From Bugzilla Helper: User-Agent: Mozilla/4.77 [en] (X11; U; Linux 2.2.19-6.2.1 i686) Description of problem: RedHat issued a patch for nedit (RHSA-2001:61-02 updated 2001-05-08) to fix a potential problem with creation of temporary files. In the source RPM, (and it also seems to be the same in source RPMS up to current rawhide version), the patch nedit-5.1.1-security.patch line 8 causes a constant string to be passed to mkstemp(). This causes a core dump when, for example, you select "Print" from the File menu. You can fix this by replacing *tmpFileName by tmpFileName[] or somesuch. Paul Quare How reproducible: Always Steps to Reproduce: 1.Select Print from File menu 2. 3. Actual Results: nedit core dumped with segment violation Expected Results: It should have printed the file. Additional info: (I've marked it below as a Security bug as it would seem that the problem it was meant to fix hasn't been fixed?)
*** Bug 45630 has been marked as a duplicate of this bug. ***
Not a security bug, the issue is fixed, it just introduced unwanted side effects. reducing priority.
*** Bug 47697 has been marked as a duplicate of this bug. ***
*** Bug 50884 has been marked as a duplicate of this bug. ***
OK, this time I have a proposed fix (patch) for the problem. The problem is that the security patch has an error in that it passes a constant to mkstemp which seems to cause the segfault. The fix is to simply change the definition of tmpFileName from a point to an array on the stack which is initialized to the value in the old security patch. This patch was developed and tested under the Roswell public beta (7.1.93) but should apply to previous versions. The attached patch replaces the existing security patch.
Created attachment 26715 [details] replacement for nedit-5.1.1-security.patch
fixed in 5.1.1-10