Hi, The attached file is the updated diff for my apertium 3.0.7+1-1.1 NMU. The associated changelog entry is:
apertium (3.0.7+1-1.1) unstable; urgency=medium
* Non-maintainer upload.
* Replace pid-based, hardcoded and $RANDOM-based temporary file names
to prevent against symlink attacks. Based mostly on a patch by Moritz
Muehlenhoff <[EMAIL PROTECTED]>. (Closes: #496395)
The changes are moving the changes from Makefile.in to Makefile.am and
calling autoconf in debian/rules. Thanks to Thomas Viehmann <[EMAIL PROTECTED]>.
Regards,
--
Chris Lamb, UK [EMAIL PROTECTED]
GPG: 0x634F9A20
diff -Nru apertium-3.0.7+1/apertium/apertium-header.sh
apertium-3.0.7+1/apertium/apertium-header.sh
--- apertium-3.0.7+1/apertium/apertium-header.sh 2008-02-05
06:49:07.000000000 +0000
+++ apertium-3.0.7+1/apertium/apertium-header.sh 2008-09-06
23:32:35.000000000 +0100
@@ -36,19 +36,27 @@
fi
}
+function random_suffix
+{
+ TEMP_FILE="$(mktemp)"
+ TARGET="${TEMP_FILE}${1}"
+ mv ${TEMP_FILE} ${TARGET} || exit 1
+ echo "${TARGET}"
+}
+
function translate_odt
{
- INPUT_TMPDIR=/tmp/$$odtdir
+ INPUT_TMPDIR=`mktemp`
locale_utf8
test_zip
if [[ $FICHERO == "" ]]
- then FICHERO=/tmp/$$odtorig
+ then FICHERO=`mktemp`
cat > $FICHERO
BORRAFICHERO="true"
fi
- OTRASALIDA=/tmp/$$odtsalida.zip
+ OTRASALIDA=$(random_suffix odtsalida.zip)
unzip -q -o -d $INPUT_TMPDIR $FICHERO
find $INPUT_TMPDIR | grep content\\\.xml |\
@@ -78,17 +86,17 @@
function translate_docx
{
- INPUT_TMPDIR=/tmp/$$docxdir
+ INPUT_TMPDIR=`mktemp`
locale_utf8
test_zip
if [[ $FICHERO == "" ]]
- then FICHERO=/tmp/$$docxorig
+ then FICHERO=`mktemp`
cat > $FICHERO
BORRAFICHERO="true"
fi
- OTRASALIDA=/tmp/$$docxsalida.zip
+ OTRASALIDA=$(random_suffix docxsalida.zip)
if [[ $UWORDS == "no" ]]
then OPCIONU="-u";
@@ -98,8 +106,9 @@
unzip -q -o -d $INPUT_TMPDIR $FICHERO
for i in $(find $INPUT_TMPDIR|grep "xlsx$");
- do $APERTIUM_PATH/apertium -f xlsx -d $DIRECTORY $OPCIONU $PREFIJO <$i
>/tmp/$$xlsxembed;
- mv /tmp/$$xlsxembed $i;
+ TMP_XLSXEMBED=`mktemp`
+ do $APERTIUM_PATH/apertium -f xlsx -d $DIRECTORY $OPCIONU $PREFIJO <$i
>$TMP_XLSXEMBED;
+ mv $TMP_XLSXEMBED $i;
done;
find $INPUT_TMPDIR | grep "xml" |\
@@ -130,17 +139,17 @@
function translate_xlsx
{
- INPUT_TMPDIR=/tmp/$$xlsxdir
+ INPUT_TMPDIR=`mktemp`
locale_utf8
test_zip
if [[ $FICHERO == "" ]]
- then FICHERO=/tmp/$$xlsxorig
+ then FICHERO=`mktemp`
cat > $FICHERO
BORRAFICHERO="true"
fi
- OTRASALIDA=/tmp/$$xslxsalida.zip
+ OTRASALIDA=$(random_suffix xslxsalida.zip)
unzip -q -o -d $INPUT_TMPDIR $FICHERO
find $INPUT_TMPDIR | grep "sharedStrings.xml" |\
diff -Nru apertium-3.0.7+1/apertium/Makefile.am
apertium-3.0.7+1/apertium/Makefile.am
--- apertium-3.0.7+1/apertium/Makefile.am 2008-03-26 21:39:42.000000000
+0000
+++ apertium-3.0.7+1/apertium/Makefile.am 2008-09-06 23:32:35.000000000
+0100
@@ -233,25 +233,29 @@
@echo "Creating apertium-gen-deformat script"
@echo "#!$(BASH)" > $@
@cat deformat-header.sh >> $@
+ @echo "TMP_DEFORMAT=\`mktemp\`" >> $@
+ @echo "TMP_LEX=\`mktemp\`" >> $@
@echo "$(XMLLINT) --dtdvalid $(apertiumdir)/format.dtd --noout \$$FILE1
&& \\" >> $@
@if [ `basename $(XSLTPROC)` == xsltproc ]; \
- then echo "$(XSLTPROC) --stringparam mode \$$MODE
$(apertiumdir)/deformat.xsl \$$FILE1 >/tmp/\$$\$$.deformat.l && \\"; \
- else echo "$(XSLTPROC) $(apertiumdir)/deformat.xsl \$$FILE1
\"\\\$$mode=\$$MODE\" >/tmp/\$$\$$.deformat.l && \\"; \
+ then echo "$(XSLTPROC) --stringparam mode \$$MODE
$(apertiumdir)/deformat.xsl \$$FILE1 >\$$TMP_DEFORMAT && \\"; \
+ else echo "$(XSLTPROC) $(apertiumdir)/deformat.xsl \$$FILE1
\"\\\$$mode=\$$MODE\" >\$$TMP_DEFORMAT && \\"; \
fi >> $@
- @echo "$(FLEX) \$$FLEXOPTS -o/tmp/\$$\$$.lex.cc /tmp/\$$\$$.deformat.l
&& \\" >> $@
- @echo "$(CXX) $(CXXFLAGS) -w $(APERTIUM_CFLAGS) -I $(apertiuminclude)
-o \$$FILE2 /tmp/\$$\$$.lex.cc && \\" >> $@
- @echo "rm /tmp/\$$\$$.deformat.l /tmp/\$$\$$.lex.cc" >> $@
+ @echo "$(FLEX) \$$FLEXOPTS -o\$$TMP_LEX \$$TMP_DEFORMAT && \\" >> $@
+ @echo "$(CXX) $(CXXFLAGS) -w $(APERTIUM_CFLAGS) -I $(apertiuminclude)
-o \$$FILE2 \$$TMP_LEX && \\" >> $@
+ @echo "rm \$$TMP_DEFORMAT \$$TMP_LEX" >> $@
@chmod a+x $@
apertium-gen-reformat: Makefile.am gen-header.sh
@echo "Creating apertium-gen-reformat script"
@echo "#!$(BASH)" > $@
@cat gen-header.sh >> $@
+ @echo "TMP_REFORMAT=\`mktemp\`" >> $@
+ @echo "TMP_LEX=\`mktemp\`" >> $@
@echo "$(XMLLINT) --dtdvalid $(apertiumdir)/format.dtd --noout \$$FILE1
&& \\" >> $@
- @echo "$(XSLTPROC) $(apertiumdir)/reformat.xsl \$$FILE1
>/tmp/\$$\$$.reformat.l && \\" >> $@
- @echo "$(FLEX) \$$FLEXOPTS -o/tmp/\$$\$$.lex.cc /tmp/\$$\$$.reformat.l
&& \\" >> $@
- @echo "$(CXX) $(CXXFLAGS) -w $(APERTIUM_CFLAGS) -I $(apertiuminclude)
-o \$$FILE2 /tmp/\$$\$$.lex.cc &&\\" >> $@
- @echo "rm /tmp/\$$\$$.reformat.l /tmp/\$$\$$.lex.cc" >> $@
+ @echo "$(XSLTPROC) $(apertiumdir)/reformat.xsl \$$FILE1
>\$$TMP_REFORMAT && \\" >> $@
+ @echo "$(FLEX) \$$FLEXOPTS -o\$$TMP_LEX \$$TMP_REFORMAT && \\" >> $@
+ @echo "$(CXX) $(CXXFLAGS) -w $(APERTIUM_CFLAGS) -I $(apertiuminclude)
-o \$$FILE2 \$$TMP_LEX &&\\" >> $@
+ @echo "rm \$$TMP_REFORMAT \$$TMP_LEX" >> $@
@chmod a+x $@
apertium-gen-modes: Makefile.am modes-header.sh
diff -Nru apertium-3.0.7+1/apertium/Makefile.in
apertium-3.0.7+1/apertium/Makefile.in
--- apertium-3.0.7+1/apertium/Makefile.in 2008-03-31 05:22:55.000000000
+0100
+++ apertium-3.0.7+1/apertium/Makefile.in 2008-09-06 23:32:35.000000000
+0100
@@ -1148,25 +1148,29 @@
@echo "Creating apertium-gen-deformat script"
@echo "#!$(BASH)" > $@
@cat deformat-header.sh >> $@
+ @echo "TMP_DEFORMAT=\`mktemp\`" >> $@
+ @echo "TMP_LEX=\`mktemp\`" >> $@
@echo "$(XMLLINT) --dtdvalid $(apertiumdir)/format.dtd --noout \$$FILE1
&& \\" >> $@
@if [ `basename $(XSLTPROC)` == xsltproc ]; \
- then echo "$(XSLTPROC) --stringparam mode \$$MODE
$(apertiumdir)/deformat.xsl \$$FILE1 >/tmp/\$$\$$.deformat.l && \\"; \
- else echo "$(XSLTPROC) $(apertiumdir)/deformat.xsl \$$FILE1
\"\\\$$mode=\$$MODE\" >/tmp/\$$\$$.deformat.l && \\"; \
+ then echo "$(XSLTPROC) --stringparam mode \$$MODE
$(apertiumdir)/deformat.xsl \$$FILE1 >\$$TMP_DEFORMAT && \\"; \
+ else echo "$(XSLTPROC) $(apertiumdir)/deformat.xsl \$$FILE1
\"\\\$$mode=\$$MODE\" >\$$TMP_DEFORMAT && \\"; \
fi >> $@
- @echo "$(FLEX) \$$FLEXOPTS -o/tmp/\$$\$$.lex.cc /tmp/\$$\$$.deformat.l
&& \\" >> $@
- @echo "$(CXX) $(CXXFLAGS) -w $(APERTIUM_CFLAGS) -I $(apertiuminclude)
-o \$$FILE2 /tmp/\$$\$$.lex.cc && \\" >> $@
- @echo "rm /tmp/\$$\$$.deformat.l /tmp/\$$\$$.lex.cc" >> $@
+ @echo "$(FLEX) \$$FLEXOPTS -o\$$TMP_LEX \$$TMP_DEFORMAT && \\" >> $@
+ @echo "$(CXX) $(CXXFLAGS) -w $(APERTIUM_CFLAGS) -I $(apertiuminclude)
-o \$$FILE2 \$$TMP_LEX && \\" >> $@
+ @echo "rm \$$TMP_DEFORMAT \$$TMP_LEX" >> $@
@chmod a+x $@
apertium-gen-reformat: Makefile.am gen-header.sh
@echo "Creating apertium-gen-reformat script"
@echo "#!$(BASH)" > $@
@cat gen-header.sh >> $@
+ @echo "TMP_REFORMAT=\`mktemp\`" >> $@
+ @echo "TMP_LEX=\`mktemp\`" >> $@
@echo "$(XMLLINT) --dtdvalid $(apertiumdir)/format.dtd --noout \$$FILE1
&& \\" >> $@
- @echo "$(XSLTPROC) $(apertiumdir)/reformat.xsl \$$FILE1
>/tmp/\$$\$$.reformat.l && \\" >> $@
- @echo "$(FLEX) \$$FLEXOPTS -o/tmp/\$$\$$.lex.cc /tmp/\$$\$$.reformat.l
&& \\" >> $@
- @echo "$(CXX) $(CXXFLAGS) -w $(APERTIUM_CFLAGS) -I $(apertiuminclude)
-o \$$FILE2 /tmp/\$$\$$.lex.cc &&\\" >> $@
- @echo "rm /tmp/\$$\$$.reformat.l /tmp/\$$\$$.lex.cc" >> $@
+ @echo "$(XSLTPROC) $(apertiumdir)/reformat.xsl \$$FILE1
>\$$TMP_REFORMAT && \\" >> $@
+ @echo "$(FLEX) \$$FLEXOPTS -o\$$TMP_LEX \$$TMP_REFORMAT && \\" >> $@
+ @echo "$(CXX) $(CXXFLAGS) -w $(APERTIUM_CFLAGS) -I $(apertiuminclude)
-o \$$FILE2 \$$TMP_LEX &&\\" >> $@
+ @echo "rm \$$TMP_REFORMAT \$$TMP_LEX" >> $@
@chmod a+x $@
apertium-gen-modes: Makefile.am modes-header.sh
diff -Nru apertium-3.0.7+1/debian/changelog apertium-3.0.7+1/debian/changelog
--- apertium-3.0.7+1/debian/changelog 2008-09-06 23:32:34.000000000 +0100
+++ apertium-3.0.7+1/debian/changelog 2008-09-06 23:32:35.000000000 +0100
@@ -1,3 +1,12 @@
+apertium (3.0.7+1-1.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Replace pid-based, hardcoded and $RANDOM-based temporary file names
+ to prevent against symlink attacks. Based mostly on a patch by Moritz
+ Muehlenhoff <[EMAIL PROTECTED]>. (Closes: #496395)
+
+ -- Chris Lamb <[EMAIL PROTECTED]> Sat, 06 Sep 2008 22:36:07 +0100
+
apertium (3.0.7+1-1) unstable; urgency=low
* Fix FTBFS gcc-4.3. Closes: #417083
diff -Nru apertium-3.0.7+1/debian/control apertium-3.0.7+1/debian/control
--- apertium-3.0.7+1/debian/control 2008-09-06 23:32:34.000000000 +0100
+++ apertium-3.0.7+1/debian/control 2008-09-06 23:32:35.000000000 +0100
@@ -1,7 +1,7 @@
Source: apertium
Priority: optional
Maintainer: Francis Tyers <[EMAIL PROTECTED]>
-Build-Depends: debhelper (>= 4.0.0), autotools-dev, libxml2-dev, pkg-config
(>= 0.20 ), liblttoolbox3-3.0-0-dev (>= 3.0.0 ), libxml2-utils (>= 2.6.24 ),
xsltproc (>= 1.1.16 ), flex (>= 2.5.33), libpcre3-dev (>= 3.0.0 )
+Build-Depends: debhelper (>= 4.0.0), autotools-dev, autoconf, libxml2-dev,
pkg-config (>= 0.20 ), liblttoolbox3-3.0-0-dev (>= 3.0.0 ), libxml2-utils (>=
2.6.24 ), xsltproc (>= 1.1.16 ), flex (>= 2.5.33), libpcre3-dev (>= 3.0.0 )
Standards-Version: 3.7.3
Section: libs
Homepage: http://www.apertium.org
diff -Nru apertium-3.0.7+1/debian/rules apertium-3.0.7+1/debian/rules
--- apertium-3.0.7+1/debian/rules 2008-09-06 23:32:34.000000000 +0100
+++ apertium-3.0.7+1/debian/rules 2008-09-06 23:32:35.000000000 +0100
@@ -31,6 +31,7 @@
config.status: configure
dh_testdir
# Add here commands to configure the package.
+ autoconf
CXXFLAGS="$(CXXFLAGS)" CFLAGS="$(CFLAGS) -Wl,-z,defs" ./configure
--host=$(DEB_HOST_GNU_TYPE) --build=$(DEB_BUILD_GNU_TYPE) --prefix=/usr
--mandir=\$${prefix}/share/man --infodir=\$${prefix}/share/info
signature.asc
Description: PGP signature
