diff options
author | lofi <lofi@FreeBSD.org> | 2005-08-15 18:02:35 +0000 |
---|---|---|
committer | lofi <lofi@FreeBSD.org> | 2005-08-15 18:02:35 +0000 |
commit | f773576b38cb83c3f319c27a288edec1181314cf (patch) | |
tree | cc95afe0655451afb3b672f724c159089098d1ea /misc | |
parent | fb04bc67d452cccede98ec7878d1628895a7f02f (diff) | |
download | FreeBSD-ports-f773576b38cb83c3f319c27a288edec1181314cf.zip FreeBSD-ports-f773576b38cb83c3f319c27a288edec1181314cf.tar.gz |
Patch insecure tempfile handling issue in langen2kvtmlx (kvoctrain).
Security: CAN-2005-2101
Security: http://www.kde.org/info/security/advisory-20050815-1.txt
Security: langen2kvtml uses known filenames in /tmp which allow a
local attacker to overwrite files writeable by the
user (manually) invoking the conversion script.
Approved by: portmgr (marcus)
Diffstat (limited to 'misc')
-rw-r--r-- | misc/kdeedu3/Makefile | 1 | ||||
-rw-r--r-- | misc/kdeedu3/files/patch-post-3.4.2-kdeedu.diff | 63 | ||||
-rw-r--r-- | misc/kdeedu4/Makefile | 1 | ||||
-rw-r--r-- | misc/kdeedu4/files/patch-post-3.4.2-kdeedu.diff | 63 |
4 files changed, 128 insertions, 0 deletions
diff --git a/misc/kdeedu3/Makefile b/misc/kdeedu3/Makefile index 4752b89..28284db 100644 --- a/misc/kdeedu3/Makefile +++ b/misc/kdeedu3/Makefile @@ -7,6 +7,7 @@ PORTNAME= kdeedu PORTVERSION= ${KDE_VERSION} +PORTREVISION= 1 CATEGORIES?= misc kde MASTER_SITES= ${MASTER_SITE_KDE} MASTER_SITE_SUBDIR= stable/${PORTVERSION:S/.0//}/src diff --git a/misc/kdeedu3/files/patch-post-3.4.2-kdeedu.diff b/misc/kdeedu3/files/patch-post-3.4.2-kdeedu.diff new file mode 100644 index 0000000..1d75c63 --- /dev/null +++ b/misc/kdeedu3/files/patch-post-3.4.2-kdeedu.diff @@ -0,0 +1,63 @@ +Index: kvoctrain/kvoctrain/langen2kvtml +=================================================================== +--- kvoctrain/kvoctrain/langen2kvtml (revision 443975) ++++ kvoctrain/kvoctrain/langen2kvtml (working copy) +@@ -89,6 +89,9 @@ + + require "flush.pl"; + use Getopt::Long; ++use File::Temp qw(tempdir); ++my $tmpdir = tempdir(TEMPDIR => 1, CLEANUP => 1 ); ++ + $/="\r\n"; # we work with dos files + + # +@@ -165,10 +168,6 @@ + $country="GB"; + } + +-# All logging information goes into this file +-$logfile = "/tmp/langen2kvtml.log"; +-open(LOG, ">$logfile") || die "Cannot create $logfile: $!"; +- + &printflush(STDOUT,"Waiting for generating files ...\n"); + $tmp1=$#ARGV+1; + &printflush(STDOUT,"... $tmp1 files given via command line ...\n"); +@@ -178,13 +177,11 @@ + if ($proxy) { + &printflush(STDOUT,"... using proxy service $proxy ...\n"); + } +- `lwp-request $proxy http://www.vokabeln.de/files/Voc-$country.zip >/tmp/Voc-$country.zip`; +- # unzip -u update only! +- # unzip -o overwrite! +- `unzip -u /tmp/Voc-$country.zip >/tmp/unzip.log`; ++ `lwp-request $proxy http://www.vokabeln.de/files/Voc-$country.zip >$tmpdir/Voc-$country.zip`; + &printflush(STDOUT,"... updating Voc-$country.zip ...\n"); + $/="\n"; # we work with a unix file +- open(ZIP,"</tmp/unzip.log"); ++ # unzip -u update only! ++ open(ZIP,"unzip -u $tmpdir/Voc-$country.zip |"); + while(<ZIP>) { + chomp; + if( /voc/ ) { +@@ -194,20 +191,16 @@ + } + } + close(ZIP); +- unlink("/tmp/unzip.log"); + $/="\r\n"; # we work with a dos file + } + + for my $file (@res, @ARGV) { + $vocfile = $file; +- &printflush(LOG,"... generating \"$kvtfile\"...\n"); + $lang = ""; # initially unset + $filestage = 0; # file stage + &process_vocfile($vocfile); + } + print STDERR "...\tAll Complete.\n"; +-&printflush(LOG,"\nAll Complete.\n"); +-close(LOG); + + exit; + diff --git a/misc/kdeedu4/Makefile b/misc/kdeedu4/Makefile index 4752b89..28284db 100644 --- a/misc/kdeedu4/Makefile +++ b/misc/kdeedu4/Makefile @@ -7,6 +7,7 @@ PORTNAME= kdeedu PORTVERSION= ${KDE_VERSION} +PORTREVISION= 1 CATEGORIES?= misc kde MASTER_SITES= ${MASTER_SITE_KDE} MASTER_SITE_SUBDIR= stable/${PORTVERSION:S/.0//}/src diff --git a/misc/kdeedu4/files/patch-post-3.4.2-kdeedu.diff b/misc/kdeedu4/files/patch-post-3.4.2-kdeedu.diff new file mode 100644 index 0000000..1d75c63 --- /dev/null +++ b/misc/kdeedu4/files/patch-post-3.4.2-kdeedu.diff @@ -0,0 +1,63 @@ +Index: kvoctrain/kvoctrain/langen2kvtml +=================================================================== +--- kvoctrain/kvoctrain/langen2kvtml (revision 443975) ++++ kvoctrain/kvoctrain/langen2kvtml (working copy) +@@ -89,6 +89,9 @@ + + require "flush.pl"; + use Getopt::Long; ++use File::Temp qw(tempdir); ++my $tmpdir = tempdir(TEMPDIR => 1, CLEANUP => 1 ); ++ + $/="\r\n"; # we work with dos files + + # +@@ -165,10 +168,6 @@ + $country="GB"; + } + +-# All logging information goes into this file +-$logfile = "/tmp/langen2kvtml.log"; +-open(LOG, ">$logfile") || die "Cannot create $logfile: $!"; +- + &printflush(STDOUT,"Waiting for generating files ...\n"); + $tmp1=$#ARGV+1; + &printflush(STDOUT,"... $tmp1 files given via command line ...\n"); +@@ -178,13 +177,11 @@ + if ($proxy) { + &printflush(STDOUT,"... using proxy service $proxy ...\n"); + } +- `lwp-request $proxy http://www.vokabeln.de/files/Voc-$country.zip >/tmp/Voc-$country.zip`; +- # unzip -u update only! +- # unzip -o overwrite! +- `unzip -u /tmp/Voc-$country.zip >/tmp/unzip.log`; ++ `lwp-request $proxy http://www.vokabeln.de/files/Voc-$country.zip >$tmpdir/Voc-$country.zip`; + &printflush(STDOUT,"... updating Voc-$country.zip ...\n"); + $/="\n"; # we work with a unix file +- open(ZIP,"</tmp/unzip.log"); ++ # unzip -u update only! ++ open(ZIP,"unzip -u $tmpdir/Voc-$country.zip |"); + while(<ZIP>) { + chomp; + if( /voc/ ) { +@@ -194,20 +191,16 @@ + } + } + close(ZIP); +- unlink("/tmp/unzip.log"); + $/="\r\n"; # we work with a dos file + } + + for my $file (@res, @ARGV) { + $vocfile = $file; +- &printflush(LOG,"... generating \"$kvtfile\"...\n"); + $lang = ""; # initially unset + $filestage = 0; # file stage + &process_vocfile($vocfile); + } + print STDERR "...\tAll Complete.\n"; +-&printflush(LOG,"\nAll Complete.\n"); +-close(LOG); + + exit; + |