* do not use
the formats, and the new teTeX will not need to generate texinfo formats.
Thus bug #253124 will not be fixed. (Closes: #253124)
* Include a tempfile race fix based on the patch by Henry Jensen
(CAN-2005-3011) (Closes: #328365)
* Upload sponsored by Frank Küster <frank@debian.org>
Files:
eca3533c2f04726aba764d9f9cab3ab5 615 doc standard texinfo_4.8-1.dsc
4e9a1a591ed236003d0d4b008bf07eef 2140626 doc standard texinfo_4.8.orig.tar.gz
c996634f4d305e752decec99bb35e7bc 13420 doc standard texinfo_4.8-1.diff.gz
403f6f555585503c2172af651b46dd95 1211244 text standard texinfo_4.8-1_i386.deb
0a6b62f4c40c408857519f2ae46e5619 194778 doc important info_4.8-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDS/jh+xs9YyJS+hoRAodrAKCXQpcFNOnpgjgD1ZCuTZwSgvWIUgCgsXsM
CvaROEWmbDeTm/oAXSBVckM=
=I6wW
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Tue, 26 Jun 2007 06:18:26 GMT) (full text, mbox, link).
Debbugs is free software and licensed under the terms of the GNU General
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.