diff options
author | salo <salo@pkgsrc.org> | 2006-01-23 14:23:56 +0000 |
---|---|---|
committer | salo <salo@pkgsrc.org> | 2006-01-23 14:23:56 +0000 |
commit | 25ff7192b3b4f0ec6b0ae651e391b3f75e2d07aa (patch) | |
tree | c26d682b9ab8948ffaab74b5cc4b4ace04a97421 /textproc | |
parent | f6609e47f8705d286cbd67a88ecb9912c09b5a66 (diff) | |
download | pkgsrc-25ff7192b3b4f0ec6b0ae651e391b3f75e2d07aa.tar.gz |
Security fix for CVE-2005-3126:
"The kantiword script in antiword allow local users to overwrite arbitrary
files via a symlink attack on temporary output and error files."
Replace the naive mktemp usage with something that actually works.
Diffstat (limited to 'textproc')
-rw-r--r-- | textproc/antiword/Makefile | 5 | ||||
-rw-r--r-- | textproc/antiword/distinfo | 3 | ||||
-rw-r--r-- | textproc/antiword/patches/patch-ab | 58 |
3 files changed, 64 insertions, 2 deletions
diff --git a/textproc/antiword/Makefile b/textproc/antiword/Makefile index 6d6fce47821..1a26a4d69d8 100644 --- a/textproc/antiword/Makefile +++ b/textproc/antiword/Makefile @@ -1,7 +1,8 @@ -# $NetBSD: Makefile,v 1.17 2005/11/14 23:04:13 wiz Exp $ +# $NetBSD: Makefile,v 1.18 2006/01/23 14:23:56 salo Exp $ # DISTNAME= antiword-0.37 +PKGREVISION= 1 CATEGORIES= textproc converters print MASTER_SITES= http://www.winfield.demon.nl/linux/ @@ -11,6 +12,8 @@ COMMENT= Free MS Word to text and PostScript converter CONFLICTS= siag-[0-9]* +USE_TOOLS+= mktemp:run + CFLAGS.SunOS+= -D__STDC_ISO_10646__ post-patch: diff --git a/textproc/antiword/distinfo b/textproc/antiword/distinfo index 90e448c4848..613465b1cfd 100644 --- a/textproc/antiword/distinfo +++ b/textproc/antiword/distinfo @@ -1,6 +1,7 @@ -$NetBSD: distinfo,v 1.16 2005/11/14 23:04:13 wiz Exp $ +$NetBSD: distinfo,v 1.17 2006/01/23 14:23:56 salo Exp $ SHA1 (antiword-0.37.tar.gz) = 4364f7f99cb2d37f7d1d5bc14a335ccc0c67292e RMD160 (antiword-0.37.tar.gz) = 506ca4a7a7fa9fd4574092798a7fffacd9a3a0a0 Size (antiword-0.37.tar.gz) = 317884 bytes SHA1 (patch-aa) = 27cd582ced9822bbaefddd73d2fe2ba6c904ae1f +SHA1 (patch-ab) = 554f2f2d9dfdc06a5cd8869488043b62fb32108d diff --git a/textproc/antiword/patches/patch-ab b/textproc/antiword/patches/patch-ab new file mode 100644 index 00000000000..d03593bcb98 --- /dev/null +++ b/textproc/antiword/patches/patch-ab @@ -0,0 +1,58 @@ +$NetBSD: patch-ab,v 1.11 2006/01/23 14:23:56 salo Exp $ + +Security fix for CVE-2005-3126. + +--- kantiword.orig 2004-11-19 20:39:38.000000000 +0100 ++++ kantiword 2006-01-23 15:14:55.000000000 +0100 +@@ -1,4 +1,3 @@ +-#!/bin/bash + #!/bin/sh + # + # Script to make drag and drop in KDE possible +@@ -10,41 +9,12 @@ + exit 0 + fi + +-# Determine the temp directory +-if [ -d "$TMPDIR" ] && [ -w "$TMPDIR" ] +-then +- tmp_dir=$TMPDIR +-elif [ -d "$TEMP" ] && [ -w "$TEMP" ] +-then +- tmp_dir=$TEMP +-else +- tmp_dir="/tmp" +-fi +- + # Try to create the temp files in a secure way +-if [ -x /bin/tempfile ] +-then +- out_file=`/bin/tempfile -d "$tmp_dir" -p antiword -s ".ps"` || exit 1 +- err_file=`/bin/tempfile -d "$tmp_dir" -p antiword -s ".err"` +- if [ $? -ne 0 ] +- then +- rm -f "$out_file" +- exit 1 +- fi +-elif [ -x /bin/mktemp ] +-then +- out_file=`/bin/mktemp -q -p "$tmp_dir" antiword.ps.XXXXXXXXX` || exit 1 +- err_file=`/bin/mktemp -q -p "$tmp_dir" antiword.err.XXXXXXXXX` +- if [ $? -ne 0 ] +- then +- rm -f "$out_file" +- exit 1 +- fi +-else +- # Creating the temp files in an un-secure way +- out_file=$tmp_dir"/antiword.$$.ps" +- err_file=$tmp_dir"/antiword.$$.err" +-fi ++out_file=`mktemp -q -t ${0##*/}.ps.XXXXXXXXX` || \ ++ { echo "$0: Cannot create temporary file" >&2; exit 1; } ++err_file=`mktemp -q -t ${0##*/}.err.XXXXXXXXX` || \ ++ { echo "$0: Cannot create temporary file" >&2; exit 1; } ++trap "rm -f -- \"$out_file\" \"$err_file\"" 0 1 2 3 13 15 + + # Determine the paper size + paper_size=$1 |