Package: mp
Version: 3.7.1-9
Severity: normal
Tags: patch
The mimep program is very handy and it is a pity that it has been excluded
from the mp package. However, I fully understand the maintainer's concerns
about vulnerabilities related to the use of tempnam.
I prepared a quite trivial patch (attached below) that replaces calls to
tempnam by calls to mkstemp. This should address the first part of the
debian/changelog entry:
mp (3.7.1-8) unstable; urgency=low
* Remove mimep because it uses insecure tempfiles and insecure calls to
LaTeX and dvips; removes suggests on latex binaries.
Still, I do not understand what is meant by "insecure calls to LaTeX and
dvips".
I am also attaching below a patch to allow the TMPDIR environment variable.
The priority order is MIMEPTMDIR -> TMPDIR -> "/tmp".
Please, reconsider the inclusion of the mimep program into the mp package.
Cheers,
Rafael Laboissiere
-- System Information:
Debian Release: 4.0
APT prefers testing
APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-4-amd64
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=UTF-8) (ignored: LC_ALL set to
en_US.UTF-8)
Versions of packages mp depends on:
ii libc6 2.6.1-1 GNU C Library: Shared libraries
ii libice6 2:1.0.4-1 X11 Inter-Client Exchange library
ii libsm6 2:1.0.3-1+b1 X11 Session Management library
ii libx11-6 2:1.0.3-7 X11 client-side library
mp recommends no packages.
-- no debconf information
--- mpdist-3.7.1.orig/mimep/mimep/mimep.c 2002-04-12 18:47:26.000000000 +0200
+++ mpdist-3.7.1/mimep/mimep/mimep.c 2007-11-20 08:14:34.000000000 +0100
@@ -65,12 +65,21 @@
outputfile = removesuffix(outputfilename());
if (!(strcmp(outputfile, NOOUTPUTFILE))) {
- outputfile = tempnam(TMPDIR, TMPREFIX);
+ outputfile = (char *) malloc (strlen (TMPDIR)
+ + strlen (TMPREFIX) + 9);
+ strcpy (outputfile, TMPDIR);
+ strcat (outputfile, "/");
+ strcat (outputfile, TMPREFIX);
+ strcat (outputfile, ".XXXXXX");
+ if (!(fp_out = fdopen (mkstemp (outputfile), "w"))) {
+ FPRINTF (stderr, ERR3);
+ exit (1);
+ }
}
/* Opens the output file which will contain the LaTeX document */
- if (!(fp_out = fopen(outputfile, "w"))) {
+ else if (!(fp_out = fopen(outputfile, "w"))) {
FPRINTF(stderr, ERR3);
exit(1);
}
@@ -331,8 +341,13 @@
* temporary file, then, returns the name of this file.
*/
- filename = tempnam(TMPDIR, TMPREFIX);
- if (!(fp = fopen(filename, "w"))) {
+ filename = (char *) malloc (strlen (TMPDIR) + strlen (TMPREFIX) + 9);
+ strcpy (filename, TMPDIR);
+ strcat (filename, "/");
+ strcat (filename, TMPREFIX);
+ strcat (filename, ".XXXXXX");
+
+ if (!(fp = fdopen (mkstemp (filename), "w"))) {
FPRINTF(stderr, ERR1);
}
while (fscanf(stdin, "%c", &car) != EOF) {
--- mpdist-3.7.1.orig/mimep/mimep/mimep.c 2002-04-12 18:47:26.000000000 +0200
+++ mpdist-3.7.1/mimep/mimep/mimep.c 2007-11-20 08:14:34.000000000 +0100
@@ -40,11 +39,15 @@
/*
* If the MIMEPTMPDIR environment variable is set with a valid
* directory name, mimep uses this directory to create its temporary files.
+ *
+ * [RML] Otherwise, if the environment variable TMPDIR is set, use it.
*/
if (!(TMPDIR = getenv(MIMEPTMPDIR))) {
- TMPDIR = (char *) malloc(sizeof(char) * (strlen(DEFTMPDIR) + 1));
- STRCPY(TMPDIR, DEFTMPDIR);
+ if (!(TMPDIR = getenv("TMPDIR"))) {
+ TMPDIR = (char *) malloc(sizeof(char) * (strlen(DEFTMPDIR) + 1));
+ STRCPY(TMPDIR, DEFTMPDIR);
+ }
}
Header(); /* mp */
--- mpdist-3.7.1.orig/man/mimep.1 2002-04-12 18:47:26.000000000 +0200
+++ mpdist-3.7.1/man/mimep.1-new 2007-11-20 10:42:02.000000000 +0100
@@ -337,6 +337,11 @@
.sp
.TP
.B \MIMEPTMPDIR
+If set, this variable overrides both the TMPDIR environment variable and "/tmp" as the name of the directory in which mimep will create temporary files.
+.\"=========================================================================
+.sp
+.TP
+.B \TMPDIR
If set, this variable overrides "/tmp" as the name of the directory in which mimep will create temporary files.
.\"=========================================================================
.sp
