Security fixes by Martin Väth for bug #252734

Package-Manager: portage-2.2_rc22/cvs/Linux 2.6.28 x86_64

4 files changed, 229 insertions, 6 deletions

diff --git a/app-text/pdfjam/ChangeLog b/app-text/pdfjam/ChangeLog
index bf31a8d20ee0..41dc7dbded2f 100644
--- a/app-text/pdfjam/ChangeLog
+++ b/app-text/pdfjam/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for app-text/pdfjam
-# Copyright 1999-2008 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-text/pdfjam/ChangeLog,v 1.16 2008/06/10 18:28:54 aballier Exp $
+# Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/app-text/pdfjam/ChangeLog,v 1.17 2009/01/15 07:06:20 aballier Exp $
+
+*pdfjam-1.20-r1 (15 Jan 2009)
+
+  15 Jan 2009; Alexis Ballier <aballier@gentoo.org>
+  +files/pdfjam-1.20-security.patch, +pdfjam-1.20-r1.ebuild:
+  Security fixes by Martin Väth for bug #252734
 
   10 Jun 2008; Alexis Ballier <aballier@gentoo.org> -pdfjam-1.10.ebuild:
   remove old
diff --git a/app-text/pdfjam/Manifest b/app-text/pdfjam/Manifest
index 9434bc875fbf..44b4b23b8a5e 100644
--- a/app-text/pdfjam/Manifest
+++ b/app-text/pdfjam/Manifest
@@ -1,14 +1,16 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA1
 
+AUX pdfjam-1.20-security.patch 5174 RMD160 580f859f20edd07aba640899643aa98fd583557a SHA1 dd9b5f74bb873079f77fe02016c4949e5442076a SHA256 55b340a06abf0fa767cc85436f5586c793435e5ec85a8111fac7568eb31655d2
 DIST pdfjam_1.20.tgz 52814 RMD160 822eef552d77e0cc590d5140e2ef46baf6ec577e SHA1 4219ebcd09cbd4b31ee6b3d45645ef5ac22aeae4 SHA256 c9773533b5b9a6692f5d5d28d414f2f0f664461ec581bd762c019a554fafe315
+EBUILD pdfjam-1.20-r1.ebuild 996 RMD160 45abbc85e63b30aef0bf4c09b7c943ea7caa9c13 SHA1 c4b615fd285376e01e4011a551690c6950260b4e SHA256 b9e2fee25576a897ab653cd49f3e950c89229cc62943c211d162b98b335acc44
 EBUILD pdfjam-1.20.ebuild 890 RMD160 82a34d0989b1d8ca85974fb727ec3fbbf45c4f15 SHA1 c7b30757d5ce638c58161b0098fb52e5078d791c SHA256 20888d0a78b51bdfa8491c858977da0cb35f03c8b4b459f1e04d6516ee7ba5bd
-MISC ChangeLog 1870 RMD160 0d63d4095fb6d9cf7e4ca390f5007f129c26ae3c SHA1 aaca2dd9afb2fdb57be58f18a01425973e43aeca SHA256 c01e27a203a2ded795e21f471b9c4aff5790580f7bfc5bf097fb15db7fe0b13a
+MISC ChangeLog 2064 RMD160 861c4d33d218ba86862cce2bdf94cedba1c58a13 SHA1 4d6e43b61eab5c38d95ea159b41ec3b77a94457e SHA256 4911408c8e75ff3243e560e0825fef31ceb1d076647b28b1217711cfd8448efe
 MISC metadata.xml 157 RMD160 e666a9e73ee48e70d6fc6ea78049d38b1fcde7c2 SHA1 43a0c32101f0c6ffd8fa1aa620c8032d194a9e3a SHA256 18238fb417d8677a0495cdaba9b043526174ba63b51494b88b10aa7dd903124c
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.9 (GNU/Linux)
 
-iEYEARECAAYFAkhOyA8ACgkQvFcC4BYPU0olDQCdHzE24K8jWLQbNWXyFybV9Uhn
-TFcAn2zgjxZa0oUtTEwrf002754t12z/
-=DyeV
+iEYEARECAAYFAklu4HEACgkQvFcC4BYPU0r7PACfdDnD9rUdpCrBgLP2w01aBbxR
+L5AAoLrdYBOvNVTzgjOhO3TijgPp/7mc
+=u55R
 -----END PGP SIGNATURE-----
diff --git a/app-text/pdfjam/files/pdfjam-1.20-security.patch b/app-text/pdfjam/files/pdfjam-1.20-security.patch
new file mode 100644
index 000000000000..9c607884ecd4
--- /dev/null
+++ b/app-text/pdfjam/files/pdfjam-1.20-security.patch
@@ -0,0 +1,179 @@
+By Martin Väth, vaeth@mathematik.uni-wuerzburg.de
+
+CVE-2008-5743 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5743):
+  pdfjam creates the (1) pdf90, (2) pdfjoin, and (3) pdfnup files with
+  a predictable name, which allows local users to overwrite arbitrary
+  files via a symlink attack.
+
+
+Actually there is a much more severe security issue in pdfjam:
+In the default setting it puts the current directory into PATH (because
+pdflatex has an empty dirname which is put at the beginning of PATH).
+
+The attached patch fixes both security issues, for simplicity requiring that
+"mktemp -d" is available and working.
+
+In addition, it replaces the non-POSIX "source" by ".": Since the scripts are
+#!/bin/sh and not #!/bin/bash the should be at least POSIX-conformal (these
+scripts would otherwise break in gentoo if /bin/sh is a symlink to dash).
+
+Name:      CVE-2008-5843
+URL:       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5843
+Published: 2009-01-05
+Severity:  Medium
+Description:
+
+Multiple untrusted search path vulnerabilities in pdfjam allow local
+users to gain privileges via a Trojan horse program in (1) the current
+working directory or (2) /var/tmp, related to the (a) pdf90, (b)
+pdfjoin, and (c) pdfnup scripts.
+
+
+
+https://bugs.gentoo.org/show_bug.cgi?id=252734
+
+--- scripts/pdf90
++++ scripts/pdf90
+@@ -43,12 +43,12 @@
+ for d in /etc /usr/share/etc /usr/local/share /usr/local/etc
+ do if test -f $d/pdfnup.conf; then
+    echo "Reading site configuration from $d/pdfnup.conf"
+-   source $d/pdfnup.conf
++   . $d/pdfnup.conf
+    fi 
+ done
+ if test -f ~/.pdfnup.conf; then 
+    echo "Reading user defaults from ~/.pdfnup.conf";
+-   source ~/.pdfnup.conf; 
++   . ~/.pdfnup.conf; 
+ fi
+ #######################################################################
+ ##
+@@ -71,8 +71,8 @@
+ ##
+ ##  Check that necessary LaTeX packages are installed
+ ##
+-PATH=`dirname "$pdflatex"`:$PATH
+-export PATH
++modifyPath="${pdflatex%/*}"
++[ -n "$modifyPath" ] && export PATH="$modifyPath:$PATH"
+ case `kpsewhich pdfpages.sty` in
+ 	"") echo "pdf90: pdfpages.sty not installed"; exit 1;;
+ esac
+@@ -136,6 +136,19 @@
+ ##
+ ##  That's the arguments done.
+ ##
++
++mkTempDir=''
++trap 'test -n "$mkTempDir" && test -d "$mkTempDir" && \
++	rm -rf -- "$mkTempDir" && mkTempDir=""; \
++	trap - EXIT HUP INT TERM' EXIT HUP INT TERM
++if ! command -v mktemp >/dev/null 2>&1 || \
++	! mkTempDir=`mktemp -d -- "$tempfileDir/pdf90.XXXXXX"`
++then
++	echo "pdf90: cannot create temporary directory"
++	exit 2
++fi
++tempfileDir=$mkTempDir
++
+ ##
+ ##  Now work on the input file (or files in turn)
+ ##
+--- scripts/pdfjoin
++++ scripts/pdfjoin
+@@ -50,12 +50,12 @@
+ for d in /etc /usr/share/etc /usr/local/share /usr/local/etc
+ do if test -f $d/pdfnup.conf; then
+    echo "Reading site configuration from $d/pdfnup.conf"
+-   source $d/pdfnup.conf
++   . $d/pdfnup.conf
+    fi 
+ done
+ if test -f ~/.pdfnup.conf; then 
+    echo "Reading user defaults from ~/.pdfnup.conf";
+-   source ~/.pdfnup.conf; 
++   . ~/.pdfnup.conf; 
+ fi
+ #######################################################################
+ ##
+@@ -99,8 +99,8 @@
+ ##
+ ##  Check that necessary LaTeX packages are installed
+ ##
+-PATH=`dirname "$pdflatex"`:$PATH
+-export PATH
++modifyPath="${pdflatex%/*}"
++[ -n "$modifyPath" ] && export PATH="$modifyPath:$PATH"
+ case `kpsewhich pdfpages.sty` in
+ 	"") echo "pdfjoin: pdfpages.sty not installed"; exit 1;;
+ esac
+@@ -171,6 +171,19 @@
+ ##
+ ##  That's the arguments done.
+ ##
++
++mkTempDir=''
++trap 'test -n "$mkTempDir" && test -d "$mkTempDir" && \
++	rm -rf -- "$mkTempDir" && mkTempDir=""; \
++	trap - EXIT HUP INT TERM' EXIT HUP INT TERM
++if ! command -v mktemp >/dev/null 2>&1 || \
++	! mkTempDir=`mktemp -d -- "$tempfileDir/pdfjoin.XXXXXX"`
++then
++	echo "pdfjoin: cannot create temporary directory"
++	exit 2
++fi
++tempfileDir=$mkTempDir
++
+ ##
+ ##  Now work on the input files
+ ##
+--- scripts/pdfnup
++++ scripts/pdfnup
+@@ -57,12 +57,12 @@
+ for d in /etc /usr/share/etc /usr/local/share /usr/local/etc
+ do if test -f $d/pdfnup.conf; then
+      echo "Reading site configuration from $d/pdfnup.conf"
+-     source $d/pdfnup.conf
++     . $d/pdfnup.conf
+    fi 
+ done
+ if test -f ~/.pdfnup.conf; then 
+    echo "Reading user defaults from ~/.pdfnup.conf";
+-   source ~/.pdfnup.conf; 
++   . ~/.pdfnup.conf; 
+ fi
+ #######################################################################
+ ##
+@@ -134,8 +134,8 @@
+ ##
+ ##  Check that necessary LaTeX packages are installed
+ ##
+-PATH=`dirname "$pdflatex"`:$PATH
+-export PATH
++modifyPath="${pdflatex%/*}"
++[ -n "$modifyPath" ] && export PATH="$modifyPath:$PATH"
+ case `kpsewhich pdfpages.sty` in
+ 	"") echo "pdfnup: pdfpages.sty not installed"; exit 1;;
+ esac
+@@ -232,6 +232,20 @@
+ ##
+ ##  That's the arguments done.
+ ##
++
++mkTempDir=''
++trap 'test -n "$mkTempDir" && test -d "$mkTempDir" && \
++	rm -rf -- "$mkTempDir" && mkTempDir=""; \
++	trap - EXIT HUP INT TERM' EXIT HUP INT TERM
++if ! command -v mktemp >/dev/null 2>&1 || \
++	! mkTempDir=`mktemp -d -- "$tempfileDir/pdfnup.XXXXXX"`
++then
++	echo "pdfnup: cannot create temporary directory"
++	exit 2
++fi
++tempfileDir=$mkTempDir
++
++##
+ ##  Next sort out paper orientation, if not specified
+ ##
+ x=`echo $nup | sed 's/..$//'`
diff --git a/app-text/pdfjam/pdfjam-1.20-r1.ebuild b/app-text/pdfjam/pdfjam-1.20-r1.ebuild
new file mode 100644
index 000000000000..3229afbdfc62
--- /dev/null
+++ b/app-text/pdfjam/pdfjam-1.20-r1.ebuild
@@ -0,0 +1,36 @@
+# Copyright 1999-2009 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-text/pdfjam/pdfjam-1.20-r1.ebuild,v 1.1 2009/01/15 07:06:20 aballier Exp $
+
+inherit eutils
+
+DESCRIPTION="pdfnup, pdfjoin and pdf90"
+HOMEPAGE="http://www.warwick.ac.uk/go/pdfjam"
+SRC_URI="http://www2.warwick.ac.uk/fac/sci/statistics/staff/academic/firth/software/pdfjam/${P/-/_}.tgz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~ppc ~ppc64 ~x86"
+IUSE=""
+S=${WORKDIR}/${PN}
+
+DEPEND="virtual/latex-base"
+
+src_unpack() {
+	unpack ${A}
+	cd "${S}"
+	epatch "${FILESDIR}/${P}-security.patch"
+}
+
+src_compile() {
+	for i in pdf90 pdfjoin pdfnup; do
+		cp scripts/$i scripts/$i.orig
+		sed -e 's,^pdflatex="/usr/local/bin/pdflatex",pdflatex="/usr/bin/pdflatex",' scripts/$i.orig >scripts/$i
+	done
+}
+
+src_install() {
+	dobin scripts/pdf90 scripts/pdfjoin scripts/pdfnup || die
+	dodoc PDFjam-README.html || die
+	doman man1/pdf90.1 man1/pdfjoin.1 man1/pdfnup.1 || die
+}