Hi, I'm going to upload an NMU for this one. Patch attached and archived on: http://people.debian.org/~nion/nmu-diff/sgml2x-1.0.0-11.1_1.0.0-11.2.patch
Cheers Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
diff -u sgml2x-1.0.0/debian/changelog sgml2x-1.0.0/debian/changelog
--- sgml2x-1.0.0/debian/changelog
+++ sgml2x-1.0.0/debian/changelog
@@ -1,3 +1,11 @@
+sgml2x (1.0.0-11.2) unstable; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Fix possible symlink attacks in rlatex by using mktemp to create
+ temporary files in a secure way (Closes: #496368)
+
+ -- Nico Golde <[EMAIL PROTECTED]> Wed, 27 Aug 2008 14:14:43 +0200
+
sgml2x (1.0.0-11.1) unstable; urgency=low
* Non-maintainer upload.
only in patch2:
unchanged:
--- sgml2x-1.0.0.orig/bin/rlatex
+++ sgml2x-1.0.0/bin/rlatex
@@ -5,27 +5,25 @@
LATEXPRG=${LATEXPRG:-latex}
while true; do
- pid=$$
- export pid
- rm -f /tmp/rlok$pid
- (
- if ${LATEXPRG} $*
+ RLSOTMP=$(mktemp /tmp/RLSO.XXXXXXXX)
+ RLOKTMP="xxx"
+
+ if ${LATEXPRG} $* | tee $RLSOTMP
then
- touch /tmp/rlok$pid
+ RLOKTMP=$(mktemp /tmp/rlok.XXXXXXXX)
fi
- ) | tee /tmp/rlso$pid
- if [ ! -f /tmp/rlok$pid ]
- then
- rm -f /tmp/rlso$pid
+ if [ $RLOKTMP = "xxx" ]
+ then
echo >&2 "$(basename $0): Exiting in error"
exit 1
- fi
+ fi
- if ! grep -E '^(LaTeX Warning: (Label\(s\) may|There were undefined references)|Package longtable Warning: Table widths have changed)' /tmp/rlso$pid >/dev/null
+ if ! grep -E '^(LaTeX Warning: (Label\(s\) may|There were undefined references)|Package longtable Warning: Table widths have changed)' $RLSOTMP >/dev/null
then
- rm -f /tmp/rlso$pid
+ rm -f $RLSOTMP
exit 0
fi
echo "Re-running LaTeX"
+ rm -f $RLSOTMP $RLOKTMP
done
pgpwi3d5cTfyG.pgp
Description: PGP signature
