From 84c79415ee7a37a5fa32c3604e8a881b17ecb820 Mon Sep 17 00:00:00 2001 From: Caolan McNamara Date: Fri, 6 Oct 2006 08:12:14 +0000 Subject: [PATCH] rh#209467# CVE-2006-5072 --- mono-CVE-2006-5072-TempFileCollection.patch | 109 ++++++++++++++++++++ mono.spec | 7 +- 2 files changed, 115 insertions(+), 1 deletion(-) create mode 100644 mono-CVE-2006-5072-TempFileCollection.patch diff --git a/mono-CVE-2006-5072-TempFileCollection.patch b/mono-CVE-2006-5072-TempFileCollection.patch new file mode 100644 index 0000000..e5f4514 --- /dev/null +++ b/mono-CVE-2006-5072-TempFileCollection.patch @@ -0,0 +1,109 @@ +--- mono-1.1.17.1.orig/mcs/class/System/System.CodeDom.Compiler/TempFileCollection.cs 2006-07-05 22:58:48.000000000 +0100 ++++ mono-1.1.17.1/mcs/class/System/System.CodeDom.Compiler/TempFileCollection.cs 2006-10-06 08:46:00.000000000 +0100 +@@ -31,6 +31,7 @@ + using System.IO; + using System.Security; + using System.Security.Permissions; ++using System.Runtime.InteropServices; + + namespace System.CodeDom.Compiler { + +@@ -45,6 +46,7 @@ + bool keepfiles; + string basepath; + Random rnd; ++ string ownTempDir; + + public TempFileCollection () + : this (String.Empty, false) +@@ -67,16 +69,15 @@ + { + get { + if(basepath==null) { +- // note: this property *cannot* change TempDir property +- string temp = tempdir; +- if (temp.Length == 0) { +- // this call ensure the Environment permissions check +- temp = Path.GetTempPath (); +- } + + if (rnd == null) + rnd = new Random (); + ++ // note: this property *cannot* change TempDir property ++ string temp = tempdir; ++ if (temp.Length == 0) ++ temp = GetOwnTempDir (); ++ + // Create a temporary file at the target directory. This ensures + // that the generated file name is unique. + FileStream f = null; +@@ -111,6 +112,32 @@ + return(basepath); + } + } ++ ++ string GetOwnTempDir () ++ { ++ if (ownTempDir != null) ++ return ownTempDir; ++ ++ // this call ensure the Environment permissions check ++ string basedir = Path.GetTempPath (); ++ ++ // Create a subdirectory with the correct user permissions ++ int res = -1; ++ do { ++ int num = rnd.Next (); ++ num++; ++ ownTempDir = Path.Combine (basedir, num.ToString("x")); ++ if (Directory.Exists (ownTempDir)) ++ continue; ++ res = mkdir (ownTempDir, 0x1c0); ++ if (res != 0) { ++ if (!Directory.Exists (ownTempDir)) ++ throw new IOException (); ++ // Somebody already created the dir, keep trying ++ } ++ } while (res != 0); ++ return ownTempDir; ++ } + + int ICollection.Count { + get { +@@ -190,14 +217,25 @@ + + public void Delete() + { +- string[] filenames=new string[filehash.Count]; +- filehash.Keys.CopyTo(filenames, 0); ++ bool allDeleted = true; ++ string[] filenames = new string[filehash.Count]; ++ filehash.Keys.CopyTo (filenames, 0); + + foreach(string file in filenames) { + if((bool)filehash[file]==false) { + File.Delete(file); + filehash.Remove(file); +- } ++ } else ++ allDeleted = false; ++ } ++ if (basepath != null) { ++ string tmpFile = basepath + ".tmp"; ++ File.Delete (tmpFile); ++ basepath = null; ++ } ++ if (allDeleted && ownTempDir != null) { ++ Directory.Delete (ownTempDir, true); ++ ownTempDir = null; + } + if (basepath != null) { + string tmpFile = basepath + ".tmp"; +@@ -228,5 +266,6 @@ + Dispose(false); + } + ++ [DllImport ("libc")] private static extern int mkdir (string olpath, uint mode); + } + } diff --git a/mono.spec b/mono.spec index b8bfc6d..048a62b 100644 --- a/mono.spec +++ b/mono.spec @@ -1,6 +1,6 @@ Name: mono Version: 1.1.17.1 -Release: 1%{?dist} +Release: 2%{?dist} Summary: a .NET runtime environment Group: Development/Languages @@ -31,6 +31,7 @@ Patch1: mono-1.1.13.4-selinux-ia64.patch Patch2: mono-1.1.13.4-ppc-threading.patch Patch3: mono-libdir.patch Patch4: mono-1.1.17.1-use-monodir.patch +Patch5: mono-CVE-2006-5072-TempFileCollection.patch %description The Mono runtime implements a JIT engine for the ECMA CLI @@ -252,6 +253,7 @@ which is fully managed and actively maintained. %patch2 -p1 -b .ppc-threading %patch3 -p1 -b .libdir %patch4 -p1 -b .use-monodir +%patch5 -p1 -b .CVE-2006-5072 %build %ifarch ia64 s390 @@ -535,6 +537,9 @@ install monodir $RPM_BUILD_ROOT%{_bindir} %gac_dll IBM.Data.DB2 %changelog +* Fri Oct 6 2006 Caolan McNamara - 1.1.17.1-2 +- CVE-2006-5072 + * Mon Sep 4 2006 Alexander Larsson - 1.1.17.1-1 - update to 1.1.17.1 - Add one file nunit-devel package due to packaging guidelines (#205056)