From 66d65ec2a783cb04d04eb72c49fe6488315ae6c9 Mon Sep 17 00:00:00 2001
From: Trevor Johnson <trevor@FreeBSD.org>
Date: Sat, 25 Nov 2000 07:09:18 +0000
Subject: - don't follow links (symbolic or hard) owned by another user when  
 creating a DEADJOE file (http://www.securityfocus.com/archive/1/145305) -
 make DEADJOE files with 0600 permissions, rather than using the   user's
 umask (PR 12827) - do the PORTREVISION thing

I am not sure whether the maintainer considers these ready.  However,
they work for me.

Submitted by:	maintainer
---
 editors/joe2/files/patch-ad | 46 ++++++++++++++++++++++++++++++++++++++-------
 1 file changed, 39 insertions(+), 7 deletions(-)

(limited to 'editors/joe2/files/patch-ad')

diff --git a/editors/joe2/files/patch-ad b/editors/joe2/files/patch-ad
index a57f81ee61e2..47b1bb2131a0 100644
--- a/editors/joe2/files/patch-ad
+++ b/editors/joe2/files/patch-ad
@@ -1,6 +1,7 @@
 --- b.c.orig	Fri Jan 20 13:38:25 1995
-+++ b.c	Tue Dec 28 15:56:10 1999
-@@ -22,4 +22,7 @@
++++ b.c	Fri Nov 24 00:24:52 2000
+@@ -21,6 +21,9 @@
+ #include <pwd.h>
  #endif
  #include <errno.h>
 +#include <sys/file.h>
@@ -8,13 +9,17 @@
 +#include <sys/stat.h>
  
  #include "config.h"
-@@ -202,4 +205,5 @@
+ #include "blocks.h"
+@@ -201,6 +204,7 @@
+  if(prop) b->o=prop->o;
   else b->o=pdefault;
   mset(b->marks,0,sizeof(b->marks));
 + b->filehandle = -1;	/* initialize filehandle &&& ob */
   b->rdonly=0;
   b->orphan=0;
-@@ -256,4 +260,8 @@
+  b->oldcur=0;
+@@ -255,6 +259,10 @@
+  {
   if(b && !--b->count)
    {
 +  if (b->filehandle != -1) {
@@ -23,7 +28,9 @@
 +    }
    if(b->changed) abrerr(b->name);
    if(b==errbuf) errbuf=0;
-@@ -1672,5 +1680,6 @@
+   if(b->undo) undorm(b->undo);
+@@ -1671,7 +1679,8 @@
+  B *b;
   long skip,amnt;
   char *n;
 - int nowrite=0;
@@ -31,7 +38,9 @@
 + int nowrite=0,fh=-1;
  
   if(!s || !s[0])
-@@ -1705,4 +1714,26 @@
+   {
+@@ -1704,6 +1713,28 @@
+   else fclose(fi);
    fi=fopen(n,"r");
    if(!fi) nowrite=0;
 +/*printf ("nowrite open=%i\n", nowrite); */
@@ -58,9 +67,32 @@
 +
    }
   joesep(n);
-@@ -1762,4 +1793,5 @@
+ 
+@@ -1761,6 +1792,7 @@
+  vsrm(n);
  
   b->er=error;
 + if( fh != -1 ) b->filehandle = fh;
   return b;
   }
+ 
+@@ -1990,7 +2022,18 @@
+  {
+  long tim=time(0);
+  B *b;
+- FILE *f=fopen("DEADJOE","a");
++ FILE *f;
++ struct stat sb;
++ if ((lstat("DEADJOE", &sb) == 0) && (sb.st_mode & S_IFLNK) && (sb.st_uid != getuid())) 
++  {
++  printf("*** JOE was aborted ");
++  if (sig) printf("by signal %d, cannot save DEADJOE due to unsafe symlink\n",sig);
++  else printf("because the terminal closed, cannot save DEADJOE due to unsafe symlink\n");
++  if(sig) ttclsn();
++  _exit(1);
++  }
++ f=fopen("DEADJOE","a");
++ chmod("DEADJOE", S_IRUSR | S_IWUSR);
+  fprintf(f,"\n*** Modified files in JOE when it aborted on %s",ctime(&tim));
+  if(sig) fprintf(f,"*** JOE was aborted by signal %d\n",sig);
+  else fprintf(f,"*** JOE was aborted because the terminal closed\n");
-- 
cgit v1.2.3