Re: Re[4]: security fix for temp files in cvs now

[Leonard den Ottolander <leonard den ottolander nl>]

Hi Pavel,

On Tue, 2004-08-17 at 22:57, pavelsh wrote:
>      *Not*
>      edit-replace.patch - UTF-8 unsupported now
>      mc-4.6.0-slang.patch - Likewise

Ok. We should then discuss Vladimir's extensions to the UTF-8 patches
then. He proposed them a while ago and they seem to work quite well, but
Pavel Roskin had some reservations, that he did not explain however.

>      mc-4.6.0-absoluterm.patch - replace rm with /bin/rm Why?

I guess to avoid failure when PATH isn't set (correctly). Jakub, do we
need this included?

>      mc-4.6.0-asmsyntax.patch - it's need for completed

So you said. Ok. Vladimir, maybe you can contact the original author? I
once applied for SUSE bugzilla access, but never got a reply, so I'll
leave it to you to check the original author ;) .

>      mc-4.6.0-pre3-nocpio.patch - itsn't good for main branch

I thought it is, as it saves some time when digging into an rpm when you
only want to look at the meta info. Also it unclutters the initial view,
and actually the cpio part is redundant. When you show the cpio content
directly you are mixing the contents of the cpio with the meta info,
which I find unclean. And if you do there is no need to actually show
the "file" CONTENTS.cpio which can then be entered again. Quite likely
two identical temp files are created in that process. I know it is
vendor specific patch, but I like this behaviour. Please reconsider.

Note that there need to be made a few more fixes to vfs/extfs/rpm. For
example, most $1's in mcrpmfs_copyout are replaced by $f's, but not on
the $RPM2CPIO line (#165). But maybe the extra quotes (") aren't
necessary there? Also, there is the temp file issue again
(TMPDIR=/tmp/mctmpdir.$$) which needs fixing if it is kept.

See also https://savannah.gnu.org/bugs/?func=detailitem&item_id=4271 in
relation to this file. And what about the redundancy in vfs/extfs/trpm?
Temporary file that needs to be removed from CVS? Or is it still in use?

>      mc-CVE-CAN-2003-1023.patch - obsoleted

I've seen it. My mistake for proposing it :) . There are some hunks in
the suse91 and fc1 branches of http://www.ottolander.nl/mc-patches/ that
I still might put up for proposal.

>      *May be*
>      mc-4.6.0-large_syntax.patch - Take now for review

Jakub fixed the patch from
https://savannah.gnu.org/patch/?func=detailitem&item_id=1628 . I believe
the original patch had some pointer arithmetic issues. We have been
using it for months with the php syntax file on Fedora Core. Note that
without this fix large syntax files are useless.

>      mc-php.syntax - May you update this file?
>                      PHP 5 is released.

I'll see if the script still works against the docs, and whether the
docs are updated. Do we need different syntax files for different
versions?

>      *Already*
>      mc-4.6.0-getpwuid.patch
>      
>      stderr.patch
>      
>      tempfile.patch

Ok. Thanks for your effort.

Leonard.

-- 
mount -t life -o ro /dev/dna /genetic/research