[Pkg-cli-apps-commits] [SCM] keepass2 branch, master, updated. debian/2.19+dfsg-1-3-g22c3623
Julian Taylor
jtaylor.debian at googlemail.com
Mon Sep 17 19:32:44 UTC 2012
The following commit has been merged in the master branch:
commit 2adecc0e1cc1655a2de33a2370c70e12cb6a0f58
Author: Julian Taylor <jtaylor.debian at googlemail.com>
Date: Mon Sep 17 20:59:55 2012 +0200
fix-insecure-tempfile-use.patch:
create small tempfiles in user owned directory instead of /tmp
diff --git a/debian/changelog b/debian/changelog
index 706b863..3deaccb 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,5 +1,7 @@
-keepass2 (2.19+dfsg-1ubuntu1) UNRELEASED; urgency=low
+keepass2 (2.19+dfsg-2) unstable; urgency=medium
+ * fix-insecure-tempfile-use.patch:
+ - create small tempfiles in user owned directory instead of /tmp
* suggest mono-dmcs needed to compile plugins
-- Julian Taylor <jtaylor.debian at googlemail.com> Sat, 12 May 2012 16:36:33 +0200
diff --git a/debian/patches/fix-insecure-tempfile-use.patch b/debian/patches/fix-insecure-tempfile-use.patch
new file mode 100644
index 0000000..f0e9682
--- /dev/null
+++ b/debian/patches/fix-insecure-tempfile-use.patch
@@ -0,0 +1,156 @@
+From: Julian Taylor <jtaylor.debian at googlemail.com>
+Date: Sun, 16 Sep 2012 17:03:31 +0200
+Subject: fix insecure tempfile use
+
+create messaging and mutex files in XDG_{RUNTIME,DATA}_DIR instead of
+/tmp
+Applied-Upstream: 2.21
+---
+ KeePass/Plugins/PlgxPlugin.cs | 2 +-
+ KeePass/Program.cs | 2 +-
+ KeePass/Util/GlobalMutexPool.cs | 3 ++-
+ KeePass/Util/IpcBroadcast.Fsw.cs | 5 +++--
+ KeePass/Util/IpcUtilEx.cs | 2 +-
+ KeePass/Util/WinUtil.cs | 2 +-
+ KeePassLib/Native/NativeMethods.cs | 21 +++++++++++++++++++++
+ KeePassLib/Utility/UrlUtil.cs | 17 +++++++++++++++++
+ 8 files changed, 47 insertions(+), 7 deletions(-)
+
+--- a/KeePass/Plugins/PlgxPlugin.cs
++++ b/KeePass/Plugins/PlgxPlugin.cs
+@@ -270,7 +270,7 @@
+
+ private static string CreateTempDirectory()
+ {
+- string strTmpRoot = Path.GetTempPath();
++ string strTmpRoot = UrlUtil.GetTempPath();
+ strTmpRoot = UrlUtil.EnsureTerminatingSeparator(strTmpRoot, false);
+ strTmpRoot += (new PwUuid(true)).ToHexString();
+
+--- a/KeePass/Program.cs
++++ b/KeePass/Program.cs
+@@ -279,7 +279,7 @@
+ try
+ {
+ string strFileOut = UrlUtil.EnsureTerminatingSeparator(
+- Path.GetTempPath(), false) + "KeePass_UrlOverride.tmp";
++ UrlUtil.GetTempPath(), false) + "KeePass_UrlOverride.tmp";
+ string strContent = ("[KeePass]\r\nKeeURLOverride=" +
+ Program.Config.Integration.UrlOverride + "\r\n");
+ File.WriteAllText(strFileOut, strContent);
+--- a/KeePass/Util/GlobalMutexPool.cs
++++ b/KeePass/Util/GlobalMutexPool.cs
+@@ -201,7 +201,8 @@
+
+ private static string GetMutexPath(string strName)
+ {
+- string strDir = UrlUtil.EnsureTerminatingSeparator(Path.GetTempPath(), false);
++ string strDir = UrlUtil.EnsureTerminatingSeparator(
++ UrlUtil.GetTempPath(), false);
+ return (strDir + IpcUtilEx.IpcMsgFilePreID + IpcBroadcast.GetUserID() +
+ "-Mutex-" + strName + ".tmp");
+ }
+--- a/KeePass/Util/IpcBroadcast.Fsw.cs
++++ b/KeePass/Util/IpcBroadcast.Fsw.cs
+@@ -49,7 +49,8 @@
+ {
+ if(m_strMsgFilePath != null) return;
+
+- string strDir = UrlUtil.EnsureTerminatingSeparator(Path.GetTempPath(), false);
++ string strDir = UrlUtil.EnsureTerminatingSeparator(
++ UrlUtil.GetTempPath(), false);
+ m_strMsgFileName = IpcUtilEx.IpcMsgFilePreID + GetUserID() +
+ IpcUtilEx.IpcMsgFilePostID;
+ m_strMsgFilePath = strDir + m_strMsgFileName;
+@@ -109,7 +110,7 @@
+ {
+ FswEnsurePaths();
+
+- m_fsw = new FileSystemWatcher(Path.GetTempPath(), m_strMsgFileName);
++ m_fsw = new FileSystemWatcher(UrlUtil.GetTempPath(), m_strMsgFileName);
+ m_fsw.IncludeSubdirectories = false;
+ m_fsw.NotifyFilter = (NotifyFilters.CreationTime | NotifyFilters.LastWrite);
+
+--- a/KeePass/Util/IpcUtilEx.cs
++++ b/KeePass/Util/IpcUtilEx.cs
+@@ -115,7 +115,7 @@
+ {
+ try
+ {
+- string str = Path.GetTempPath();
++ string str = UrlUtil.GetTempPath();
+ str = UrlUtil.EnsureTerminatingSeparator(str, false);
+
+ return (str + IpcMsgFilePreID + nId.ToString() + ".tmp");
+--- a/KeePass/Util/WinUtil.cs
++++ b/KeePass/Util/WinUtil.cs
+@@ -381,7 +381,7 @@
+ char chCur = char.ToUpper(strCur[0]);
+ if(chPar != chCur) return string.Empty;
+
+- string strTemp = Path.GetTempPath();
++ string strTemp = UrlUtil.GetTempPath();
+ Directory.SetCurrentDirectory(strTemp);
+
+ return strCur;
+--- a/KeePassLib/Native/NativeMethods.cs
++++ b/KeePassLib/Native/NativeMethods.cs
+@@ -21,6 +21,10 @@
+ using System.Text;
+ using System.Security;
+ using System.Runtime.InteropServices;
++using System.IO;
++using System.Diagnostics;
++
++using KeePassLib.Utility;
+
+ namespace KeePassLib.Native
+ {
+@@ -150,5 +154,22 @@
+ return StrCmpLogicalW(x, y);
+ #endif
+ }
++
++ internal static string GetUserRuntimeDir()
++ {
++ string strRtDir = Environment.GetEnvironmentVariable("XDG_RUNTIME_DIR");
++ if(string.IsNullOrEmpty(strRtDir))
++ strRtDir = Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData);
++ if(string.IsNullOrEmpty(strRtDir))
++ {
++ Debug.Assert(false);
++ return Path.GetTempPath(); // Not UrlUtil (otherwise cyclic)
++ }
++
++ strRtDir = UrlUtil.EnsureTerminatingSeparator(strRtDir, false);
++ strRtDir += PwDefs.ShortProductName;
++
++ return strRtDir;
++ }
+ }
+ }
+--- a/KeePassLib/Utility/UrlUtil.cs
++++ b/KeePassLib/Utility/UrlUtil.cs
+@@ -588,5 +588,22 @@
+
+ return false;
+ }
++
++ public static string GetTempPath()
++ {
++ string strDir;
++ if(NativeLib.IsUnix())
++ strDir = NativeMethods.GetUserRuntimeDir();
++ else strDir = Path.GetTempPath();
++
++ try
++ {
++ if(Directory.Exists(strDir) == false)
++ Directory.CreateDirectory(strDir);
++ }
++ catch(Exception) { Debug.Assert(false); }
++
++ return strDir;
++ }
+ }
+ }
diff --git a/debian/patches/series b/debian/patches/series
index 8e07c9a..8ab2be8 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -7,3 +7,4 @@ remove-ToolsVersion-3.5.patch
enable-local-help.patch
work-around-issues-with-autotype-and-keyboard-layout.patch
disable-autoupdate-dialog.patch
+fix-insecure-tempfile-use.patch
--
keepass2
More information about the Pkg-cli-apps-commits
mailing list