Paul Hartman reported the following (minor) security flaw into Gentoo's bugzilla:
https://bugs.gentoo.org/show_bug.cgi?id=436518
When multiple files are selected and F3 / Enter key is pressed on some of the files,
MC_EXT_SELECTED variable does not sanitize the whitespace characters properly
(leading into situation when first file is used as the actual value of MC_EXT_SELECTED
variable and the remaining files from the list are used as arguments passed to the
temporary script, created to handle F3 / Enter action on the first file).
A remote attacker could provide a specially-crafted archive and trick the local
Midnight Commander user into expanding and viewing it, which under certain
circumstances could lead to arbitrary code execution with the privileges of
the user running the mc executable.
Signed-off-by: Slava Zanko <slavazanko@gmail.com>
In
tests/lib/mcconfig/Makefile.am
tests/lib/vfs/Makefile.am
tests/src/filemanager/Makefile.am
AM_LDFLAGS = -Wl,-z,muldefs
is used, but on cygwin the linker does not accept the "-z" option and
AM_LDFLAGS = -Wl,--allow-multiple-definition
is required instead.
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
Steps to reproduce:
* run mc
* change encoding one of panels to any different from system encoding
* try to copy any file to panel with changed encoding
Expected result: files should be copied.
Actual result: error box here.
Signed-off-by: Slava Zanko <slavazanko@gmail.com>
Some ini files (keymaps, skins) are loaded in read-only mode. For those
files, we don't need load and keep comments.
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
Set defines via CPPFLAGS variable not via CFLAGS one.
Use AM_CPPFLAGS and AM_CFLAGS variables instead of per-target ones.
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
The test fails to compile on alpha:
> CC vfs_parse_ls_lga.o
> vfs_parse_ls_lga.c: In function ‘test_vfs_parse_ls_lga’:
> vfs_parse_ls_lga.c:174:9: error: unknown field ‘st_atime’ specified in initializer
> vfs_parse_ls_lga.c:175:9: error: unknown field ‘st_mtime’ specified in initializer
as st_atime on alpha in not just a field name:
struct stat {
...
__extension__ union { struct timespec st_atim; struct { __time_t st_atime; unsigned long st_atimensec; }; };
__extension__ union { struct timespec st_mtim; struct { __time_t st_mtime; unsigned long st_mtimensec; }; };
__extension__ union { struct timespec st_ctim; struct { __time_t st_ctime; unsigned long st_ctimensec; }; };
};
The fix switches to old-style struct initialization.
Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>
Otherwise gcc on alpha/arm will break in gcc -c phase:
CC config_string.o
armv5tel-softfloat-linux-gnueabi-gcc <skip> -z muldefs -c config_string.c
armv5tel-softfloat-linux-gnueabi-gcc: muldefs: No such file or directory
make[4]: *** [config_string.o] Error 1
Gentoo-bug: http://bugs.gentoo.org/403343
Reported-by: Markus Meier
Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>