--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: bookworm-pu: package nano/7.2-1+deb12u1
- From: Jordi Mallach <jordi@debian.org>
- Date: Tue, 07 May 2024 16:00:15 +0200
- Message-id: <171509041598.3101179.12575621977871189818.reportbug@serrella.oskuro.net>
Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: nano@packages.debian.org
Control: affects -1 + src:nano
User: release.debian.org@packages.debian.org
Usertags: pu
As we did in previous Debian releases, this is an update
for Debian stable's nano package with selected patches from
the upstream maintainer.
3 of the patches minor security issues, and the other one
fixes a potential data-loss issue.
Additionally there's a minor update to the default nanorc which
is a backport from 7.2-2, which was meant to be included in
Debian 12.0 but freeze came along. It just gets rid of some
control characters in some commented-out example bindings,
replacing them with the new style syntax.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
This source update was prompted by Salvatore while discussing one of the
3 security issues.
Thanks in advance,
Jordi
diff -Nru nano-7.2/debian/changelog nano-7.2/debian/changelog
--- nano-7.2/debian/changelog 2023-01-18 16:31:52.000000000 +0100
+++ nano-7.2/debian/changelog 2024-05-06 08:10:01.000000000 +0200
@@ -1,3 +1,15 @@
+nano (7.2-1+deb12u1) bookworm; urgency=medium
+
+ * The "Premio Nacional de Tauromaquia" release.
+ * Fix a partial sync of debian/nanorc in the previous upload.
+ This updates some example bindings to the new syntax, avoiding
+ having control characters in the configuration file (closes: #1032422).
+ * Add 4 post-7.2 upstream patches to fix two minor security issues and
+ a potential data-loss situation. Thanks, Benno Schulenberg!
+ * Set debian-branch to bookworm.
+
+ -- Jordi Mallach <jordi@debian.org> Mon, 06 May 2024 08:10:01 +0200
+
nano (7.2-1) unstable; urgency=medium
* The "Blue checkmark" release.
diff -Nru nano-7.2/debian/gbp.conf nano-7.2/debian/gbp.conf
--- nano-7.2/debian/gbp.conf 2022-12-07 23:10:44.000000000 +0100
+++ nano-7.2/debian/gbp.conf 2024-05-06 08:09:34.000000000 +0200
@@ -1,5 +1,5 @@
[DEFAULT]
pristine-tar = true
-debian-branch = master
+debian-branch = bookworm
upstream-branch = upstream
upstream-vcs-tag = v%(version)s
diff -Nru nano-7.2/debian/nanorc nano-7.2/debian/nanorc
--- nano-7.2/debian/nanorc 2023-01-18 15:37:55.000000000 +0100
+++ nano-7.2/debian/nanorc 2024-05-06 08:04:37.000000000 +0200
@@ -286,15 +286,14 @@
## For quickly uppercasing or lowercasing the word under or after the cursor.
## (These effectively select a word and pipe it through a sed command.)
-# bind Sh-M-U "�Oc�[1;6D�|sed 's/.*/\U&/'
" main
-# bind Sh-M-L "�Oc�[1;6D�|sed 's/.*/\L&/'
" main
+#bind Sh-M-U "{nextword}{mark}{prevword}{execute}|sed 's/.*/\U&/'{enter}" main
+#bind Sh-M-L "{nextword}{mark}{prevword}{execute}|sed 's/.*/\L&/'{enter}" main
## For copying a marked region to the system clipboard:
# bind Sh-M-T "{execute}|xsel -ib{enter}{undo}" main
## For snipping trailing blanks when you save a file:
# bind ^S "{execute}| sed 's/\s\+$//' {enter}{savefile}" main
-# bind Sh-M-T "�|xsel -ib
�u" main
## If you would like nano to have keybindings that are more "usual",
## such as ^O for Open, ^F for Find, ^H for Help, and ^Q for Quit,
diff -Nru nano-7.2/debian/patches/0001-linter-use-a-format-string-to-deflect-format-string-.patch nano-7.2/debian/patches/0001-linter-use-a-format-string-to-deflect-format-string-.patch
--- nano-7.2/debian/patches/0001-linter-use-a-format-string-to-deflect-format-string-.patch 1970-01-01 01:00:00.000000000 +0100
+++ nano-7.2/debian/patches/0001-linter-use-a-format-string-to-deflect-format-string-.patch 2024-05-06 08:08:19.000000000 +0200
@@ -0,0 +1,47 @@
+From f2e042114d2c1696031bc2f2251e28a9c8eceaff Mon Sep 17 00:00:00 2001
+From: Benno Schulenberg <bensberg@telfort.nl>
+Date: Mon, 27 Mar 2023 11:47:37 +0200
+Subject: [PATCH 1/4] linter: use a format string, to deflect format-string
+ attacks
+
+This fixes the first part of https://savannah.gnu.org/bugs/?63964.
+
+Reported-by: Vince Vince
+---
+ src/text.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/text.c b/src/text.c
+index f4a3d7c5..34551fea 100644
+--- a/src/text.c
++++ b/src/text.c
+@@ -2846,7 +2846,7 @@ void do_linter(void)
+ confirm_margin();
+ #endif
+ edit_refresh();
+- statusline(NOTICE, curlint->msg);
++ statusline(NOTICE, "%s", curlint->msg);
+ bottombars(MLINTER);
+ }
+
+@@ -2877,7 +2877,7 @@ void do_linter(void)
+ beep();
+ napms(600);
+ last_wait = time(NULL);
+- statusline(NOTICE, curlint->msg);
++ statusline(NOTICE, "%s", curlint->msg);
+ }
+ } else if (function == do_page_down || function == to_next_block) {
+ if (curlint->next != NULL)
+@@ -2887,7 +2887,7 @@ void do_linter(void)
+ beep();
+ napms(600);
+ last_wait = time(NULL);
+- statusline(NOTICE, curlint->msg);
++ statusline(NOTICE, "%s", curlint->msg);
+ }
+ } else
+ beep();
+--
+2.42.1
+
diff -Nru nano-7.2/debian/patches/0002-startup-use-a-format-string-to-deflect-format-string.patch nano-7.2/debian/patches/0002-startup-use-a-format-string-to-deflect-format-string.patch
--- nano-7.2/debian/patches/0002-startup-use-a-format-string-to-deflect-format-string.patch 1970-01-01 01:00:00.000000000 +0100
+++ nano-7.2/debian/patches/0002-startup-use-a-format-string-to-deflect-format-string.patch 2024-05-06 08:08:19.000000000 +0200
@@ -0,0 +1,29 @@
+From 2c42aa31812e1ba6060b80d424093c7077244fb0 Mon Sep 17 00:00:00 2001
+From: Benno Schulenberg <bensberg@telfort.nl>
+Date: Mon, 27 Mar 2023 12:02:19 +0200
+Subject: [PATCH 2/4] startup: use a format string, to deflect format-string
+ attacks
+
+This fixes the second part of https://savannah.gnu.org/bugs/?63964.
+
+Reported-by: Vince Vince
+---
+ src/nano.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/nano.c b/src/nano.c
+index c6db6dd3..8556408e 100644
+--- a/src/nano.c
++++ b/src/nano.c
+@@ -2547,7 +2547,7 @@ int main(int argc, char **argv)
+
+ #ifdef ENABLE_NANORC
+ if (startup_problem != NULL)
+- statusline(ALERT, startup_problem);
++ statusline(ALERT, "%s", startup_problem);
+
+ #define NOTREBOUND first_sc_for(MMAIN, do_help) && \
+ first_sc_for(MMAIN, do_help)->keycode == 0x07
+--
+2.42.1
+
diff -Nru nano-7.2/debian/patches/0003-justify-set-x-0-for-the-undo-item-for-when-using-cut.patch nano-7.2/debian/patches/0003-justify-set-x-0-for-the-undo-item-for-when-using-cut.patch
--- nano-7.2/debian/patches/0003-justify-set-x-0-for-the-undo-item-for-when-using-cut.patch 1970-01-01 01:00:00.000000000 +0100
+++ nano-7.2/debian/patches/0003-justify-set-x-0-for-the-undo-item-for-when-using-cut.patch 2024-05-06 08:08:19.000000000 +0200
@@ -0,0 +1,40 @@
+From 24393c6563d466189554158f1bf21397504267fe Mon Sep 17 00:00:00 2001
+From: Benno Schulenberg <bensberg@telfort.nl>
+Date: Thu, 15 Feb 2024 16:53:49 +0100
+Subject: [PATCH 3/4] justify: set `x = 0` for the undo item, for when using
+ --cutfromcursor
+
+When --cutfromcursor is active, 'current_x' needs to be set to zero when
+doing a justification, so that the correct starting position gets stored
+in the undo item. (Without --cutfromcursor, the value of 'current_x'
+does not matter.)
+
+This fixes https://savannah.gnu.org/bugs/?65317.
+The issue was indirectly reported by `correctmost`.
+
+Bug existed in this form since version 5.0, commit ae5a4ece.
+
+Between versions 4.0 and 5.0, nano would not eat a line but would
+instead crash when undoing a justification that was done with the
+cursor away from the left edge.
+---
+ src/text.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/text.c b/src/text.c
+index 34551fea..309e835b 100644
+--- a/src/text.c
++++ b/src/text.c
+@@ -1871,7 +1871,8 @@ void justify_text(bool whole_buffer)
+ #endif
+ refresh_needed = TRUE;
+ return;
+- }
++ } else
++ openfile->current_x = 0;
+
+ /* Set the starting point of the paragraph. */
+ startline = openfile->current;
+--
+2.42.1
+
diff -Nru nano-7.2/debian/patches/0004-files-run-chmod-and-chown-on-the-descriptor-not-on-t.patch nano-7.2/debian/patches/0004-files-run-chmod-and-chown-on-the-descriptor-not-on-t.patch
--- nano-7.2/debian/patches/0004-files-run-chmod-and-chown-on-the-descriptor-not-on-t.patch 1970-01-01 01:00:00.000000000 +0100
+++ nano-7.2/debian/patches/0004-files-run-chmod-and-chown-on-the-descriptor-not-on-t.patch 2024-05-06 08:08:19.000000000 +0200
@@ -0,0 +1,97 @@
+From ffc74e50678c0300ea7386c5738ed5eae61f6bec Mon Sep 17 00:00:00 2001
+From: Benno Schulenberg <bensberg@telfort.nl>
+Date: Sun, 28 Apr 2024 10:51:52 +0200
+Subject: [PATCH 4/4] files: run `chmod` and `chown` on the descriptor, not on
+ the filename
+
+This closes a window of opportunity where the emergency file could be
+replaced by a malicious symlink.
+
+The issue was reported by `MartinJM` and `InvisibleMeerkat`.
+
+Problem existed since version 2.2.0, commit 123110c5, when chmodding
+and chowning of the emergency .save file was added.
+---
+ src/definitions.h | 2 +-
+ src/files.c | 13 ++++++++++++-
+ src/nano.c | 12 +-----------
+ 3 files changed, 14 insertions(+), 13 deletions(-)
+
+diff --git a/src/definitions.h b/src/definitions.h
+index 288f1ff9..04614a32 100644
+--- a/src/definitions.h
++++ b/src/definitions.h
+@@ -283,7 +283,7 @@ typedef enum {
+ } message_type;
+
+ typedef enum {
+- OVERWRITE, APPEND, PREPEND
++ OVERWRITE, APPEND, PREPEND, EMERGENCY
+ } kind_of_writing_type;
+
+ typedef enum {
+diff --git a/src/files.c b/src/files.c
+index c6eadc1c..88397d34 100644
+--- a/src/files.c
++++ b/src/files.c
+@@ -1760,6 +1760,8 @@ bool write_file(const char *name, FILE *thefile, bool normal,
+ #endif
+ char *realname = real_dir_from_tilde(name);
+ /* The filename after tilde expansion. */
++ int fd = 0;
++ /* The descriptor that is assigned when opening the file. */
+ char *tempname = NULL;
+ /* The name of the temporary file we use when prepending. */
+ linestruct *line = openfile->filetop;
+@@ -1843,7 +1845,6 @@ bool write_file(const char *name, FILE *thefile, bool normal,
+ * For an emergency file, access is restricted to just the owner. */
+ if (thefile == NULL) {
+ mode_t permissions = (normal ? RW_FOR_ALL : S_IRUSR|S_IWUSR);
+- int fd;
+
+ #ifndef NANO_TINY
+ block_sigwinch(TRUE);
+@@ -1969,6 +1970,16 @@ bool write_file(const char *name, FILE *thefile, bool normal,
+ }
+ #endif
+
++#if !defined(NANO_TINY) && defined(HAVE_CHMOD) && defined(HAVE_CHOWN)
++ /* Change permissions and owner of an emergency save file to the values
++ * of the original file, but ignore any failure as we are in a hurry. */
++ if (method == EMERGENCY && fd && openfile->statinfo) {
++ IGNORE_CALL_RESULT(fchmod(fd, openfile->statinfo->st_mode));
++ IGNORE_CALL_RESULT(fchown(fd, openfile->statinfo->st_uid,
++ openfile->statinfo->st_gid));
++ }
++#endif
++
+ if (fclose(thefile) != 0) {
+ statusline(ALERT, _("Error writing %s: %s"), realname, strerror(errno));
+
+diff --git a/src/nano.c b/src/nano.c
+index 8556408e..d14365c8 100644
+--- a/src/nano.c
++++ b/src/nano.c
+@@ -337,18 +337,8 @@ void emergency_save(const char *filename)
+
+ if (*targetname == '\0')
+ fprintf(stderr, _("\nToo many .save files\n"));
+- else if (write_file(targetname, NULL, SPECIAL, OVERWRITE, NONOTES)) {
++ else if (write_file(targetname, NULL, SPECIAL, EMERGENCY, NONOTES))
+ fprintf(stderr, _("\nBuffer written to %s\n"), targetname);
+-#if !defined(NANO_TINY) && defined(HAVE_CHMOD) && defined(HAVE_CHOWN)
+- /* Try to chmod/chown the saved file to the values of the original file,
+- * but ignore any failure as we are in a hurry to get out. */
+- if (openfile->statinfo) {
+- IGNORE_CALL_RESULT(chmod(targetname, openfile->statinfo->st_mode));
+- IGNORE_CALL_RESULT(chown(targetname, openfile->statinfo->st_uid,
+- openfile->statinfo->st_gid));
+- }
+-#endif
+- }
+
+ free(targetname);
+ free(plainname);
+--
+2.42.1
+
diff -Nru nano-7.2/debian/patches/series nano-7.2/debian/patches/series
--- nano-7.2/debian/patches/series 1970-01-01 01:00:00.000000000 +0100
+++ nano-7.2/debian/patches/series 2024-05-06 08:08:19.000000000 +0200
@@ -0,0 +1,4 @@
+0001-linter-use-a-format-string-to-deflect-format-string-.patch
+0002-startup-use-a-format-string-to-deflect-format-string.patch
+0003-justify-set-x-0-for-the-undo-item-for-when-using-cut.patch
+0004-files-run-chmod-and-chown-on-the-descriptor-not-on-t.patch
--- End Message ---