Hello community, here is the log from the commit of package mc for openSUSE:Factory checked in at 2014-04-03 17:10:44 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/mc (Old) and /work/SRC/openSUSE:Factory/.mc.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "mc" Changes: -------- --- /work/SRC/openSUSE:Factory/mc/mc.changes 2014-02-11 10:38:15.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.mc.new/mc.changes 2014-04-03 17:10:45.000000000 +0200 @@ -1,0 +2,22 @@ +Wed Apr 2 19:35:48 UTC 2014 - dnh@opensuse.org + +- update to 4.8.12 +- remove mc-vfs_fish_helpers_ls-formatstring.diff (fixed upstream) +- change mc-extfs-iso9660-xorriso.patch to work with upstream fix + +------------------------------------------------------------------- +Sat Mar 15 15:35:23 UTC 2014 - dnh@opensuse.org + +- fix bug ("%i" is not an appropriate format for off_t) in + mc-vfs_fish_helpers_ls-formatstring.diff, thanks to andrew_b + of upstream in mc-ticket:2983 + +Sat Mar 15 13:58:42 UTC 2014 - dnh@opensuse.org + +- add mc-vfs_fish_helpers_ls-formatstring.diff + fixing possible format-string attack via filename + http://www.midnight-commander.org/ticket/2983 + until http://www.midnight-commander.org/ticket/3128 + is fixed, fish should stay disabled though! + +------------------------------------------------------------------- @@ -5,0 +28,7 @@ + +------------------------------------------------------------------- +Tue Jan 14 03:37:35 UTC 2014 - dnh@opensuse.org + +- add preliminary patch by Sebastian Siebert + mc-vfs-fish-deleted_source_file.patch + bnc#856501 and http://www.midnight-commander.org/ticket/3128 Old: ---- mc-4.8.11.tar.xz New: ---- mc-4.8.12.tar.xz mc-vfs-fish-deleted_source_file.patch mc-vfs_fish_helpers_ls-formatstring.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ mc.spec ++++++ --- /var/tmp/diff_new_pack.OiRAKr/_old 2014-04-03 17:10:46.000000000 +0200 +++ /var/tmp/diff_new_pack.OiRAKr/_new 2014-04-03 17:10:46.000000000 +0200 @@ -21,7 +21,7 @@ License: GPL-3.0+ Group: Productivity/File utilities Url: http://midnight-commander.org/ -Version: 4.8.11 +Version: 4.8.12 Release: 0 #Git-Clone: git://github.com/MidnightCommander/mc @@ -45,9 +45,12 @@ Patch20: mc-f-keys.patch Patch21: mc-extfs-helpers-deb.patch -# add mc-extfs-iso9660-xorriso.patch -# fixing iso9660 extfs directory handling using xorriso -# http://www.midnight-commander.org/ticket/3122 +# add patch. bnc#856501 +# http://www.midnight-commander.org/ticket/3128 +Patch22: mc-vfs-fish-deleted_source_file.patch + +# changed mc-extfs-iso9660-xorriso.patch +# to reflect upstream fix Patch23: mc-extfs-iso9660-xorriso.patch #debian fixes for vfs @@ -118,7 +121,8 @@ %patch18 %patch20 %patch21 -%patch23 -p1 +%patch22 -p1 +%patch23 -p0 %patch24 %patch31 %patch32 ++++++ mc-4.8.11.tar.xz -> mc-4.8.12.tar.xz ++++++ ++++ 42576 lines of diff (skipped) ++++++ mc-extfs-iso9660-xorriso.patch ++++++ --- /var/tmp/diff_new_pack.OiRAKr/_old 2014-04-03 17:10:47.000000000 +0200 +++ /var/tmp/diff_new_pack.OiRAKr/_new 2014-04-03 17:10:47.000000000 +0200 @@ -1,30 +1,14 @@ ---- - src/vfs/extfs/helpers/iso9660.in | 13 ++++++++----- - 1 file changed, 8 insertions(+), 5 deletions(-) - -Index: mc-4.8.11/src/vfs/extfs/helpers/iso9660.in -=================================================================== ---- mc-4.8.11.orig/src/vfs/extfs/helpers/iso9660.in 2014-01-01 19:44:49.000000000 +0000 -+++ mc-4.8.11/src/vfs/extfs/helpers/iso9660.in 2014-01-01 19:46:02.000000000 +0000 -@@ -38,13 +38,16 @@ xorriso_list() { - return 1 - fi - local dir attr ln usr gr sz dt1 dt2 dt3 nm len name -- dir="$2" -- $XORRISO -dev stdio:"$1" -cd "$dir" -lsl 2> /dev/null | @GREP@ "^[-d]" | \ -+ dir="${2:-/}" -+ lsl=$( $XORRISO -abort_on FATAL -dev stdio:"$1" -cd "$dir" -lsl 2> /dev/null ) -+ r=$? -+ test $r -gt 0 && return $r -+ echo "$lsl" | /usr/bin/grep "^[-d]" | \ +--- src/vfs/extfs/helpers/iso9660.in.orig 2014-04-02 21:42:18.000000000 +0200 ++++ src/vfs/extfs/helpers/iso9660.in 2014-04-02 21:43:40.000000000 +0200 +@@ -46,9 +46,9 @@ + echo "$lsl" | @GREP@ "^[-d]" | \ while read attr ln usr gr sz dt1 dt2 dt3 nm ; do len=$((${#nm} - 1)) -- name=$(printf "$nm" | cut -c2-$len) # remove quotes -- if test $(printf "$nm" | cut -c1-2) != "d"; then -- printf "%s %s %s %s %s %s %s %s %s/%s\n" "$attr" "$ln" "$usr" "$gr" "$sz" "$dt1" "$dt2" "$dt3" "$dir" "$name" +- name=$(printf -- "$nm" | cut -c2-$len) # remove quotes + name=$(printf -- '%s' "$nm" | cut -c2-$len) # remove quotes -+ if test $(printf -- '%s' "$attr" | cut -c1) != "d"; then -+ printf -- "%s %s %s %s %s %s %s %s %s/%s\n" "$attr" "$ln" "$usr" "$gr" "$sz" "$dt1" "$dt2" "$dt3" "$dir" "$name" + +- if test $(printf -- "$attr" | cut -c1-1) != "d"; then ++ if test $(printf -- '%s' "$attr" | cut -c1-1) != "d"; then + printf -- "%s %s %s %s %s %s %s %s %s/%s\n" "$attr" "$ln" "$usr" "$gr" "$sz" "$dt1" "$dt2" "$dt3" "$dir" "$name" else xorriso_list "$1" "$dir/$name" - fi ++++++ mc-vfs-fish-deleted_source_file.patch ++++++ diff -rup mc-4.8.11.orig/src/filemanager/file.c mc-4.8.11/src/filemanager/file.c --- mc-4.8.11.orig/src/filemanager/file.c 2013-11-29 19:27:07.000000000 +0100 +++ mc-4.8.11/src/filemanager/file.c 2014-01-14 00:09:30.540439661 +0100 @@ -1914,6 +1914,8 @@ copy_file_file (FileOpTotalContext * tct continue; if (temp_status == FILE_ABORT) return_status = temp_status; + if (temp_status == FILE_SKIP) + return_status = temp_status; if (temp_status == FILE_SKIPALL) ctx->skip_all = TRUE; break; @@ -1924,6 +1926,8 @@ copy_file_file (FileOpTotalContext * tct temp_status = file_error (_("Cannot close target file \"%s\"\n%s"), dst_path); if (temp_status == FILE_RETRY) continue; + if (temp_status == FILE_SKIP) + return_status = temp_status; if (temp_status == FILE_SKIPALL) ctx->skip_all = TRUE; return_status = temp_status; @@ -1957,10 +1961,10 @@ copy_file_file (FileOpTotalContext * tct if (temp_status == FILE_SKIPALL) { ctx->skip_all = TRUE; - return_status = FILE_CONT; + return_status = FILE_SKIPALL; } if (temp_status == FILE_SKIP) - return_status = FILE_CONT; + return_status = FILE_SKIP; break; } } @@ -1977,10 +1981,10 @@ copy_file_file (FileOpTotalContext * tct if (temp_status == FILE_SKIPALL) { ctx->skip_all = TRUE; - return_status = FILE_CONT; + return_status = FILE_SKIPALL; } if (temp_status == FILE_SKIP) - return_status = FILE_CONT; + return_status = FILE_SKIP; break; } } diff -rup mc-4.8.11.orig/src/vfs/fish/fishdef.h mc-4.8.11/src/vfs/fish/fishdef.h --- mc-4.8.11.orig/src/vfs/fish/fishdef.h 2013-04-10 22:04:31.000000000 +0200 +++ mc-4.8.11/src/vfs/fish/fishdef.h 2014-01-13 23:54:30.773582204 +0100 @@ -145,13 +145,19 @@ "FILESIZE=${FISH_FILESIZE}\n" \ "#STOR $FILESIZE $FILENAME\n" \ "echo \"### 001\"\n" \ +"touch $FILENAME 2>/dev/null\n" \ +"if [ -f $FILENAME ]; then\n" \ +"rm $FILENAME\n" \ "{\n" \ " while [ $FILESIZE -gt 0 ]; do\n" \ " cnt=`expr \\( $FILESIZE + 255 \\) / 256`\n" \ " n=`dd bs=256 count=$cnt | tee -a \"${FILENAME}\" | wc -c`\n" \ " FILESIZE=`expr $FILESIZE - $n`\n" \ " done\n" \ -"}; echo \"### 200\"\n" +"}; echo \"### 200\"\n" \ +"else\n" \ +" echo \"### 500\"\n" \ +"fi\n" /* default 'appe' script */ #define FISH_APPEND_DEF_CONTENT "" \ diff -rup mc-4.8.11.orig/src/vfs/fish/helpers/chmod mc-4.8.11/src/vfs/fish/helpers/chmod --- mc-4.8.11.orig/src/vfs/fish/helpers/chmod 2013-04-10 22:04:31.000000000 +0200 +++ mc-4.8.11/src/vfs/fish/helpers/chmod 2014-01-13 23:54:30.773582204 +0100 @@ -1,6 +1,7 @@ #CHMOD $FISH_FILEMODE $FISH_FILENAME -if chmod ${FISH_FILEMODE} "/${FISH_FILENAME}" 2>/dev/null; then - echo "### 000" -else +chmod ${FISH_FILEMODE} "/${FISH_FILENAME}" 2>/dev/null +if [ $? -ne 0 ]; then echo "### 500" +else + echo "### 000" fi diff -rup mc-4.8.11.orig/src/vfs/fish/helpers/chown mc-4.8.11/src/vfs/fish/helpers/chown --- mc-4.8.11.orig/src/vfs/fish/helpers/chown 2013-04-10 22:04:31.000000000 +0200 +++ mc-4.8.11/src/vfs/fish/helpers/chown 2014-01-13 23:54:30.774582155 +0100 @@ -1,6 +1,7 @@ #CHOWN $FISH_FILEOWNER:$FISH_FILEGROUP $FISH_FILENAME -if chown ${FISH_FILEOWNER}:${FISH_FILEGROUP} "/${FISH_FILENAME}" ; then - echo "### 000" -else +chown ${FISH_FILEOWNER}:${FISH_FILEGROUP} "/${FISH_FILENAME}" +if [ $? -ne 0 ]; then echo "### 500" +else + echo "### 000" fi diff -rup mc-4.8.11.orig/src/vfs/fish/helpers/send mc-4.8.11/src/vfs/fish/helpers/send --- mc-4.8.11.orig/src/vfs/fish/helpers/send 2013-04-10 22:04:31.000000000 +0200 +++ mc-4.8.11/src/vfs/fish/helpers/send 2014-01-13 23:54:30.774582155 +0100 @@ -1,6 +1,9 @@ #STOR $FISH_FILESIZE $FISH_FILENAME FILENAME="/${FISH_FILENAME}" echo "### 001" +touch $FILENAME 2>/dev/null +if [ -f $FILENAME ]; then +rm $FILENAME 2>/dev/null { > "${FILENAME}" bss=4096 @@ -15,3 +18,6 @@ echo "### 001" FISH_FILESIZE=`expr $FISH_FILESIZE - $n` done }; echo "### 200" +else + echo "### 500" +fi ++++++ mc-vfs_fish_helpers_ls-formatstring.diff ++++++ --- src/vfs/fish/helpers/ls.orig 2013-04-10 22:04:31.000000000 +0200 +++ src/vfs/fish/helpers/ls 2014-03-15 15:35:18.000000000 +0100 @@ -137,9 +137,13 @@ if (S_ISLNK ($mode)) { my $linkname = readlink ("$dirname/$filename"); $linkname =~ $strutils_shell_escape_regex; - printf("R%%o %%o $uid.$gid\nS$size\nd$mloctime\n:\"$e_filename\" -> \"$linkname\"\n\n", S_IMODE($mode), S_IFMT($mode)); + printf("R%%o %%o %%i.%%i\nS%%lld\nd%%s\n:\"%%s\" -> \"%%s\"\n\n", + S_IMODE($mode), S_IFMT($mode), + $uid, $gid, $size, $mloctime, $e_filename, $linkname); } else { - printf("R%%o %%o $uid.$gid\nS$size\nd$mloctime\n:\"$e_filename\"\n\n", S_IMODE($mode), S_IFMT($mode)); + printf("R%%o %%o %%i.%%i\nS%%lld\nd%%s\n:\"%%s\"\n\n", + S_IMODE($mode), S_IFMT($mode), + $uid, $gid, $size, $mloctime, $e_filename); } } printf("### 200\n"); -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org