[pkgsrc/trunk]: pkgsrc/textproc/antiword Security fix for CVE-2005-3126:

[salo <salo%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/6383d53aa344
branches:  trunk
changeset: 506877:6383d53aa344
user:      salo <salo%pkgsrc.org@localhost>
date:      Mon Jan 23 14:23:56 2006 +0000

description:
Security fix for CVE-2005-3126:

"The kantiword script in antiword allow local users to overwrite arbitrary
files via a symlink attack on temporary output and error files."

Replace the naive mktemp usage with something that actually works.

diffstat:

 textproc/antiword/Makefile         |   5 ++-
 textproc/antiword/distinfo         |   3 +-
 textproc/antiword/patches/patch-ab |  58 ++++++++++++++++++++++++++++++++++++++
 3 files changed, 64 insertions(+), 2 deletions(-)

diffs (96 lines):

diff -r a44eddbaf187 -r 6383d53aa344 textproc/antiword/Makefile
--- a/textproc/antiword/Makefile        Mon Jan 23 14:19:08 2006 +0000
+++ b/textproc/antiword/Makefile        Mon Jan 23 14:23:56 2006 +0000
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.17 2005/11/14 23:04:13 wiz Exp $
+# $NetBSD: Makefile,v 1.18 2006/01/23 14:23:56 salo Exp $
 #
 
 DISTNAME=      antiword-0.37
+PKGREVISION=   1
 CATEGORIES=    textproc converters print
 MASTER_SITES=  http://www.winfield.demon.nl/linux/
 
@@ -11,6 +12,8 @@
 
 CONFLICTS=     siag-[0-9]*
 
+USE_TOOLS+=    mktemp:run
+
 CFLAGS.SunOS+= -D__STDC_ISO_10646__
 
 post-patch:
diff -r a44eddbaf187 -r 6383d53aa344 textproc/antiword/distinfo
--- a/textproc/antiword/distinfo        Mon Jan 23 14:19:08 2006 +0000
+++ b/textproc/antiword/distinfo        Mon Jan 23 14:23:56 2006 +0000
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.16 2005/11/14 23:04:13 wiz Exp $
+$NetBSD: distinfo,v 1.17 2006/01/23 14:23:56 salo Exp $
 
 SHA1 (antiword-0.37.tar.gz) = 4364f7f99cb2d37f7d1d5bc14a335ccc0c67292e
 RMD160 (antiword-0.37.tar.gz) = 506ca4a7a7fa9fd4574092798a7fffacd9a3a0a0
 Size (antiword-0.37.tar.gz) = 317884 bytes
 SHA1 (patch-aa) = 27cd582ced9822bbaefddd73d2fe2ba6c904ae1f
+SHA1 (patch-ab) = 554f2f2d9dfdc06a5cd8869488043b62fb32108d
diff -r a44eddbaf187 -r 6383d53aa344 textproc/antiword/patches/patch-ab
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/textproc/antiword/patches/patch-ab        Mon Jan 23 14:23:56 2006 +0000
@@ -0,0 +1,58 @@
+$NetBSD: patch-ab,v 1.11 2006/01/23 14:23:56 salo Exp $
+
+Security fix for CVE-2005-3126.
+
+--- kantiword.orig     2004-11-19 20:39:38.000000000 +0100
++++ kantiword  2006-01-23 15:14:55.000000000 +0100
+@@ -1,4 +1,3 @@
+-#!/bin/bash
+ #!/bin/sh
+ #
+ # Script to make drag and drop in KDE possible
+@@ -10,41 +9,12 @@
+       exit 0
+ fi
+ 
+-# Determine the temp directory
+-if [ -d "$TMPDIR" ] && [ -w "$TMPDIR" ]
+-then
+-      tmp_dir=$TMPDIR
+-elif [ -d "$TEMP" ] && [ -w "$TEMP" ]
+-then
+-      tmp_dir=$TEMP
+-else
+-      tmp_dir="/tmp"
+-fi                        
+-
+ # Try to create the temp files in a secure way
+-if [ -x /bin/tempfile ]
+-then
+-      out_file=`/bin/tempfile -d "$tmp_dir" -p antiword -s ".ps"` || exit 1
+-      err_file=`/bin/tempfile -d "$tmp_dir" -p antiword -s ".err"`
+-      if [ $? -ne 0 ]
+-      then
+-              rm -f "$out_file"
+-              exit 1
+-      fi
+-elif [ -x /bin/mktemp ]
+-then
+-      out_file=`/bin/mktemp -q -p "$tmp_dir" antiword.ps.XXXXXXXXX` || exit 1
+-      err_file=`/bin/mktemp -q -p "$tmp_dir" antiword.err.XXXXXXXXX`
+-      if [ $? -ne 0 ]
+-      then
+-              rm -f "$out_file"
+-              exit 1
+-      fi
+-else
+-      # Creating the temp files in an un-secure way
+-      out_file=$tmp_dir"/antiword.$$.ps"
+-      err_file=$tmp_dir"/antiword.$$.err"
+-fi
++out_file=`mktemp -q -t ${0##*/}.ps.XXXXXXXXX` || \
++      { echo "$0: Cannot create temporary file" >&2; exit 1; }
++err_file=`mktemp -q -t ${0##*/}.err.XXXXXXXXX` || \
++      { echo "$0: Cannot create temporary file" >&2; exit 1; }
++trap "rm -f -- \"$out_file\" \"$err_file\"" 0 1 2 3 13 15
+ 
+ # Determine the paper size
+ paper_size=$1