On Tue, Oct 26, 2004 at 10:04:03AM +0200, Martin Pitt wrote:
> I just prepared and uploaded an updated Ubuntu package. I checked all
> scripts for tempfile vulnerabilities. I completely replaced the broken
> 01_fix_insecure_tmpfile (which only dealt with ps2epsi) with better
> patches for ps2epsi and pv.sh.
>
> The updated dpatch and changelog entry are in our bug tracking system:
> https://bugzilla.ubuntulinux.org/show_bug.cgi?id=2744
I've uploaded a NMU for this:
diff -Naur gs-common-0.3.6.bak/debian/changelog gs-common-0.3.6/debian/changelog
--- gs-common-0.3.6.bak/debian/changelog 2004-10-29 00:29:56.000000000 +0200
+++ gs-common-0.3.6/debian/changelog 2004-10-29 00:37:35.000000000 +0200
@@ -1,3 +1,12 @@
+gs-common (0.3.6-0.1) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * Include new 01_fix_insecure_tmpfile.dpatch from
+ Martin Pitt <email address hidden> which fixes some more issues
+ (Closes: #278282)
+
+ -- Frank Lichtenheld <email address hidden> Fri, 29 Oct 2004 00:35:34 +0200
+
gs-common (0.3.6) unstable; urgency=low
* Build-Depends -> Build-Depends-Indep
diff -Naur gs-common-0.3.6.bak/debian/patches/01_fix_insecure_tmpfile.dpatch gs-common-0.3.6/debian/patches/01_fix_insecure_tmpfile.dpatch
--- gs-common-0.3.6.bak/debian/patches/01_fix_insecure_tmpfile.dpatch 2004-05-05 08:16:39.000000000 +0200
+++ gs-common-0.3.6/debian/patches/01_fix_insecure_tmpfile.dpatch 2004-10-29 00:42:51.000000000 +0200
@@ -1,44 +1,61 @@
#! /bin/sh -e
-## 01_fix_insecure_tmpfile.dpatch by Masayuki Hatta <email address hidden>
+## 01_fix_insecure_tmpfile.dpatch by Martin Pitt <email address hidden>
##
-## All lines beginning with \`## DP:' are a description of the patch.
-## DP: Fixes insecure /tmp usage (See Bug#173237)
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: fix insecure temporary file creations
+## DP: CAN-2004-0967
+## DP: Debian bug #278282
+## DP: Ubuntu Warty bug #2744
On Tue, Oct 26, 2004 at 10:04:03AM +0200, Martin Pitt wrote: insecure_ tmpfile (which only dealt with ps2epsi) with better /bugzilla. ubuntulinux. org/show_ bug.cgi? id=2744
> I just prepared and uploaded an updated Ubuntu package. I checked all
> scripts for tempfile vulnerabilities. I completely replaced the broken
> 01_fix_
> patches for ps2epsi and pv.sh.
>
> The updated dpatch and changelog entry are in our bug tracking system:
> https:/
I've uploaded a NMU for this:
diff -Naur gs-common- 0.3.6.bak/ debian/ changelog gs-common- 0.3.6/debian/ changelog 0.3.6.bak/ debian/ changelog 2004-10-29 00:29:56.000000000 +0200 0.3.6/debian/ changelog 2004-10-29 00:37:35.000000000 +0200 insecure_ tmpfile. dpatch from
--- gs-common-
+++ gs-common-
@@ -1,3 +1,12 @@
+gs-common (0.3.6-0.1) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * Include new 01_fix_
+ Martin Pitt <email address hidden> which fixes some more issues
+ (Closes: #278282)
+
+ -- Frank Lichtenheld <email address hidden> Fri, 29 Oct 2004 00:35:34 +0200
+
gs-common (0.3.6) unstable; urgency=low
* Build-Depends -> Build-Depends-Indep 0.3.6.bak/ debian/ patches/ 01_fix_ insecure_ tmpfile. dpatch gs-common- 0.3.6/debian/ patches/ 01_fix_ insecure_ tmpfile. dpatch 0.3.6.bak/ debian/ patches/ 01_fix_ insecure_ tmpfile. dpatch 2004-05-05 08:16:39.000000000 +0200 0.3.6/debian/ patches/ 01_fix_ insecure_ tmpfile. dpatch 2004-10-29 00:42:51.000000000 +0200 insecure_ tmpfile. dpatch by Masayuki Hatta <email address hidden> insecure_ tmpfile. dpatch by Martin Pitt <email address hidden>
diff -Naur gs-common-
--- gs-common-
+++ gs-common-
@@ -1,44 +1,61 @@
#! /bin/sh -e
-## 01_fix_
+## 01_fix_
##
-## All lines beginning with \`## DP:' are a description of the patch.
-## DP: Fixes insecure /tmp usage (See Bug#173237)
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: fix insecure temporary file creations
+## DP: CAN-2004-0967
+## DP: Debian bug #278282
+## DP: Ubuntu Warty bug #2744
-if [ $# -ne 1 ]; then patches/ 00patch- opts ] && . debian/ patches/ 00patch- opts opts="$ {patch_ opts:-- f --no-backup- if-mismatch} ${2:+-d $2}" if-mismatch --dry-run -p1 < $0 && patch -f --no-backup- if-mismatch -p1 < $0 if-mismatch -R -p1 < $0;;
- echo >&2 "`basename $0`: script expects -patch|-unpatch as argument"
+if [ $# -lt 1 ]; then
+ echo "`basename $0`: script expects -patch|-unpatch as argument" >&2
exit 1
fi
+
+[ -f debian/
+patch_
+
case "$1" in
- -patch) patch -f --no-backup-
-;;
- -unpatch) patch -f --no-backup-
- *)
- echo >&2 "`basename $0`: script expects -patch|-unpatch as argument"
- exit 1;;
+ -patch) patch -p1 ${patch_opts} < $0;;
+ -unpatch) patch -R -p1 ${patch_opts} < $0;;
+ *)
+ echo "`basename $0`: script expects -patch|-unpatch as argument" >&2
+ exit 1;;
esac
exit 0
-diff -urN gs-common- 0.3.3.2. orig/scripts/ ps2epsi gs-common- 0.3.3.2/ scripts/ ps2epsi 0.3.3.2. orig/scripts/ ps2epsi 2004-03-24 12:12:48.000000000 +0900 0.3.3.2/ scripts/ ps2epsi 2004-03-24 12:15:53.000000000 +0900 0.3.6ubuntu1/ scripts/ ps2epsi gs-common- 0.3.6ubuntu1/ scripts/ ps2epsi 0.3.6ubuntu1/ scripts/ ps2epsi 2004-05-05 08:16:39.000000000 +0200 0.3.6ubuntu1/ scripts/ ps2epsi 2004-10-26 09:21:07.000000000 +0200 278282. patch,v 1.1 2004/10/28 22:50:59 djpig Exp $
---- gs-common-
-+++ gs-common-
-@@ -1,7 +1,9 @@
+@DPATCH@
+diff -urNad gs-common-
+--- gs-common-
++++ gs-common-
+@@ -1,7 +1,7 @@
#!/bin/sh
# $Id: gs-common.
-tmpfile= /tmp/ps2epsi$ $ /tmp/ps2epsi$ $ $tmpdir/ tmp
-+tmpdir=
-+tmpfile=
-+mkdir -m 700 $tmpdir || { echo "Cannot create $tmpdir"; exit 1; }
++tmpfile=`mktemp -t ps2epsiXXXXXX` || exit 1
export outfile
-@@ -52,7 +54,7 @@ LOGNAME" F=1 - F=2 "${infile}" >$tmpfile /dev/null $tmpfile ps2epsi.ps $tmpfile <"${infile}" 1>&2 0.3.6ubuntu1/ scripts/ pv.sh gs-common- 0.3.6ubuntu1/ scripts/ pv.sh 0.3.6ubuntu1/ scripts/ pv.sh 2004-05-05 08:16:39.000000000 +0200 0.3.6ubuntu1/ scripts/ pv.sh 2004-10-26 09:30:39.000000000 +0200 $FILE.$ $.pv" 0 1 2 15
- ' U="$USERNAME$
-
- gs -q -dNOPAUSE -dSAFER -dDELAYSAFER -r72 -sDEVICE=bit -sOutputFile=
--rm -f $tmpfile
-+rm -rf $tmpdir
-
- (
- cat << BEGINEPS
+diff -urNad gs-common-
+--- gs-common-
++++ gs-common-
+@@ -25,13 +25,13 @@
+ # are held on the system." So we have deleted this line, and also removed
+ # the -D switch from the call of dvips below.
+ #
+-TEMPDIR=.
++TEMPFILE=`mktemp ${FILE}XXXXXX` || exit 1
+ PAGE=$1
+ shift
+ FILE=$1
+ shift
+-trap "rm -rf $TEMPDIR/
++trap "rm -f $TEMPFILE" 0 1 2 15
+ #dvips -D$RESOLUTION -p $PAGE -n 1 $FILE $* -o $FILE.$$.pv
+-dvips -p $PAGE -n 1 $FILE $* -o $FILE.$$.pv
+-gs $FILE.$$.pv
++dvips -p $PAGE -n 1 $FILE $* -o $TEMPFILE
++gs $TEMPFILE
+ exit 0
-- www.djpig. de/
Frank Lichtenheld <email address hidden>
www: http://