rpms/mono
3
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

rh#209467# CVE-2006-5072

Browse Source
This commit is contained in:
Caolan McNamara 2006-10-06 08:12:14 +00:00
parent 208c8c9aab
commit 84c79415ee
2 changed files with 115 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

109
mono-CVE-2006-5072-TempFileCollection.patch Normal file
View File

@ -0,0 +1,109 @@
--- mono-1.1.17.1.orig/mcs/class/System/System.CodeDom.Compiler/TempFileCollection.cs 2006-07-05 22:58:48.000000000 +0100
+++ mono-1.1.17.1/mcs/class/System/System.CodeDom.Compiler/TempFileCollection.cs 2006-10-06 08:46:00.000000000 +0100
@@ -31,6 +31,7 @@
using System.IO;
using System.Security;
using System.Security.Permissions;
+using System.Runtime.InteropServices;
namespace System.CodeDom.Compiler {
@@ -45,6 +46,7 @@
bool keepfiles;
string basepath;
Random rnd;
+ string ownTempDir;
public TempFileCollection ()
: this (String.Empty, false)
@@ -67,16 +69,15 @@
{
get {
if(basepath==null) {
- // note: this property *cannot* change TempDir property
- string temp = tempdir;
- if (temp.Length == 0) {
- // this call ensure the Environment permissions check
- temp = Path.GetTempPath ();
- }
if (rnd == null)
rnd = new Random ();
+ // note: this property *cannot* change TempDir property
+ string temp = tempdir;
+ if (temp.Length == 0)
+ temp = GetOwnTempDir ();
+
// Create a temporary file at the target directory. This ensures
// that the generated file name is unique.
FileStream f = null;
@@ -111,6 +112,32 @@
return(basepath);
}
}
+
+ string GetOwnTempDir ()
+ {
+ if (ownTempDir != null)
+ return ownTempDir;
+
+ // this call ensure the Environment permissions check
+ string basedir = Path.GetTempPath ();
+
+ // Create a subdirectory with the correct user permissions
+ int res = -1;
+ do {
+ int num = rnd.Next ();
+ num++;
+ ownTempDir = Path.Combine (basedir, num.ToString("x"));
+ if (Directory.Exists (ownTempDir))
+ continue;
+ res = mkdir (ownTempDir, 0x1c0);
+ if (res != 0) {
+ if (!Directory.Exists (ownTempDir))
+ throw new IOException ();
+ // Somebody already created the dir, keep trying
+ }
+ } while (res != 0);
+ return ownTempDir;
+ }
int ICollection.Count {
get {
@@ -190,14 +217,25 @@
public void Delete()
{
- string[] filenames=new string[filehash.Count];
- filehash.Keys.CopyTo(filenames, 0);
+ bool allDeleted = true;
+ string[] filenames = new string[filehash.Count];
+ filehash.Keys.CopyTo (filenames, 0);
foreach(string file in filenames) {
if((bool)filehash[file]==false) {
File.Delete(file);
filehash.Remove(file);
- }
+ } else
+ allDeleted = false;
+ }
+ if (basepath != null) {
+ string tmpFile = basepath + ".tmp";
+ File.Delete (tmpFile);
+ basepath = null;
+ }
+ if (allDeleted && ownTempDir != null) {
+ Directory.Delete (ownTempDir, true);
+ ownTempDir = null;
}
if (basepath != null) {
string tmpFile = basepath + ".tmp";
@@ -228,5 +266,6 @@
Dispose(false);
}
+ [DllImport ("libc")] private static extern int mkdir (string olpath, uint mode);
}
}

7
mono.spec
View File

@ -1,6 +1,6 @@
Name: mono
Version: 1.1.17.1
Release: 1%{?dist}
Release: 2%{?dist}
Summary: a .NET runtime environment
Group: Development/Languages
@ -31,6 +31,7 @@ Patch1: mono-1.1.13.4-selinux-ia64.patch
Patch2: mono-1.1.13.4-ppc-threading.patch
Patch3: mono-libdir.patch
Patch4: mono-1.1.17.1-use-monodir.patch
Patch5: mono-CVE-2006-5072-TempFileCollection.patch
%description
The Mono runtime implements a JIT engine for the ECMA CLI
@ -252,6 +253,7 @@ which is fully managed and actively maintained.
%patch2 -p1 -b .ppc-threading
%patch3 -p1 -b .libdir
%patch4 -p1 -b .use-monodir
%patch5 -p1 -b .CVE-2006-5072
%build
%ifarch ia64 s390
@ -535,6 +537,9 @@ install monodir $RPM_BUILD_ROOT%{_bindir}
%gac_dll IBM.Data.DB2
%changelog
* Fri Oct 6 2006 Caolan McNamara <caolanm@redhat.com> - 1.1.17.1-2
- CVE-2006-5072
* Mon Sep 4 2006 Alexander Larsson <alexl@redhat.com> - 1.1.17.1-1
- update to 1.1.17.1
- Add one file nunit-devel package due to packaging guidelines (#205056)