Security fixes by Martin Väth for bug #252734

(Portage version: 2.2_rc22/cvs/Linux 2.6.28 x86_64)

3 files changed, 223 insertions, 2 deletions

diff --git a/app-text/pdfjam/ChangeLog b/app-text/pdfjam/ChangeLog
index bf31a8d20ee0..41dc7dbded2f 100644
--- a/app-text/pdfjam/ChangeLog
+++ b/app-text/pdfjam/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for app-text/pdfjam
-# Copyright 1999-2008 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-text/pdfjam/ChangeLog,v 1.16 2008/06/10 18:28:54 aballier Exp $
+# Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/app-text/pdfjam/ChangeLog,v 1.17 2009/01/15 07:06:20 aballier Exp $
+
+*pdfjam-1.20-r1 (15 Jan 2009)
+
+  15 Jan 2009; Alexis Ballier <aballier@gentoo.org>
+  +files/pdfjam-1.20-security.patch, +pdfjam-1.20-r1.ebuild:
+  Security fixes by Martin Väth for bug #252734
 
   10 Jun 2008; Alexis Ballier <aballier@gentoo.org> -pdfjam-1.10.ebuild:
   remove old
diff --git a/app-text/pdfjam/files/pdfjam-1.20-security.patch b/app-text/pdfjam/files/pdfjam-1.20-security.patch
new file mode 100644
index 000000000000..9c607884ecd4
--- /dev/null
+++ b/app-text/pdfjam/files/pdfjam-1.20-security.patch
@@ -0,0 +1,179 @@
+By Martin Väth, vaeth@mathematik.uni-wuerzburg.de
+
+CVE-2008-5743 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5743):
+  pdfjam creates the (1) pdf90, (2) pdfjoin, and (3) pdfnup files with
+  a predictable name, which allows local users to overwrite arbitrary
+  files via a symlink attack.
+
+
+Actually there is a much more severe security issue in pdfjam:
+In the default setting it puts the current directory into PATH (because
+pdflatex has an empty dirname which is put at the beginning of PATH).
+
+The attached patch fixes both security issues, for simplicity requiring that
+"mktemp -d" is available and working.
+
+In addition, it replaces the non-POSIX "source" by ".": Since the scripts are
+#!/bin/sh and not #!/bin/bash the should be at least POSIX-conformal (these
+scripts would otherwise break in gentoo if /bin/sh is a symlink to dash).
+
+Name:      CVE-2008-5843
+URL:       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5843
+Published: 2009-01-05
+Severity:  Medium
+Description:
+
+Multiple untrusted search path vulnerabilities in pdfjam allow local
+users to gain privileges via a Trojan horse program in (1) the current
+working directory or (2) /var/tmp, related to the (a) pdf90, (b)
+pdfjoin, and (c) pdfnup scripts.
+
+
+
+https://bugs.gentoo.org/show_bug.cgi?id=252734
+
+--- scripts/pdf90
++++ scripts/pdf90
+@@ -43,12 +43,12 @@
+ for d in /etc /usr/share/etc /usr/local/share /usr/local/etc
+ do if test -f $d/pdfnup.conf; then
+    echo "Reading site configuration from $d/pdfnup.conf"
+-   source $d/pdfnup.conf
++   . $d/pdfnup.conf
+    fi 
+ done
+ if test -f ~/.pdfnup.conf; then 
+    echo "Reading user defaults from ~/.pdfnup.conf";
+-   source ~/.pdfnup.conf; 
++   . ~/.pdfnup.conf; 
+ fi
+ #######################################################################
+ ##
+@@ -71,8 +71,8 @@
+ ##
+ ##  Check that necessary LaTeX packages are installed
+ ##
+-PATH=`dirname "$pdflatex"`:$PATH
+-export PATH
++modifyPath="${pdflatex%/*}"
++[ -n "$modifyPath" ] && export PATH="$modifyPath:$PATH"
+ case `kpsewhich pdfpages.sty` in
+ 	"") echo "pdf90: pdfpages.sty not installed"; exit 1;;
+ esac
+@@ -136,6 +136,19 @@
+ ##
+ ##  That's the arguments done.
+ ##
++
++mkTempDir=''
++trap 'test -n "$mkTempDir" && test -d "$mkTempDir" && \
++	rm -rf -- "$mkTempDir" && mkTempDir=""; \
++	trap - EXIT HUP INT TERM' EXIT HUP INT TERM
++if ! command -v mktemp >/dev/null 2>&1 || \
++	! mkTempDir=`mktemp -d -- "$tempfileDir/pdf90.XXXXXX"`
++then
++	echo "pdf90: cannot create temporary directory"
++	exit 2
++fi
++tempfileDir=$mkTempDir
++
+ ##
+ ##  Now work on the input file (or files in turn)
+ ##
+--- scripts/pdfjoin
++++ scripts/pdfjoin
+@@ -50,12 +50,12 @@
+ for d in /etc /usr/share/etc /usr/local/share /usr/local/etc
+ do if test -f $d/pdfnup.conf; then
+    echo "Reading site configuration from $d/pdfnup.conf"
+-   source $d/pdfnup.conf
++   . $d/pdfnup.conf
+    fi 
+ done
+ if test -f ~/.pdfnup.conf; then 
+    echo "Reading user defaults from ~/.pdfnup.conf";
+-   source ~/.pdfnup.conf; 
++   . ~/.pdfnup.conf; 
+ fi
+ #######################################################################
+ ##
+@@ -99,8 +99,8 @@
+ ##
+ ##  Check that necessary LaTeX packages are installed
+ ##
+-PATH=`dirname "$pdflatex"`:$PATH
+-export PATH
++modifyPath="${pdflatex%/*}"
++[ -n "$modifyPath" ] && export PATH="$modifyPath:$PATH"
+ case `kpsewhich pdfpages.sty` in
+ 	"") echo "pdfjoin: pdfpages.sty not installed"; exit 1;;
+ esac
+@@ -171,6 +171,19 @@
+ ##
+ ##  That's the arguments done.
+ ##
++
++mkTempDir=''
++trap 'test -n "$mkTempDir" && test -d "$mkTempDir" && \
++	rm -rf -- "$mkTempDir" && mkTempDir=""; \
++	trap - EXIT HUP INT TERM' EXIT HUP INT TERM
++if ! command -v mktemp >/dev/null 2>&1 || \
++	! mkTempDir=`mktemp -d -- "$tempfileDir/pdfjoin.XXXXXX"`
++then
++	echo "pdfjoin: cannot create temporary directory"
++	exit 2
++fi
++tempfileDir=$mkTempDir
++
+ ##
+ ##  Now work on the input files
+ ##
+--- scripts/pdfnup
++++ scripts/pdfnup
+@@ -57,12 +57,12 @@
+ for d in /etc /usr/share/etc /usr/local/share /usr/local/etc
+ do if test -f $d/pdfnup.conf; then
+      echo "Reading site configuration from $d/pdfnup.conf"
+-     source $d/pdfnup.conf
++     . $d/pdfnup.conf
+    fi 
+ done
+ if test -f ~/.pdfnup.conf; then 
+    echo "Reading user defaults from ~/.pdfnup.conf";
+-   source ~/.pdfnup.conf; 
++   . ~/.pdfnup.conf; 
+ fi
+ #######################################################################
+ ##
+@@ -134,8 +134,8 @@
+ ##
+ ##  Check that necessary LaTeX packages are installed
+ ##
+-PATH=`dirname "$pdflatex"`:$PATH
+-export PATH
++modifyPath="${pdflatex%/*}"
++[ -n "$modifyPath" ] && export PATH="$modifyPath:$PATH"
+ case `kpsewhich pdfpages.sty` in
+ 	"") echo "pdfnup: pdfpages.sty not installed"; exit 1;;
+ esac
+@@ -232,6 +232,20 @@
+ ##
+ ##  That's the arguments done.
+ ##
++
++mkTempDir=''
++trap 'test -n "$mkTempDir" && test -d "$mkTempDir" && \
++	rm -rf -- "$mkTempDir" && mkTempDir=""; \
++	trap - EXIT HUP INT TERM' EXIT HUP INT TERM
++if ! command -v mktemp >/dev/null 2>&1 || \
++	! mkTempDir=`mktemp -d -- "$tempfileDir/pdfnup.XXXXXX"`
++then
++	echo "pdfnup: cannot create temporary directory"
++	exit 2
++fi
++tempfileDir=$mkTempDir
++
++##
+ ##  Next sort out paper orientation, if not specified
+ ##
+ x=`echo $nup | sed 's/..$//'`
diff --git a/app-text/pdfjam/pdfjam-1.20-r1.ebuild b/app-text/pdfjam/pdfjam-1.20-r1.ebuild
new file mode 100644
index 000000000000..3229afbdfc62
--- /dev/null
+++ b/app-text/pdfjam/pdfjam-1.20-r1.ebuild
@@ -0,0 +1,36 @@
+# Copyright 1999-2009 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-text/pdfjam/pdfjam-1.20-r1.ebuild,v 1.1 2009/01/15 07:06:20 aballier Exp $
+
+inherit eutils
+
+DESCRIPTION="pdfnup, pdfjoin and pdf90"
+HOMEPAGE="http://www.warwick.ac.uk/go/pdfjam"
+SRC_URI="http://www2.warwick.ac.uk/fac/sci/statistics/staff/academic/firth/software/pdfjam/${P/-/_}.tgz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~ppc ~ppc64 ~x86"
+IUSE=""
+S=${WORKDIR}/${PN}
+
+DEPEND="virtual/latex-base"
+
+src_unpack() {
+	unpack ${A}
+	cd "${S}"
+	epatch "${FILESDIR}/${P}-security.patch"
+}
+
+src_compile() {
+	for i in pdf90 pdfjoin pdfnup; do
+		cp scripts/$i scripts/$i.orig
+		sed -e 's,^pdflatex="/usr/local/bin/pdflatex",pdflatex="/usr/bin/pdflatex",' scripts/$i.orig >scripts/$i
+	done
+}
+
+src_install() {
+	dobin scripts/pdf90 scripts/pdfjoin scripts/pdfnup || die
+	dodoc PDFjam-README.html || die
+	doman man1/pdf90.1 man1/pdfjoin.1 man1/pdfnup.1 || die
+}