Does anyone have any comments on this? As there is currently a serious bug in retrieving the package list courtesy of insert-file-contents-literally, I am planning on getting 21.1.12 out the door quickly. I'm inclined to include the non-package changes. Please advise. Thanks, vin Torsten> Hi, Torsten> don't know if this stuff is still applicable to the current CVS tree Torsten> but nevertheless here are the security patches we ship, for your convenience. Torsten> Credits for the original Unix 98 PTY patch obviously go to Florian Weimer Torsten> <Florian.Weimer(a)RUS.Uni-Stuttgart.DE&gt;, porting of that FSF-Emacs-patch to Torsten> XEmacs-21 was done by my colleague Olaf Kirch. The ugly but working TMPDIR Torsten> and passwd-nonrecording patches were hacked by me. Seems like these two are Torsten> broken by design (e.g. neither getpass nor mkstemp lisp primitives). Anyway Torsten> -- here they are: Torsten> diff -ur xemacs-21.1.orig/configure.in xemacs-21.1/configure.in Torsten> --- xemacs-21.1.orig/configure.in Tue Apr 25 12:56:09 2000 Torsten> +++ xemacs-21.1/configure.in Tue Apr 25 16:11:54 2000 Torsten> ＠＠ -3105,6 +3105,11 ＠＠ Torsten> AC_CHECK_FUNCS(cbrt closedir dup2 eaccess fmod fpathconf frexp ftime gethostname getpagesize gettimeofday getcwd getwd logb lrand48 matherr mkdir mktime perror poll random rename res_init rint rmdir select setitimer setpgid setlocale setsid sigblock sighold sigprocmask snprintf strcasecmp strerror tzset ulimit usleep utimes waitpid vsnprintf) Torsten> +# Check for UNIX98 PTYs. Torsten> +# getpt is a glibc addition which emulates the master device on Torsten> +# systems without kernel support. Torsten> +AC_CHECK_FUNCS(grantpt unlockpt getpt ptsname) Torsten> + Torsten> dnl realpath is buggy on linux, decosf and aix4 Torsten> dnl The realpath() in linux libc (4.6.27) sometimes fails with ELOOP. Torsten> diff -ur xemacs-21.1.orig/src/config.h.in xemacs-21.1/src/config.h.in Torsten> --- xemacs-21.1.orig/src/config.h.in Tue Oct 28 12:36:08 1997 Torsten> +++ xemacs-21.1/src/config.h.in Tue Apr 25 16:11:54 2000 Torsten> ＠＠ -297,6 +297,14 ＠＠ Torsten> #undef HAVE_UTIMES Torsten> #undef HAVE_WAITPID Torsten> #undef HAVE_VSNPRINTF Torsten> +/* UNIX98 PTY support functions Torsten> + getpt is a glibc addition which emulates the master device on Torsten> + systems without kernel support. */ Torsten> +#undef HAVE_GRANTPT Torsten> +#undef HAVE_UNLOCKPT Torsten> +#undef HAVE_GETPT Torsten> +#undef HAVE_PTSNAME Torsten> + Torsten> #undef HAVE_SOCKETS Torsten> #undef HAVE_SOCKADDR_SUN_LEN Torsten> #undef HAVE_MULTICAST Torsten> diff -ur xemacs-21.1.orig/src/s/gnu.h xemacs-21.1/src/s/gnu.h Torsten> --- xemacs-21.1.orig/src/s/gnu.h Sun Jul 20 00:12:29 1997 Torsten> +++ xemacs-21.1/src/s/gnu.h Tue Apr 25 16:11:54 2000 Torsten> ＠＠ -50,3 +50,49 ＠＠ Torsten> #ifndef NOT_C_CODE Torsten> #include <fcntl.h> Torsten> #endif Torsten> + Torsten> +#if defined(HAVE_GRANTPT) && defined(HAVE_UNLOCKPT) && defined(HAVE_PTSNAME) Torsten> +/* UNIX98 PTYs are available. Torsten> + Added by Florian Weimer <Florian.Weimer(a)RUS.Uni-Stuttgart.DE&gt;, Torsten> + RUS-CERT, University of Stuttgart. Based on Emacs code for DGUX. */ Torsten> + Torsten> +#define PTY_ITERATION for (i = 0; i < 1; i++) Torsten> +/* no iteration at all */ Torsten> + Torsten> +/* Use getpt() if it's available, because it provides Unix98 PTY Torsten> + emulation for kernels which doesn't support it natively. */ Torsten> + Torsten> +#ifdef HAVE_GETPT Torsten> +#define PTY_OPEN \ Torsten> + do { \ Torsten> + fd = getpt(); \ Torsten> + if (fcntl (fd, F_SETFL, O_NDELAY) == -1) \ Torsten> + fatal ("could not set master PTY to non-block mode"); \ Torsten> + } while (0) Torsten> + Torsten> +#else Torsten> +/* the master PTY device */ Torsten> +#define PTY_NAME_SPRINTF strcpy (pty_name, "/dev/ptmx"); Torsten> +#endif Torsten> + Torsten> +/* This sets the name of the slave side of the PTY. grantpt(3) and Torsten> + unlockpt(3) may fork a subprocess, so keep sigchld_handler() from Torsten> + intercepting that death. */ Torsten> + Torsten> +#define PTY_TTY_NAME_SPRINTF \ Torsten> + { \ Torsten> + char *ptsname(), *ptyname; \ Torsten> + \ Torsten> + sigblock(sigmask(SIGCHLD)); \ Torsten> + if (grantpt(fd) == -1) \ Torsten> + fatal("could not grant slave pty"); \ Torsten> + if (unlockpt(fd) == -1) \ Torsten> + fatal("could not unlock slave pty"); \ Torsten> + if (!(ptyname = ptsname(fd))) \ Torsten> + fatal ("could not enable slave pty"); \ Torsten> + strncpy(pty_name, ptyname, sizeof(pty_name)); \ Torsten> + pty_name[sizeof(pty_name) - 1] = 0; \ Torsten> + sigsetmask(siggetmask() & ~sigmask(SIGCHLD)); \ Torsten> + } Torsten> + Torsten> +#endif Torsten> diff -ur xemacs-21.1.orig/src/s/hpux.h xemacs-21.1/src/s/hpux.h Torsten> --- xemacs-21.1.orig/src/s/hpux.h Mon Jul 14 00:43:10 1997 Torsten> +++ xemacs-21.1/src/s/hpux.h Tue Apr 25 16:11:54 2000 Torsten> ＠＠ -157,6 +157,59 ＠＠ Torsten> /* This is needed for HPUX version 6.2; it may not be needed for 6.2.1. */ Torsten> #define SHORT_CAST_BUG Torsten> +#if defined(HAVE_GRANTPT) && defined(HAVE_UNLOCKPT) && defined(HAVE_PTSNAME) Torsten> +/* UNIX98 PTYs are available. Torsten> + Added by Florian Weimer <Florian.Weimer(a)RUS.Uni-Stuttgart.DE&gt;, Torsten> + RUS-CERT, University of Stuttgart. Based on Emacs code for DGUX. */ Torsten> + Torsten> +#ifdef emacs Torsten> +#include <grp.h> Torsten> +#include <sys/stropts.h> Torsten> +#endif Torsten> + Torsten> +#define PTY_ITERATION for (i = 0; i < 1; i++) Torsten> +/* no iteration at all */ Torsten> + Torsten> +/* the master PTY device */ Torsten> +#define PTY_NAME_SPRINTF strcpy (pty_name, "/dev/ptmx"); Torsten> + Torsten> +/* This sets the name of the slave side of the PTY. grantpt(3) and Torsten> + unlockpt(3) may fork a subprocess, so keep sigchld_handler() from Torsten> + intercepting that death. grantpt() behavior on HP-UX differs from Torsten> + what's specified in the man page: the group of the slave PTY is set Torsten> + to the user's primary group, and we fix that. */ Torsten> + Torsten> +#define PTY_TTY_NAME_SPRINTF \ Torsten> + { \ Torsten> + char *ptsname(), *ptyname; \ Torsten> + struct group *getgrnam (), *tty_group = getgrnam ("tty"); \ Torsten> + if (tty_group == NULL) \ Torsten> + fatal ("group tty not found"); \ Torsten> + \ Torsten> + sigblock(sigmask(SIGCHLD)); \ Torsten> + if (grantpt(fd) == -1) \ Torsten> + fatal("could not grant slave pty"); \ Torsten> + if (!(ptyname = ptsname(fd))) \ Torsten> + fatal ("could not enable slave pty"); \ Torsten> + strncpy(pty_name, ptyname, sizeof(pty_name)); \ Torsten> + pty_name[sizeof(pty_name) - 1] = 0; \ Torsten> + if (chown (pty_name, (uid_t) -1, tty_group->gr_gid) == -1) \ Torsten> + fatal ("could not chown slave pty"); \ Torsten> + if (unlockpt(fd) == -1) \ Torsten> + fatal("could not unlock slave pty"); \ Torsten> + sigunblock(sigmask(SIGCHLD)); \ Torsten> + } Torsten> + Torsten> +/* Push various streams modules onto a PTY channel. */ Torsten> + Torsten> +#define SETUP_SLAVE_PTY \ Torsten> + if (ioctl (xforkin, I_PUSH, "ptem") == -1) \ Torsten> + fatal ("ioctl I_PUSH ptem", errno); \ Torsten> + if (ioctl (xforkin, I_PUSH, "ldterm") == -1) \ Torsten> + fatal ("ioctl I_PUSH ldterm", errno); Torsten> + Torsten> +#else /* no UNIX98 PTYs */ Torsten> + Torsten> /* This is how to get the device name of the tty end of a pty. */ Torsten> #define PTY_TTY_NAME_SPRINTF \ Torsten> sprintf (pty_name, "/dev/pty/tty%c%x", c, i); Torsten> ＠＠ -164,6 +217,8 ＠＠ Torsten> /* This is how to get the device name of the control end of a pty. */ Torsten> #define PTY_NAME_SPRINTF \ Torsten> sprintf (pty_name, "/dev/ptym/pty%c%x", c, i); Torsten> + Torsten> +#endif /* UNIX 98 PTYs */ Torsten> /* This triggers a conditional in xfaces.c. */ Torsten> #define XOS_NEEDS_TIME_H Torsten> diff -ur xemacs-21.1.orig/src/s/linux.h xemacs-21.1/src/s/linux.h Torsten> --- xemacs-21.1.orig/src/s/linux.h Tue Apr 25 12:56:09 2000 Torsten> +++ xemacs-21.1/src/s/linux.h Tue Apr 25 16:12:54 2000 Torsten> ＠＠ -194,3 +194,49 ＠＠ Torsten> /* XEmacs: removed setpgrp() definition because we use setpgid() when Torsten> it's available, and autodetect it. */ Torsten> + Torsten> +#if defined(HAVE_GRANTPT) && defined(HAVE_UNLOCKPT) && defined(HAVE_PTSNAME) Torsten> +/* UNIX98 PTYs are available. Torsten> + Added by Florian Weimer <Florian.Weimer(a)RUS.Uni-Stuttgart.DE&gt;, Torsten> + RUS-CERT, University of Stuttgart. Based on Emacs code for DGUX. */ Torsten> + Torsten> +#define PTY_ITERATION for (i = 0; i < 1; i++) Torsten> +/* no iteration at all */ Torsten> + Torsten> +/* Use getpt() if it's available, because it provides Unix98 PTY Torsten> + emulation for kernels which doesn't support it natively. */ Torsten> + Torsten> +#ifdef HAVE_GETPT Torsten> +#define PTY_OPEN \ Torsten> + do { \ Torsten> + fd = getpt(); \ Torsten> + if (fcntl (fd, F_SETFL, O_NDELAY) == -1) \ Torsten> + fatal ("could not set master PTY to non-block mode"); \ Torsten> + } while (0) Torsten> + Torsten> +#else Torsten> +/* the master PTY device */ Torsten> +#define PTY_NAME_SPRINTF strcpy (pty_name, "/dev/ptmx"); Torsten> +#endif Torsten> + Torsten> +/* This sets the name of the slave side of the PTY. grantpt(3) and Torsten> + unlockpt(3) may fork a subprocess, so keep sigchld_handler() from Torsten> + intercepting that death. */ Torsten> + Torsten> +#define PTY_TTY_NAME_SPRINTF \ Torsten> + { \ Torsten> + char *ptsname(), *ptyname; \ Torsten> + \ Torsten> + sigblock(sigmask(SIGCHLD)); \ Torsten> + if (grantpt(fd) == -1) \ Torsten> + fatal("could not grant slave pty"); \ Torsten> + if (unlockpt(fd) == -1) \ Torsten> + fatal("could not unlock slave pty"); \ Torsten> + if (!(ptyname = ptsname(fd))) \ Torsten> + fatal ("could not enable slave pty"); \ Torsten> + strncpy(pty_name, ptyname, sizeof(pty_name)); \ Torsten> + pty_name[sizeof(pty_name) - 1] = 0; \ Torsten> + sigsetmask(siggetmask() & ~sigmask(SIGCHLD)); \ Torsten> + } Torsten> + Torsten> +#endif Torsten> --- xemacs-21.1.10/src/editfns.c~ Wed Jul 7 05:10:33 1999 Torsten> +++ xemacs-21.1.10/src/editfns.c Wed May 10 12:05:10 2000 Torsten> ＠＠ -602,6 +602,12 ＠＠ Torsten> return make_char (BUF_FETCH_CHAR (b, n)); Torsten> } Torsten> +#if !defined(WINDOWSNT) && !defined(MSDOS) Torsten> +#include <sys/stat.h> Torsten> +#include <fcntl.h> Torsten> +#include <errno.h> Torsten> +#include <limits.h> Torsten> +#endif Torsten>  Torsten> DEFUN ("temp-directory", Ftemp_directory, 0, 0, 0, /* Torsten> Return the pathname to the directory to use for temporary files. Torsten> ＠＠ -621,7 +627,47 ＠＠ Torsten> #else /* WINDOWSNT || MSDOS */ Torsten> tmpdir = getenv ("TMPDIR"); Torsten> if (!tmpdir) Torsten> + { Torsten> + struct stat st; Torsten> + char * logname = user_login_name(NULL); Torsten> + int myuid = getuid(); Torsten> + static char path[1+_POSIX_PATH_MAX]; Torsten> + Torsten> + strcpy(path, "/tmp/"); strncat(path, logname, _POSIX_PATH_MAX); Torsten> + if (lstat(path, &st) < 0 && errno == ENOENT) Torsten> + { Torsten> + mkdir(path, 0700); /* ignore retval -- checked next anyway. */ Torsten> + } Torsten> + if (lstat(path, &st) == 0 && st.st_uid == myuid && S_ISDIR(st.st_mode)) Torsten> + { Torsten> + tmpdir = path; Torsten> + } Torsten> + else Torsten> + { Torsten> + strcpy(path, getenv("HOME")); strncat(path, "/tmp/", _POSIX_PATH_MAX); Torsten> + if (stat(path, &st) < 0 && errno == ENOENT) Torsten> + { Torsten> + int fd; Torsten> + char warnpath[1+_POSIX_PATH_MAX]; Torsten> + mkdir(path, 0700); /* ignore retvals */ Torsten> + strcpy(warnpath, path); Torsten> + strncat(warnpath, ".created_by_xemacs", _POSIX_PATH_MAX); Torsten> + if ((fd = open(warnpath, O_WRONLY|O_CREAT, 0644)) > 0) Torsten> + { Torsten> + write(fd, "XEmacs created this directory because /tmp/<yourname> was unavailable -- \nPlease check !\n", 89); Torsten> + close(fd); Torsten> + } Torsten> + } Torsten> + if (stat(path, &st) == 0 && S_ISDIR(st.st_mode)) Torsten> + { Torsten> + tmpdir = path; Torsten> + } Torsten> + else Torsten> + { Torsten> tmpdir = "/tmp"; Torsten> + } Torsten> + } Torsten> + } Torsten> #endif Torsten> return build_ext_string (tmpdir, FORMAT_FILENAME); Torsten> --- xemacs-packages/lisp/xemacs-base/comint.el~ Wed Jan 19 10:36:46 2000 Torsten> +++ xemacs-packages/lisp/xemacs-base/comint.el Tue May 9 14:18:35 2000 Torsten> ＠＠ -1670,6 +1670,7 ＠＠ Torsten> (echo-keystrokes 0) Torsten> (cursor-in-echo-area t) Torsten> (message-log-max nil) ;turn of logging in GNU Emacs Torsten> + (inhibit-input-event-recording t) ; and XEmacs Torsten> (done nil)) Torsten> (while (not done) Torsten> (if stars Torsten> --- xemacs-packages/lisp/xemacs-base/passwd.el~ Thu Jan 20 11:29:37 2000 Torsten> +++ xemacs-packages/lisp/xemacs-base/passwd.el Tue May 9 15:47:38 2000 Torsten> ＠＠ -156,12 +156,7 ＠＠ Torsten> - do not pass it as an argument to a shell command - anyone will be Torsten> able to see it if they run `ps' at the right time. Torsten> -Note that the password will be temporarily recoverable with the `view-lossage' Torsten> -command. This data will not be overwritten until another hundred or so Torsten> -characters are typed. You can temporarily disable recording key strokes Torsten> -by binding `inhibit-input-event-recording' to t." Torsten> - Torsten> - Torsten> +" Torsten> (save-excursion Torsten> (let ((input (get-buffer-create " *password*")) Torsten> (passwd-history-posn 0) Torsten> ＠＠ -213,6 +207,7 ＠＠ Torsten> (let* ((minibuffer-completion-table nil) Torsten> (cursor-in-echo-area t) Torsten> (echo-keystrokes 0) Torsten> + (inhibit-input-event-recording t) Torsten> (key (passwd-read-key-sequence Torsten> (concat (if (listp prompt) Torsten> (car (nth passwd-history-posn passwd-history))