microsoft · KavyaSree2610 · Nov 21, 2024
@@ -0,0 +1,89 @@
+From 1a0861639022a9237a22349e0f07f2b61e89d244 Mon Sep 17 00:00:00 2001
+From: kavyasree <[email protected]>
+Date: Thu, 21 Nov 2024 14:30:20 +0530
+Subject: [PATCH] Fix CVE-2024-5742
+
+---
+ src/definitions.h |  2 +-
+ src/files.c       | 13 ++++++++++++-
+ src/nano.c        | 12 +-----------
+ 3 files changed, 14 insertions(+), 13 deletions(-)
+
+diff --git a/src/definitions.h b/src/definitions.h
+index 5c517a3..f308043 100644
+--- a/src/definitions.h
++++ b/src/definitions.h
+@@ -275,7 +275,7 @@ typedef enum {
+ } message_type;
+
+ typedef enum {
+-	OVERWRITE, APPEND, PREPEND
++	OVERWRITE, APPEND, PREPEND, EMERGENCY
+ } kind_of_writing_type;
+
+ typedef enum {
+diff --git a/src/files.c b/src/files.c
+index e2bbfe1..561d36b 100644
+--- a/src/files.c
++++ b/src/files.c
+@@ -1729,6 +1729,8 @@ bool write_file(const char *name, FILE *thefile, bool normal,
+ #endif
+ 	char *realname = real_dir_from_tilde(name);
+ 		/* The filename after tilde expansion. */
++	int fd = 0;
++		/* The descriptor that is assigned when opening the file. */
+ 	char *tempname = NULL;
+ 		/* The name of the temporary file we use when prepending. */
+ 	linestruct *line = openfile->filetop;
+@@ -1812,7 +1814,6 @@ bool write_file(const char *name, FILE *thefile, bool normal,
+ 	 * For an emergency file, access is restricted to just the owner. */
+ 	if (thefile == NULL) {
+ 		mode_t permissions = (normal ? RW_FOR_ALL : S_IRUSR|S_IWUSR);
+-		int fd;
+
+ #ifndef NANO_TINY
+ 		block_sigwinch(TRUE);
+@@ -1939,6 +1940,16 @@ bool write_file(const char *name, FILE *thefile, bool normal,
+ 		}
+ #endif
+
++#if !defined(NANO_TINY) && defined(HAVE_CHMOD) && defined(HAVE_CHOWN)
++	/* Change permissions and owner of an emergency save file to the values
++	 * of the original file, but ignore any failure as we are in a hurry. */
++	if (method == EMERGENCY && fd && openfile->statinfo) {
++		IGNORE_CALL_RESULT(fchmod(fd, openfile->statinfo->st_mode));
++		IGNORE_CALL_RESULT(fchown(fd, openfile->statinfo->st_uid,
++											openfile->statinfo->st_gid));
++	}
++#endif
++
+ 	if (fclose(thefile) != 0) {
+ 		statusline(ALERT, _("Error writing %s: %s"), realname, strerror(errno));
+
+diff --git a/src/nano.c b/src/nano.c
+index 35f466b..9c2f0b2 100644
+--- a/src/nano.c
++++ b/src/nano.c
+@@ -337,18 +337,8 @@ void emergency_save(const char *filename)
+
+ 	if (*targetname == '\0')
+ 		fprintf(stderr, _("\nToo many .save files\n"));
+-	else if (write_file(targetname, NULL, SPECIAL, OVERWRITE, NONOTES)) {
++	else if (write_file(targetname, NULL, SPECIAL, EMERGENCY, NONOTES))
+ 		fprintf(stderr, _("\nBuffer written to %s\n"), targetname);
+-#if !defined(NANO_TINY) && defined(HAVE_CHMOD) && defined(HAVE_CHOWN)
+-		/* Try to chmod/chown the saved file to the values of the original file,
+-		 * but ignore any failure as we are in a hurry to get out. */
+-		if (openfile->statinfo) {
+-			IGNORE_CALL_RESULT(chmod(targetname, openfile->statinfo->st_mode));
+-			IGNORE_CALL_RESULT(chown(targetname, openfile->statinfo->st_uid,
+-													openfile->statinfo->st_gid));
+-		}
+-#endif
+-	}
+
+ 	free(targetname);
+ 	free(plainname);
+-- 
+2.34.1
+
@@ -1,13 +1,15 @@
 Summary:        Text editor
 Name:           nano
 Version:        6.4
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        GPLv3+
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 Group:          Applications/Editors
 URL:            https://www.nano-editor.org/
 Source0:        http://www.nano-editor.org/dist/v6/%{name}-%{version}.tar.xz
+Patch0:		CVE-2024-5742.patch
+
 BuildRequires:  ncurses-devel
 Requires:       ncurses
 
@@ -52,6 +54,9 @@ make %{?_smp_mflags} check
 %{_docdir}/%{name}-%{version}/*
 
 %changelog
+* Thu Nov 21 2024 Kavya Sree Kaitepalli <[email protected]> - 6.4-2
+- Patch for CVE-2024-5742
+
 * Fri Oct 27 2023 CBL-Mariner Servicing Account <[email protected]> - 6.4-1
 - Auto-upgrade to 6.4 - Azure Linux 3.0 - package upgrades