Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
path: root/emacs/24.3/08_all_tramp-sh-tmpfile.patch
diff options
context:
space:
mode:
Diffstat (limited to 'emacs/24.3/08_all_tramp-sh-tmpfile.patch')
-rw-r--r--emacs/24.3/08_all_tramp-sh-tmpfile.patch84
1 files changed, 0 insertions, 84 deletions
diff --git a/emacs/24.3/08_all_tramp-sh-tmpfile.patch b/emacs/24.3/08_all_tramp-sh-tmpfile.patch
deleted file mode 100644
index 80cdb3f..0000000
--- a/emacs/24.3/08_all_tramp-sh-tmpfile.patch
+++ /dev/null
@@ -1,84 +0,0 @@
-Fix insecure use of temporary files.
-Patch from upstream bzr, backported to Emacs 24.3.
-https://bugs.gentoo.org/509830
-CVE-2014-3424
-
-revno: 117071
-committer: Michael Albinus <michael.albinus@gmx.de>
-branch nick: emacs-24
-timestamp: Tue 2014-05-06 11:51:05 +0200
-message:
- Fix Bug#17415.
-
- * net/tramp-sh.el (tramp-uudecode): Replace the hard-coded temporary
- file name by a format specifier.
- (tramp-remote-coding-commands): Enhance docstring.
- (tramp-find-inline-encoding): Replace "%t" by a temporary file name.
-
---- emacs-24.3-orig/lisp/net/tramp-sh.el
-+++ emacs-24.3/lisp/net/tramp-sh.el
-@@ -605,9 +605,9 @@
- See `tramp-actions-before-shell' for more info.")
-
- (defconst tramp-uudecode
-- "(echo begin 600 /tmp/tramp.$$; tail +2) | uudecode
--cat /tmp/tramp.$$
--rm -f /tmp/tramp.$$"
-+ "(echo begin 600 %t; tail -n +2) | uudecode
-+cat %t
-+rm -f %t"
- "Shell function to implement `uudecode' to standard output.
- Many systems support `uudecode -o /dev/stdout' or `uudecode -o -'
- for this or `uudecode -p', but some systems don't, and for them
-@@ -3938,7 +3938,7 @@
-
- \(FORMAT ENCODING DECODING [TEST]\)
-
--FORMAT is symbol describing the encoding/decoding format. It can be
-+FORMAT is a symbol describing the encoding/decoding format. It can be
- `b64' for base64 encoding, `uu' for uu encoding, or `pack' for simple packing.
-
- ENCODING and DECODING can be strings, giving commands, or symbols,
-@@ -3948,9 +3948,11 @@
- specifier is not present, the input should be read from standard
- input.
-
--If they are variables, this variable is a string containing a Perl
--implementation for this functionality. This Perl program will be transferred
--to the remote host, and it is available as shell function with the same name.
-+If they are variables, this variable is a string containing a
-+Perl or Shell implementation for this functionality. This
-+program will be transferred to the remote host, and it is
-+available as shell function with the same name. A \"%t\" format
-+specifier in the variable value denotes a temporary file.
-
- The optional TEST command can be used for further tests, whether
- ENCODING and DECODING are applicable.")
-@@ -4025,10 +4027,25 @@
- (throw 'wont-work-remote nil))
-
- (when (not (stringp rem-dec))
-- (let ((name (symbol-name rem-dec)))
-+ (let ((name (symbol-name rem-dec))
-+ (value (symbol-value rem-dec))
-+ tmpfile)
- (while (string-match (regexp-quote "-") name)
- (setq name (replace-match "_" nil t name)))
-- (tramp-maybe-send-script vec (symbol-value rem-dec) name)
-+ (when (string-match "%t" value)
-+ (setq tmpfile
-+ (make-temp-name
-+ (expand-file-name
-+ tramp-temp-name-prefix
-+ (tramp-get-remote-tmpdir vec)))
-+ value
-+ (format-spec
-+ value
-+ (format-spec-make
-+ ?t
-+ (tramp-file-name-handler
-+ 'file-remote-p tmpfile 'localname)))))
-+ (tramp-maybe-send-script vec value name)
- (setq rem-dec name)))
- (tramp-message
- vec 5