rpms
/
nano
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

merge into: rpms:c9
Branches Tags
rpms:i10cs
rpms:cs10
rpms:i10c-beta
rpms:c10-beta
rpms:i9c-beta
rpms:c9-beta
rpms:i8c
rpms:c8
rpms:i9c
rpms:c9
...
pull from: rpms:i8c
Branches Tags
rpms:i10cs
rpms:cs10
rpms:i10c-beta
rpms:c10-beta
rpms:i9c-beta
rpms:c9-beta
rpms:i8c
rpms:c8
rpms:i9c
rpms:c9

No commits in common. 'c9' and 'i8c' have entirely different histories.
c9 ... i8c

7 changed files with 143 additions and 195 deletions
Show Stats

2
.gitignore vendored
Unescape View File

@ -1 +1 @@
SOURCES/nano-5.6.1.tar.xz SOURCES/nano-2.9.8.tar.gz

2
.nano.metadata
Unescape View File

@ -1 +1 @@
463aca6df6976d6f21fbec734ae7cf6024dc35c0 SOURCES/nano-5.6.1.tar.xz f0b55fbc16d4ecf259b9f25a028fe2e381f02d08 SOURCES/nano-2.9.8.tar.gz

110
SOURCES/nano-2.9.8-emergency-file-replace-vuln.patch
Unescape View File

@ -0,0 +1,110 @@
From 5e7a3c2e7e118c7f12d5dfda9f9140f638976aa2 Mon Sep 17 00:00:00 2001
From: Benno Schulenberg <bensberg@telfort.nl>
Date: Sun, 28 Apr 2024 10:51:52 +0200
Subject: files: run `chmod` and `chown` on the descriptor, not on the filename
This closes a window of opportunity where the emergency file could be
replaced by a malicious symlink.
The issue was reported by `MartinJM` and `InvisibleMeerkat`.
Problem existed since version 2.2.0, commit 123110c5, when chmodding
and chowning of the emergency .save file was added.
Cherry-picked-by: Lukáš Zaoral <lzaoral@redhat.com>
Upstream-commit: 5e7a3c2e7e118c7f12d5dfda9f9140f638976aa2
---
src/files.c | 18 +++++++++++++++---
src/nano.c | 12 +-----------
src/nano.h | 2 +-
3 files changed, 17 insertions(+), 15 deletions(-)
diff --git a/src/files.c b/src/files.c
index 8cdf195..e822068 100644
--- a/src/files.c
+++ b/src/files.c
@@ -1551,7 +1551,7 @@ bool write_file(const char *name, FILE *f_open, bool tmp,
* set retval and then goto cleanup_and_exit. */
size_t lineswritten = 0;
const filestruct *fileptr = openfile->fileage;
- int fd;
+ int fd = 0;
/* The file descriptor we use. */
mode_t original_umask = 0;
/* Our umask, from when nano started. */
@@ -1920,14 +1920,26 @@ bool write_file(const char *name, FILE *f_open, bool tmp,
goto cleanup_and_exit;
}
- if (copy_file(f_source, f, TRUE) != 0) {
+ if (copy_file(f_source, f, FALSE) != 0) {
statusline(ALERT, _("Error writing %s: %s"), realname,
strerror(errno));
goto cleanup_and_exit;
}
unlink(tempname);
- } else if (fclose(f) != 0) {
+ }
+
+#ifndef NANO_TINY
+ /* Change permissions and owner of an emergency save file to the values
+ * of the original file, but ignore any failure as we are in a hurry. */
+ if (method == EMERGENCY && fd && openfile->current_stat) {
+ IGNORE_CALL_RESULT(fchmod(fd, openfile->current_stat->st_mode));
+ IGNORE_CALL_RESULT(fchown(fd, openfile->current_stat->st_uid,
+ openfile->current_stat->st_gid));
+ }
+#endif
+
+ if (fclose(f) != 0) {
statusline(ALERT, _("Error writing %s: %s"), realname,
strerror(errno));
goto cleanup_and_exit;
diff --git a/src/nano.c b/src/nano.c
index 79b5450..9b9c468 100644
--- a/src/nano.c
+++ b/src/nano.c
@@ -644,7 +644,7 @@ void emergency_save(const char *die_filename, struct stat *die_stat)
targetname = get_next_filename(die_filename, ".save");
if (*targetname != '\0')
- failed = !write_file(targetname, NULL, TRUE, OVERWRITE, FALSE);
+ failed = !write_file(targetname, NULL, TRUE, EMERGENCY, FALSE);
if (!failed)
fprintf(stderr, _("\nBuffer written to %s\n"), targetname);
@@ -655,16 +655,6 @@ void emergency_save(const char *die_filename, struct stat *die_stat)
fprintf(stderr, _("\nBuffer not written: %s\n"),
_("Too many backup files?"));
-#ifndef NANO_TINY
- /* Try to chmod/chown the saved file to the values of the original file,
- * but ignore any failure as we are in a hurry to get out. */
- if (die_stat) {
- IGNORE_CALL_RESULT(chmod(targetname, die_stat->st_mode));
- IGNORE_CALL_RESULT(chown(targetname, die_stat->st_uid,
- die_stat->st_gid));
- }
-#endif
-
free(targetname);
}
diff --git a/src/nano.h b/src/nano.h
index 4fd186a..5e22fb7 100644
--- a/src/nano.h
+++ b/src/nano.h
@@ -157,7 +157,7 @@ typedef enum {
} message_type;
typedef enum {
- OVERWRITE, APPEND, PREPEND
+ OVERWRITE, APPEND, PREPEND, EMERGENCY
} kind_of_writing_type;
typedef enum {
--
2.45.2

5
SOURCES/nano-default-editor.csh
Unescape View File

@ -1,5 +0,0 @@
# Ensure GNU nano is set as EDITOR if it isn't already set
if ( ! ($?EDITOR) ) then
setenv EDITOR "/usr/bin/nano"
endif

8
SOURCES/nano-default-editor.fish
Unescape View File

@ -1,8 +0,0 @@
# Ensure GNU nano is set as EDITOR if it isn't already set
# This is set as a universal variable so that any other definition
# by the user would win
# Cf. https://fishshell.com/docs/current/index.html#variables-scope
if ! set -q EDITOR;
set -x EDITOR /usr/bin/nano
end

5
SOURCES/nano-default-editor.sh
Unescape View File

@ -1,5 +0,0 @@
# Ensure GNU nano is set as EDITOR if it isn't already set
if [ -z "$EDITOR" ]; then
export EDITOR="/usr/bin/nano"
fi

206
SPECS/nano.spec
Unescape View File

@ -1,52 +1,30 @@
# build nano-default-editor by default only on fedora
%if 0%{?fedora}
%bcond_without default_editor
%else
%bcond_with default_editor
%endif
Summary: A small text editor Summary: A small text editor
Name: nano Name: nano
Version: 5.6.1 Version: 2.9.8
Release: 5%{?dist} Release: 3%{?dist}
License: GPLv3+ License: GPLv3+
URL: https://www.nano-editor.org URL: https://www.nano-editor.org
Source: https://www.nano-editor.org/dist/latest/%{name}-%{version}.tar.xz Source: https://www.nano-editor.org/dist/v2.9/%{name}-%{version}.tar.gz
Source2: nanorc Source2: nanorc
# Shell snippets for default-editor setup # fix emergency file replacement vulnerability (CVE-2024-5742)
Source11: nano-default-editor.sh Patch0: nano-2.9.8-emergency-file-replace-vuln.patch
Source12: nano-default-editor.csh
Source13: nano-default-editor.fish
BuildRequires: file-devel BuildRequires: file-devel
BuildRequires: gettext-devel BuildRequires: gettext-devel
BuildRequires: gcc BuildRequires: gcc
BuildRequires: git BuildRequires: git
BuildRequires: groff BuildRequires: groff
BuildRequires: make
BuildRequires: ncurses-devel BuildRequires: ncurses-devel
BuildRequires: sed BuildRequires: sed
BuildRequires: texinfo BuildRequires: texinfo
Conflicts: filesystem < 3 Conflicts: filesystem < 3
Requires(post): /sbin/install-info
Requires(preun): /sbin/install-info
%description %description
GNU nano is a small and friendly text editor. GNU nano is a small and friendly text editor.
%if %{with default_editor}
%package default-editor
Summary: Sets GNU nano as the default editor
Requires: nano = %{version}-%{release}
# Ensure that only one package with this capability is installed
Provides: system-default-editor
Conflicts: system-default-editor
BuildArch: noarch
%description default-editor
This package ensures the EDITOR shell variable
is set in common shells to GNU nano.
%endif
%prep %prep
%autosetup -S git %autosetup -S git
@ -55,12 +33,14 @@ mkdir build
cd build cd build
%global _configure ../configure %global _configure ../configure
%configure %configure
%make_build make %{?_smp_mflags}
# generate default /etc/nanorc # generate default /etc/nanorc
# - disable line wrapping by default
# - set hunspell as the default spell-checker # - set hunspell as the default spell-checker
# - enable syntax highlighting by default (#1270712) # - enable syntax highlighting by default (#1270712)
sed -e 's/^#.*set speller.*$/set speller "hunspell"/' \ sed -e 's/# set nowrap/set nowrap/' \
-e 's/^#.*set speller.*$/set speller "hunspell"/' \
-e 's|^# \(include "/usr/share/nano/\*.nanorc"\)|\1|' \ -e 's|^# \(include "/usr/share/nano/\*.nanorc"\)|\1|' \
%{SOURCE2} doc/sample.nanorc > ./nanorc %{SOURCE2} doc/sample.nanorc > ./nanorc
@ -76,18 +56,21 @@ rm -f %{buildroot}%{_docdir}/nano/{nano,nano.1,nanorc.5,rnano.1}.html
mkdir -p %{buildroot}%{_sysconfdir} mkdir -p %{buildroot}%{_sysconfdir}
install -m 0644 ./nanorc %{buildroot}%{_sysconfdir}/nanorc install -m 0644 ./nanorc %{buildroot}%{_sysconfdir}/nanorc
# enable all extra syntax highlighting files by default
mv %{buildroot}%{_datadir}/nano/extra/* %{buildroot}%{_datadir}/nano
rm -rf %{buildroot}%{_datadir}/nano/extra
%find_lang %{name} %find_lang %{name}
%if %{with default_editor} %post
# install nano-default-editor snippets if [ -f %{_infodir}/%{name}.info.gz ]; then
install -Dpm 0644 %{SOURCE11} %{buildroot}%{_sysconfdir}/profile.d/%{basename:%{S:11}} /sbin/install-info %{_infodir}/%{name}.info.gz %{_infodir}/dir
install -Dpm 0644 %{SOURCE12} %{buildroot}%{_sysconfdir}/profile.d/%{basename:%{S:12}} fi
install -Dpm 0644 %{SOURCE13} %{buildroot}%{_datadir}/fish/vendor_conf.d/%{basename:%{S:13}} exit 0
%endif
%preun
if [ $1 -eq 0 ]; then
if [ -f %{_infodir}/%{name}.info.gz ]; then
/sbin/install-info --delete %{_infodir}/%{name}.info.gz %{_infodir}/dir
fi
fi
exit 0
%files -f build/%{name}.lang %files -f build/%{name}.lang
%doc AUTHORS COPYING ChangeLog INSTALL NEWS README THANKS TODO %doc AUTHORS COPYING ChangeLog INSTALL NEWS README THANKS TODO
@ -99,143 +82,16 @@ install -Dpm 0644 %{SOURCE13} %{buildroot}%{_datadir}/fish/vendor_conf.d/%{basen
%{_infodir}/nano.info* %{_infodir}/nano.info*
%{_datadir}/nano %{_datadir}/nano
%if %{with default_editor}
%files default-editor
%dir %{_sysconfdir}/profile.d
%config(noreplace) %{_sysconfdir}/profile.d/nano-default-editor.*
%dir %{_datadir}/fish/vendor_conf.d
%{_datadir}/fish/vendor_conf.d/nano-default-editor.fish
%endif
%changelog %changelog
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 5.6.1-5 * Thu Jul 11 2024 Lukáš Zaoral <lzaoral@redhat.com> - 2.9.8-3
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags - fix incomplete backport of the fix for the emergency file replacement
Related: rhbz#1991688 vulnerability (RHEL-35236)
* Thu Jun 10 2021 Florian Weimer <fweimer@redhat.com> - 5.6.1-4
- Rebuild with updated binutils (#1960667)
* Wed May 05 2021 Kamil Dudka <kdudka@redhat.com> - 5.6.1-3
- build nano-default-editor by default only on fedora
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 5.6.1-2
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Wed Mar 03 2021 Kamil Dudka <kdudka@redhat.com> - 5.6.1-1
- new upstream release
* Wed Feb 24 2021 Kamil Dudka <kdudka@redhat.com> - 5.6-1
- new upstream release
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 5.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Thu Jan 14 2021 Kamil Dudka <kdudka@redhat.com> - 5.5-1
- new upstream release
* Wed Dec 02 2020 Kamil Dudka <kdudka@redhat.com> - 5.4-1
- new upstream release
* Thu Oct 15 2020 Zdenek Dohnal <zdohnal@redhat.com> - 5.3-4
- fix nano-default-editor.fish - don't give EDITOR an universal scope
* Mon Oct 12 2020 Neal Gompa <ngompa13@gmail.com> - 5.3-3
- Ensure default-editor subpackage is easily swappable
* Thu Oct 08 2020 Neal Gompa <ngompa13@gmail.com> - 5.3-2
- Enable all extra definitions for syntax highlighting (#1886561)
* Wed Oct 07 2020 Kamil Dudka <kdudka@redhat.com> - 5.3-1
- new upstream release
* Mon Aug 24 2020 Kamil Dudka <kdudka@redhat.com> - 5.2-1
- new upstream release
* Sat Aug 15 2020 Kamil Dudka <kdudka@redhat.com> - 5.1-1
- new upstream release
* Thu Jul 30 2020 Kamil Dudka <kdudka@redhat.com> - 5.0-1
- new upstream release
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 4.9.3-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Thu Jul 23 2020 Tom Stellard <tstellar@redhat.com> - 4.9.3-3
- Use make macros
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
* Thu Jul 16 2020 Neal Gompa <ngompa13@gmail.com> - 4.9.3-2
- Add default-editor subpackage (#1854444)
* Mon May 25 2020 Kamil Dudka <kdudka@redhat.com> - 4.9.3-1
- new upstream release
* Tue Apr 07 2020 Kamil Dudka <kdudka@redhat.com> - 4.9.2-1 * Thu Jul 04 2024 Lukáš Zaoral <lzaoral@redhat.com> - 2.9.8-2
- new upstream release - fix emergency file replacement vulnerability (RHEL-35236)
* Tue Mar 31 2020 Kamil Dudka <kdudka@redhat.com> - 4.9.1-1
- new upstream release
* Tue Mar 24 2020 Kamil Dudka <kdudka@redhat.com> - 4.9-1
- new upstream release
* Fri Feb 07 2020 Kamil Dudka <kdudka@redhat.com> - 4.8-1
- new upstream release
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 4.7-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Mon Dec 23 2019 Kamil Dudka <kdudka@redhat.com> - 4.7-1
- new upstream release
* Fri Nov 29 2019 Kamil Dudka <kdudka@redhat.com> - 4.6-1
- new upstream release
* Fri Oct 04 2019 Kamil Dudka <kdudka@redhat.com> - 4.5-1
- new upstream release
* Mon Aug 26 2019 Kamil Dudka <kdudka@redhat.com> - 4.4-1
- new upstream release
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 4.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Tue Jun 18 2019 Kamil Dudka <kdudka@redhat.com> - 4.3-1
- new upstream release
* Tue May 28 2019 Kamil Dudka <kdudka@redhat.com> - 4.2-2
- fix possible crash while opening help
* Wed Apr 24 2019 Kamil Dudka <kdudka@redhat.com> - 4.2-1
- new upstream release
* Mon Apr 15 2019 Kamil Dudka <kdudka@redhat.com> - 4.1-1
- new upstream release
* Tue Apr 02 2019 Kamil Dudka <kdudka@redhat.com> - 4.0-2
- make sure that variables on stack are initialized
* Mon Mar 25 2019 Kamil Dudka <kdudka@redhat.com> - 4.0-1
- new upstream release
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Mon Nov 12 2018 Kamil Dudka <kdudka@redhat.com> - 3.2-1
- new upstream release
* Wed Sep 19 2018 Kamil Dudka <kdudka@redhat.com> - 3.1-1
- new upstream release
* Fri Sep 14 2018 Kamil Dudka <kdudka@redhat.com> - 3.0-2
- when Ctrl+Shift+Delete has no key code, do not fall back to KEY_BACKSPACE
* Mon Sep 10 2018 Kamil Dudka <kdudka@redhat.com> - 3.0-1
- new upstream release
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.8-2 * Wed Jul 26 2023 MSVSphere Packaging Team <packager@msvsphere.ru> - 2.9.8-1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild - Rebuilt for MSVSphere 8.8
* Mon Jun 04 2018 Kamil Dudka <kdudka@redhat.com> - 2.9.8-1 * Mon Jun 04 2018 Kamil Dudka <kdudka@redhat.com> - 2.9.8-1
- new upstream release - new upstream release

Write Preview
Loading…
Cancel
Save