From cc30a0ecdb81fe9cf1c7a5ab53293ccfddb450e8 Mon Sep 17 00:00:00 2001 From: Michael Albinus Date: Tue, 6 May 2014 11:51:05 +0200 Subject: [PATCH] Security issues in tramp have been fixed (CVE-2014-3424) Applied upstream patch to fix https://security-tracker.debian.org/tracker/CVE-2014-3424 Fix Bug#17415. * net/tramp-sh.el (tramp-uudecode): Replace the hard-coded temporary file name by a format specifier. (tramp-remote-coding-commands): Enhance docstring. (tramp-find-inline-encoding): Replace "%t" by a temporary file name. Origin: upstream, commit: r117071, b7dc23dbf3e5c1528c909fb453b9db0d0fcaff31 Added-by: Rob Browning Bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=748140 --- lisp/ChangeLog | 17 +++++++++++++++++ lisp/net/tramp-sh.el | 35 ++++++++++++++++++++++++++--------- 2 files changed, 43 insertions(+), 9 deletions(-) diff --git a/lisp/ChangeLog b/lisp/ChangeLog index 08548e76f7f..b5f5d26d199 100644 --- a/lisp/ChangeLog +++ b/lisp/ChangeLog @@ -1,3 +1,20 @@ +2014-05-06 Michael Albinus + + * net/tramp-sh.el (tramp-remote-process-environment): Remove + HISTFILE and HISTSIZE; it's too late to set them here. Add + :version entry. + (tramp-open-shell): Do not let-bind `tramp-end-of-output'. Add + "HISTSIZE=/dev/null" to the shell's env arguments. Do not send + extra "PSx=..." commands. + (tramp-maybe-open-connection): Setenv HISTFILE to /dev/null. + (Bug#17295) + + (tramp-uudecode): Replace the hard-coded temporary file name by a + format specifier. + (tramp-remote-coding-commands): Enhance docstring. + (tramp-find-inline-encoding): Replace "%t" by a temporary file + name. (Bug#17415) + 2014-05-06 Glenn Morris * emacs-lisp/find-gc.el (find-gc-source-directory): Give it a value. diff --git a/lisp/net/tramp-sh.el b/lisp/net/tramp-sh.el index 29a6344734f..4cda37b0d7a 100644 --- a/lisp/net/tramp-sh.el +++ b/lisp/net/tramp-sh.el @@ -605,9 +605,9 @@ This list is used for copying/renaming with out-of-band methods. See `tramp-actions-before-shell' for more info.") (defconst tramp-uudecode - "(echo begin 600 /tmp/tramp.$$; tail +2) | uudecode -cat /tmp/tramp.$$ -rm -f /tmp/tramp.$$" + "(echo begin 600 %t; tail -n +2) | uudecode +cat %t +rm -f %t" "Shell function to implement `uudecode' to standard output. Many systems support `uudecode -o /dev/stdout' or `uudecode -o -' for this or `uudecode -p', but some systems don't, and for them @@ -3938,7 +3938,7 @@ Each item is a list that looks like this: \(FORMAT ENCODING DECODING [TEST]\) -FORMAT is symbol describing the encoding/decoding format. It can be +FORMAT is a symbol describing the encoding/decoding format. It can be `b64' for base64 encoding, `uu' for uu encoding, or `pack' for simple packing. ENCODING and DECODING can be strings, giving commands, or symbols, @@ -3948,9 +3948,11 @@ filename will be put into the command line at that spot. If the specifier is not present, the input should be read from standard input. -If they are variables, this variable is a string containing a Perl -implementation for this functionality. This Perl program will be transferred -to the remote host, and it is available as shell function with the same name. +If they are variables, this variable is a string containing a +Perl or Shell implementation for this functionality. This +program will be transferred to the remote host, and it is +available as shell function with the same name. A \"%t\" format +specifier in the variable value denotes a temporary file. The optional TEST command can be used for further tests, whether ENCODING and DECODING are applicable.") @@ -4025,10 +4027,25 @@ Goes through the list `tramp-local-coding-commands' and (throw 'wont-work-remote nil)) (when (not (stringp rem-dec)) - (let ((name (symbol-name rem-dec))) + (let ((name (symbol-name rem-dec)) + (value (symbol-value rem-dec)) + tmpfile) (while (string-match (regexp-quote "-") name) (setq name (replace-match "_" nil t name))) - (tramp-maybe-send-script vec (symbol-value rem-dec) name) + (when (string-match "%t" value) + (setq tmpfile + (make-temp-name + (expand-file-name + tramp-temp-name-prefix + (tramp-get-remote-tmpdir vec))) + value + (format-spec + value + (format-spec-make + ?t + (tramp-file-name-handler + 'file-remote-p tmpfile 'localname))))) + (tramp-maybe-send-script vec value name) (setq rem-dec name))) (tramp-message vec 5 -- 2.30.2