0600? 0666 might lead to an information leak.
Thanks, changed.
This comment is outdated after the patch.
Right. I fixed that comment and a couple other minor things when I applied.
Thanks,
Karl
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble?
Karl?
Your cvs also shows 0666. I guess 0600 would be ok.
On Mit, 05 Okt 2005, Florian Weimer wrote:
> * Norbert Preining:
>
> > + fd = open (name, O_CREAT|O_EXCL|O_WRONLY, 0666);
>
> 0600? 0666 might lead to an information leak.
>
> > @@ -1615,14 +1626,15 @@
> > /* Return a newly-allocated
* Norbert Preining:
> + fd = open (name, O_CREAT|O_EXCL|O_WRONLY, 0666);
0600? 0666 might lead to an information leak.
> @@ -1615,14 +1626,15 @@
> /* Return a newly-allocated string concatenating S1 and S2. */
This comment is outdated after the patch.
--
To UNSUBSCRIBE, email to [EMAIL P
Can you please comment on my first try on this, attached.
That looks just fine. I'll apply it later today or tomorrow. Thanks
Norbert!
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
On Son, 02 Okt 2005, Karl Berry wrote:
> It's up to you, but I don't advise it. It reverts many declarations to
> K&R form (i.e., a much older texindex.c). Aside from that, it also
> reverts at least one bug fix I made regarding initials (years ago).
>
> Perhaps you or someone could work on just
In fact the patch seems to be against texinfo-4.8, the last released
version of texinfo.
Well, the patch applies, but that's not what I was saying.
One question: For the upcoming texinfo-4.8 package in Debian, can I use
the patch of Henry, Karl?
It's up to you, but I don't advise
On Fre, 30 Sep 2005, Karl Berry wrote:
> I've adapted the OpenBSD stuff and created a patch. Maybe
> you want to look at it if this works.
>
> Thanks for doing this.
>
> In general, the OpenBSD code seems to be a couple versions back, as it
> has K&R function definitions and omits a coupl
I've adapted the OpenBSD stuff and created a patch. Maybe
you want to look at it if this works.
Thanks for doing this.
In general, the OpenBSD code seems to be a couple versions back, as it
has K&R function definitions and omits a couple other changes I made
(quite) a while ago.
I wonder
Hello,
I've adapted the OpenBSD stuff and created a patch. Maybe
you want to look at it if this works.
Regards,
Henry
texindex-racecondition.patch
Description: Binary data
It increased its revision control version number from 1.3 to 1.11,
but there are no changes - have they all been reverted?
There were no changes to texindex.c. The $Id$ change isn't meaningful
-- it happened because of temporarily moving Texinfo to berlios (because
savannah was dead for m
[EMAIL PROTECTED] (Karl Berry) wrote:
> > This has been assigned CAN-2005-3011, please mention this number in
> > the changelog when you fix this to allow easy tracking.
>
> Someone, please send me the actual bug report, and (hopefully) a fix.
Karl, I forgot to ask you what happened to te
[EMAIL PROTECTED] (Karl Berry) wrote:
> > This has been assigned CAN-2005-3011, please mention this number in
> > the changelog when you fix this to allow easy tracking.
>
> Someone, please send me the actual bug report, and (hopefully) a fix.
Excuse me - any Debian bug report can be acce
On Wed, Sep 28, 2005 at 10:58:51AM -0500, Karl Berry wrote:
> > This has been assigned CAN-2005-3011, please mention this number in
> > the changelog when you fix this to allow easy tracking.
>
> Someone, please send me the actual bug report, and (hopefully) a fix.
See http://bugs.debian.
> This has been assigned CAN-2005-3011, please mention this number in
> the changelog when you fix this to allow easy tracking.
Someone, please send me the actual bug report, and (hopefully) a fix.
Thanks,
karl
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscrib
On Wed, Sep 28, 2005 at 04:11:48PM +0200, Frank Küster wrote:
> P.S. Frank, since you seem to be working on the source code of 4.7,
> maybe you want to join the discussion in #320413 about taking over the
> package from Josip, who seems to be MIA.
All my involvements with texinfo were either from
Hi Frank!
Frank Küster [2005-09-28 16:11 +0200]:
> The current version, 4.8, is as well vulnerable:
>
> [EMAIL PROTECTED]:~$ diff -u
> src/packages_for_sponsoring/texinfo-4.{7,8}/util/texindex.c
> --- src/packages_for_sponsoring/texinfo-4.7/util/texindex.c 2004-03-18
> 23:26:53.0 +01
Martin Pitt <[EMAIL PROTECTED]> wrote:
> Hi!
>
> This has been assigned CAN-2005-3011, please mention this number in
> the changelog when you fix this to allow easy tracking.
The current version, 4.8, is as well vulnerable:
[EMAIL PROTECTED]:~$ diff -u
src/packages_for_sponsoring/texinfo-4.{7,8
Package: texinfo
Version: 4.7-2.2
Severity: important
Tags: security
There is a race condition on creating temporary files in texindex.
The following function generates the name of the temporary file:
static char *
maketempname (int count)
{
static char *tempbase = NULL;
char tempsuffix[10];
18 matches
Mail list logo
