summaryrefslogtreecommitdiff
path: root/textproc
diff options
context:
space:
mode:
authorsalo <salo@pkgsrc.org>2006-01-23 14:23:56 +0000
committersalo <salo@pkgsrc.org>2006-01-23 14:23:56 +0000
commit25ff7192b3b4f0ec6b0ae651e391b3f75e2d07aa (patch)
treec26d682b9ab8948ffaab74b5cc4b4ace04a97421 /textproc
parentf6609e47f8705d286cbd67a88ecb9912c09b5a66 (diff)
downloadpkgsrc-25ff7192b3b4f0ec6b0ae651e391b3f75e2d07aa.tar.gz
Security fix for CVE-2005-3126:
"The kantiword script in antiword allow local users to overwrite arbitrary files via a symlink attack on temporary output and error files." Replace the naive mktemp usage with something that actually works.
Diffstat (limited to 'textproc')
-rw-r--r--textproc/antiword/Makefile5
-rw-r--r--textproc/antiword/distinfo3
-rw-r--r--textproc/antiword/patches/patch-ab58
3 files changed, 64 insertions, 2 deletions
diff --git a/textproc/antiword/Makefile b/textproc/antiword/Makefile
index 6d6fce47821..1a26a4d69d8 100644
--- a/textproc/antiword/Makefile
+++ b/textproc/antiword/Makefile
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.17 2005/11/14 23:04:13 wiz Exp $
+# $NetBSD: Makefile,v 1.18 2006/01/23 14:23:56 salo Exp $
#
DISTNAME= antiword-0.37
+PKGREVISION= 1
CATEGORIES= textproc converters print
MASTER_SITES= http://www.winfield.demon.nl/linux/
@@ -11,6 +12,8 @@ COMMENT= Free MS Word to text and PostScript converter
CONFLICTS= siag-[0-9]*
+USE_TOOLS+= mktemp:run
+
CFLAGS.SunOS+= -D__STDC_ISO_10646__
post-patch:
diff --git a/textproc/antiword/distinfo b/textproc/antiword/distinfo
index 90e448c4848..613465b1cfd 100644
--- a/textproc/antiword/distinfo
+++ b/textproc/antiword/distinfo
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.16 2005/11/14 23:04:13 wiz Exp $
+$NetBSD: distinfo,v 1.17 2006/01/23 14:23:56 salo Exp $
SHA1 (antiword-0.37.tar.gz) = 4364f7f99cb2d37f7d1d5bc14a335ccc0c67292e
RMD160 (antiword-0.37.tar.gz) = 506ca4a7a7fa9fd4574092798a7fffacd9a3a0a0
Size (antiword-0.37.tar.gz) = 317884 bytes
SHA1 (patch-aa) = 27cd582ced9822bbaefddd73d2fe2ba6c904ae1f
+SHA1 (patch-ab) = 554f2f2d9dfdc06a5cd8869488043b62fb32108d
diff --git a/textproc/antiword/patches/patch-ab b/textproc/antiword/patches/patch-ab
new file mode 100644
index 00000000000..d03593bcb98
--- /dev/null
+++ b/textproc/antiword/patches/patch-ab
@@ -0,0 +1,58 @@
+$NetBSD: patch-ab,v 1.11 2006/01/23 14:23:56 salo Exp $
+
+Security fix for CVE-2005-3126.
+
+--- kantiword.orig 2004-11-19 20:39:38.000000000 +0100
++++ kantiword 2006-01-23 15:14:55.000000000 +0100
+@@ -1,4 +1,3 @@
+-#!/bin/bash
+ #!/bin/sh
+ #
+ # Script to make drag and drop in KDE possible
+@@ -10,41 +9,12 @@
+ exit 0
+ fi
+
+-# Determine the temp directory
+-if [ -d "$TMPDIR" ] && [ -w "$TMPDIR" ]
+-then
+- tmp_dir=$TMPDIR
+-elif [ -d "$TEMP" ] && [ -w "$TEMP" ]
+-then
+- tmp_dir=$TEMP
+-else
+- tmp_dir="/tmp"
+-fi
+-
+ # Try to create the temp files in a secure way
+-if [ -x /bin/tempfile ]
+-then
+- out_file=`/bin/tempfile -d "$tmp_dir" -p antiword -s ".ps"` || exit 1
+- err_file=`/bin/tempfile -d "$tmp_dir" -p antiword -s ".err"`
+- if [ $? -ne 0 ]
+- then
+- rm -f "$out_file"
+- exit 1
+- fi
+-elif [ -x /bin/mktemp ]
+-then
+- out_file=`/bin/mktemp -q -p "$tmp_dir" antiword.ps.XXXXXXXXX` || exit 1
+- err_file=`/bin/mktemp -q -p "$tmp_dir" antiword.err.XXXXXXXXX`
+- if [ $? -ne 0 ]
+- then
+- rm -f "$out_file"
+- exit 1
+- fi
+-else
+- # Creating the temp files in an un-secure way
+- out_file=$tmp_dir"/antiword.$$.ps"
+- err_file=$tmp_dir"/antiword.$$.err"
+-fi
++out_file=`mktemp -q -t ${0##*/}.ps.XXXXXXXXX` || \
++ { echo "$0: Cannot create temporary file" >&2; exit 1; }
++err_file=`mktemp -q -t ${0##*/}.err.XXXXXXXXX` || \
++ { echo "$0: Cannot create temporary file" >&2; exit 1; }
++trap "rm -f -- \"$out_file\" \"$err_file\"" 0 1 2 3 13 15
+
+ # Determine the paper size
+ paper_size=$1