Ubuntu
gs-common package

Bug #9447
Comment #11

Comment 11 for bug 9447

Revision history for this message

In Debian Bug tracker #278282, Frank Lichtenheld (djpig) wrote on 2004-10-31: Re: Bug#278282: Patch

#11

On Tue, Oct 26, 2004 at 10:04:03AM +0200, Martin Pitt wrote:
> I just prepared and uploaded an updated Ubuntu package. I checked all
> scripts for tempfile vulnerabilities. I completely replaced the broken
> 01_fix_insecure_tmpfile (which only dealt with ps2epsi) with better
> patches for ps2epsi and pv.sh.
>
> The updated dpatch and changelog entry are in our bug tracking system:
> https://bugzilla.ubuntulinux.org/show_bug.cgi?id=2744

I've uploaded a NMU for this:

* Build-Depends -> Build-Depends-Indep
diff -Naur gs-common-0.3.6.bak/debian/patches/01_fix_insecure_tmpfile.dpatch gs-common-0.3.6/debian/patches/01_fix_insecure_tmpfile.dpatch
--- gs-common-0.3.6.bak/debian/patches/01_fix_insecure_tmpfile.dpatch 2004-05-05 08:16:39.000000000 +0200
+++ gs-common-0.3.6/debian/patches/01_fix_insecure_tmpfile.dpatch 2004-10-29 00:42:51.000000000 +0200
@@ -1,44 +1,61 @@
#! /bin/sh -e
-## 01_fix_insecure_tmpfile.dpatch by Masayuki Hatta <email address hidden>
+## 01_fix_insecure_tmpfile.dpatch by Martin Pitt <email address hidden>
##
-## All lines beginning with \`## DP:' are a description of the patch.
-## DP: Fixes insecure /tmp usage (See Bug#173237)
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: fix insecure temporary file creations
+## DP: CAN-2004-0967
+## DP: Debian bug #278282
+## DP: Ubuntu Warty bug #2744

-if [ $# -ne 1 ]; then
- echo >&2 "`basename $0`: script expects -patch|-unpatch as argument"
+if [ $# -lt 1 ]; then
+ echo "`basename $0`: script expects -patch|-unpatch as argument" >&2
exit 1
fi
+
+[ -f debian/patches/00patch-opts ] && . debian/patches/00patch-opts
+patch_opts="${patch_opts:--f --no-backup-if-mismatch} ${2:+-d $2}"
+
case "$1" in
- -patch) patch -f --no-backup-if-mismatch --dry-run -p1 < $0 && patch -f --no-backup-if-mismatch -p1 < $0
-;;
- -unpatch) patch -f --no-backup-if-mismatch -R -p1 < $0;;
- *)
- echo >&2 "`basename $0`: script expects -patch|-unpatch as argument"
- exit 1;;
+ -patch) patch -p1 ${patch_opts} < $0;;
+ -unpatch) patch -R -p1 ${patch_opts} < $0;;
+ *)
+ echo "`basename $0`: script expects -patch|-unpatch as argument" >&2
+ exit 1;;
esac

exit 0

-diff -urN gs-common-0.3.3.2.orig/scripts/ps2epsi gs-common-0.3.3.2/scripts/ps2epsi
---- gs-common-0.3.3.2.orig/scripts/ps2epsi 2004-03-24 12:12:48.000000000 +0900
-+++ gs-common-0.3.3.2/scripts/ps2epsi 2004-03-24 12:15:53.000000000 +0900
-@@ -1,7 +1,9 @@
+@DPATCH@
+diff -urNad gs-common-0.3.6ubuntu1/scripts/ps2epsi gs-common-0.3.6ubuntu1/scripts/ps2epsi
+--- gs-common-0.3.6ubuntu1/scripts/ps2epsi 2004-05-05 08:16:39.000000000 +0200
++++ gs-common-0.3.6ubuntu1/scripts/ps2epsi 2004-10-26 09:21:07.000000000 +0200
+@@ -1,7 +1,7 @@
#!/bin/sh
# $Id: gs-common.278282.patch,v 1.1 2004/10/28 22:50:59 djpig Exp $

-tmpfile=/tmp/ps2epsi$$
-+tmpdir=/tmp/ps2epsi$$
-+tmpfile=$tmpdir/tmp
-+mkdir -m 700 $tmpdir || { echo "Cannot create $tmpdir"; exit 1; }
++tmpfile=`mktemp -t ps2epsiXXXXXX` || exit 1

export outfile

-@@ -52,7 +54,7 @@
- ' U="$USERNAME$LOGNAME" F=1 - F=2 "${infile}" >$tmpfile
-
- gs -q -dNOPAUSE -dSAFER -dDELAYSAFER -r72 -sDEVICE=bit -sOutputFile=/dev/null $tmpfile ps2epsi.ps $tmpfile <"${infile}" 1>&2
--rm -f $tmpfile
-+rm -rf $tmpdir
-
- (
- cat << BEGINEPS
+diff -urNad gs-common-0.3.6ubuntu1/scripts/pv.sh gs-common-0.3.6ubuntu1/scripts/pv.sh
+--- gs-common-0.3.6ubuntu1/scripts/pv.sh 2004-05-05 08:16:39.000000000 +0200
++++ gs-common-0.3.6ubuntu1/scripts/pv.sh 2004-10-26 09:30:39.000000000 +0200
+@@ -25,13 +25,13 @@
+ # are held on the system." So we have deleted this line, and also removed
+ # the -D switch from the call of dvips below.
+ #
+-TEMPDIR=.
++TEMPFILE=`mktemp ${FILE}XXXXXX` || exit 1
+ PAGE=$1
+ shift
+ FILE=$1
+ shift
+-trap "rm -rf $TEMPDIR/$FILE.$$.pv" 0 1 2 15
++trap "rm -f $TEMPFILE" 0 1 2 15
+ #dvips -D$RESOLUTION -p $PAGE -n 1 $FILE $* -o $FILE.$$.pv
+-dvips -p $PAGE -n 1 $FILE $* -o $FILE.$$.pv
+-gs $FILE.$$.pv
++dvips -p $PAGE -n 1 $FILE $* -o $TEMPFILE
++gs $TEMPFILE
+ exit 0

--
Frank Lichtenheld <email address hidden>
www: http://www.djpig.de/

On Tue, Oct 26, 2004 at 10:04:03AM +0200, Martin Pitt wrote:
> I just prepared and uploaded an updated Ubuntu package. I checked all
> scripts for tempfile vulnerabilities. I completely replaced the broken
> 01_fix_insecure_tmpfile (which only dealt with ps2epsi) with better
> patches for ps2epsi and pv.sh.
> 
> The updated dpatch and changelog entry are in our bug tracking system:
> https://bugzilla.ubuntulinux.org/show_bug.cgi?id=2744

I've uploaded a NMU for this:

diff -Naur gs-common-0.3.6.bak/debian/changelog gs-common-0.3.6/debian/changelog
--- gs-common-0.3.6.bak/debian/changelog	2004-10-29 00:29:56.000000000 +0200
+++ gs-common-0.3.6/debian/changelog	2004-10-29 00:37:35.000000000 +0200
@@ -1,3 +1,12 @@
+gs-common (0.3.6-0.1) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * Include new 01_fix_insecure_tmpfile.dpatch from
+    Martin Pitt <mpitt@debian.org> which fixes some more issues
+    (Closes: #278282)
+
+ -- Frank Lichtenheld <djpig@debian.org>  Fri, 29 Oct 2004 00:35:34 +0200
+
 gs-common (0.3.6) unstable; urgency=low
 
   * Build-Depends -> Build-Depends-Indep
diff -Naur gs-common-0.3.6.bak/debian/patches/01_fix_insecure_tmpfile.dpatch gs-common-0.3.6/debian/patches/01_fix_insecure_tmpfile.dpatch
--- gs-common-0.3.6.bak/debian/patches/01_fix_insecure_tmpfile.dpatch	2004-05-05 08:16:39.000000000 +0200
+++ gs-common-0.3.6/debian/patches/01_fix_insecure_tmpfile.dpatch	2004-10-29 00:42:51.000000000 +0200
@@ -1,44 +1,61 @@
 #! /bin/sh -e
-## 01_fix_insecure_tmpfile.dpatch by Masayuki Hatta <mhatta@debian.org>
+## 01_fix_insecure_tmpfile.dpatch by Martin Pitt <mpitt@debian.org>
 ##
-## All lines beginning with \`## DP:' are a description of the patch.
-## DP: Fixes insecure /tmp usage (See Bug#173237)
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: fix insecure temporary file creations
+## DP: CAN-2004-0967
+## DP: Debian bug #278282
+## DP: Ubuntu Warty bug #2744
 
-if [ $# -ne 1 ]; then
-    echo >&2 "`basename $0`: script expects -patch|-unpatch as argument"
+if [ $# -lt 1 ]; then
+    echo "`basename $0`: script expects -patch|-unpatch as argument" >&2
     exit 1
 fi
+
+[ -f debian/patches/00patch-opts ] && . debian/patches/00patch-opts
+patch_opts="${patch_opts:--f --no-backup-if-mismatch} ${2:+-d $2}"
+
 case "$1" in
-        -patch) patch -f --no-backup-if-mismatch --dry-run -p1 < $0 && patch -f --no-backup-if-mismatch -p1 < $0
-;;
-        -unpatch) patch -f --no-backup-if-mismatch -R -p1 < $0;;
-        *)
-                echo >&2 "`basename $0`: script expects -patch|-unpatch as argument"
-                exit 1;;
+    -patch) patch -p1 ${patch_opts} < $0;;
+    -unpatch) patch -R -p1 ${patch_opts} < $0;;
+    *)
+        echo "`basename $0`: script expects -patch|-unpatch as argument" >&2
+        exit 1;;
 esac
 
 exit 0
 
-diff -urN gs-common-0.3.3.2.orig/scripts/ps2epsi gs-common-0.3.3.2/scripts/ps2epsi
---- gs-common-0.3.3.2.orig/scripts/ps2epsi	2004-03-24 12:12:48.000000000 +0900
-+++ gs-common-0.3.3.2/scripts/ps2epsi	2004-03-24 12:15:53.000000000 +0900
-@@ -1,7 +1,9 @@
+@DPATCH@
+diff -urNad gs-common-0.3.6ubuntu1/scripts/ps2epsi gs-common-0.3.6ubuntu1/scripts/ps2epsi
+--- gs-common-0.3.6ubuntu1/scripts/ps2epsi	2004-05-05 08:16:39.000000000 +0200
++++ gs-common-0.3.6ubuntu1/scripts/ps2epsi	2004-10-26 09:21:07.000000000 +0200
+@@ -1,7 +1,7 @@
  #!/bin/sh
  # $Id: gs-common.278282.patch,v 1.1 2004/10/28 22:50:59 djpig Exp $
  
 -tmpfile=/tmp/ps2epsi$$
-+tmpdir=/tmp/ps2epsi$$
-+tmpfile=$tmpdir/tmp
-+mkdir -m 700 $tmpdir || { echo "Cannot create $tmpdir"; exit 1; }
++tmpfile=`mktemp -t ps2epsiXXXXXX` || exit 1
  
  export outfile
  
-@@ -52,7 +54,7 @@
- 	' U="$USERNAME$LOGNAME"  F=1 - F=2 "${infile}" >$tmpfile
- 
- gs -q -dNOPAUSE -dSAFER -dDELAYSAFER -r72 -sDEVICE=bit -sOutputFile=/dev/null $tmpfile ps2epsi.ps $tmpfile <"${infile}" 1>&2
--rm -f $tmpfile
-+rm -rf $tmpdir
- 
- (
- cat << BEGINEPS
+diff -urNad gs-common-0.3.6ubuntu1/scripts/pv.sh gs-common-0.3.6ubuntu1/scripts/pv.sh
+--- gs-common-0.3.6ubuntu1/scripts/pv.sh	2004-05-05 08:16:39.000000000 +0200
++++ gs-common-0.3.6ubuntu1/scripts/pv.sh	2004-10-26 09:30:39.000000000 +0200
+@@ -25,13 +25,13 @@
+ # are held on the system."  So we have deleted this line, and also removed
+ # the -D switch from the call of dvips below.
+ #
+-TEMPDIR=.
++TEMPFILE=`mktemp ${FILE}XXXXXX` || exit 1
+ PAGE=$1
+ shift
+ FILE=$1
+ shift
+-trap "rm -rf $TEMPDIR/$FILE.$$.pv" 0 1 2 15
++trap "rm -f $TEMPFILE" 0 1 2 15
+ #dvips -D$RESOLUTION -p $PAGE -n 1 $FILE $* -o $FILE.$$.pv
+-dvips -p $PAGE -n 1 $FILE $* -o $FILE.$$.pv
+-gs $FILE.$$.pv
++dvips -p $PAGE -n 1 $FILE $* -o $TEMPFILE
++gs $TEMPFILE
+ exit 0

-- 
Frank Lichtenheld <djpig@debian.org>
www: http://www.djpig.de/

Ubuntugs-common package

Comment 11 for bug 9447

Ubuntu
gs-common package