pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/graphics/comix Fix insecure temporary file handling in...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/90c1d8b02061
branches:  trunk
changeset: 541315:90c1d8b02061
user:      tonnerre <tonnerre%pkgsrc.org@localhost>
date:      Sat Apr 19 14:28:46 2008 +0000

description:
Fix insecure temporary file handling in comic and comicthumb utilities.
Eliminate insufficient escaping on shell calls for rar archives/jpegtran.

diffstat:

 graphics/comix/Makefile         |    4 +-
 graphics/comix/distinfo         |    4 +-
 graphics/comix/patches/patch-aa |  117 +++++++++++++++++++++++++
 graphics/comix/patches/patch-ab |  182 ++++++++++++++++++++++++++++++++++++++++
 4 files changed, 304 insertions(+), 3 deletions(-)

diffs (truncated from 333 to 300 lines):

diff -r 7a9873f421f4 -r 90c1d8b02061 graphics/comix/Makefile
--- a/graphics/comix/Makefile   Sat Apr 19 10:57:54 2008 +0000
+++ b/graphics/comix/Makefile   Sat Apr 19 14:28:46 2008 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.10 2007/09/21 13:03:47 wiz Exp $
+# $NetBSD: Makefile,v 1.11 2008/04/19 14:28:46 tonnerre Exp $
 #
 
 DISTNAME=              comix-3.6.4
-PKGREVISION=           1
+PKGREVISION=           2
 CATEGORIES=            graphics python
 MASTER_SITES=          ${MASTER_SITE_SOURCEFORGE:=comix/}
 
diff -r 7a9873f421f4 -r 90c1d8b02061 graphics/comix/distinfo
--- a/graphics/comix/distinfo   Sat Apr 19 10:57:54 2008 +0000
+++ b/graphics/comix/distinfo   Sat Apr 19 14:28:46 2008 +0000
@@ -1,5 +1,7 @@
-$NetBSD: distinfo,v 1.9 2007/06/01 00:45:49 wiz Exp $
+$NetBSD: distinfo,v 1.10 2008/04/19 14:28:46 tonnerre Exp $
 
 SHA1 (comix-3.6.4.tar.gz) = c14a1ba9d931436eb7215f8065f1bbda22f00409
 RMD160 (comix-3.6.4.tar.gz) = 8cd0f6459f56efb35cea7b7a899e4420796535d7
 Size (comix-3.6.4.tar.gz) = 398202 bytes
+SHA1 (patch-aa) = 2bb137273d14134c5c040ae7fd6b83d665cbaeb8
+SHA1 (patch-ab) = 4445829d4c9f20ca783adc26089ab042488288bf
diff -r 7a9873f421f4 -r 90c1d8b02061 graphics/comix/patches/patch-aa
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/comix/patches/patch-aa   Sat Apr 19 14:28:46 2008 +0000
@@ -0,0 +1,117 @@
+$NetBSD: patch-aa,v 1.1 2008/04/19 14:28:46 tonnerre Exp $
+
+Fix insecure temporary file handling in comicthumb utility.
+Eliminate insufficient escaping on shell calls for rar archives/jpegtran.
+
+--- mime/comicthumb.orig
++++ mime/comicthumb
+@@ -22,6 +22,10 @@
+ import StringIO
+ import re
+ import shutil
++
++import subprocess
++import tempfile
++
+ try:
+     import Image
+ except:
+@@ -48,9 +52,13 @@
+     sys.exit(1)
+ 
+ # temp directory needed for multiple archives
+-if not os.path.exists('/tmp/comicthumb/'):
+-    os.makedirs('/tmp/comicthumb/')
+-    os.chmod('/tmp/comicthumb/', 0700)
++#if not os.path.exists('/tmp/comicthumb/'):
++#    os.makedirs('/tmp/comicthumb/')
++#    os.chmod('/tmp/comicthumb/', 0700)
++_tmp_dir = tempfile.mkdtemp(prefix='comixthumb', suffix=os.sep, 
++        dir = '/tmp')
++_tmp_dir += "/"
++
+ 
+ # return the first image in the list
+ def first_image (filelist):
+@@ -101,10 +109,10 @@
+         else:
+             subarchive = first_archive(zipfiles)
+             if subarchive:
+-                output = open("/tmp/comicthumb/archive%d" % (depth), "wb")
++                output = open( _tmp_dir + "archive%d" % (depth), "wb")
+                 output.write(zip.read(subarchive))
+                 output.close()
+-                return get_image("/tmp/comicthumb/archive%d" % (depth),
++                return get_image( _tmp_dir + "archive%d" % (depth),
+                     depth + 1)
+     elif tarfile.is_tarfile(compressed_file):
+         TYPE = TYPE or 'cbt'
+@@ -119,10 +127,10 @@
+         else:
+             subarchive = first_archive(tarfiles)
+             if subarchive:
+-                output = open("/tmp/comicthumb/archive%d" % (depth), "wb")
++                output = open( _tmp_dir + "archive%d" % (depth), "wb")
+                 output.write(tar.extractfile(subarchive).read())
+                 output.close()
+-                return get_image("/tmp/comicthumb/archive%d" % (depth),
++                return get_image( _tmp_dir + "archive%d" % (depth),
+                     depth + 1)
+     elif open(compressed_file, 'rb').read(4) == 'Rar!':
+         TYPE = TYPE or 'cbr'
+@@ -138,20 +146,36 @@
+         if not rar:
+             print "You must install unrar or rar to thumbnail RAR archives."
+             sys.exit(1)
+-        rarfiles = os.popen('%s vb "%s"' % (rar, compressed_file)).readlines()
++        #rarfiles = os.popen('%s vb "%s"' % (rar, compressed_file)).readlines()
++        rarfiles = subprocess.Popen([rar, 'vb', compressed_file], 
++                     stdout=subprocess.PIPE).communicate()[0].splitlines()
+         for i in range(len(rarfiles)):
+             rarfiles[i] = rarfiles[i].rstrip("\n")
+         rarfiles.sort()
+         cover = guessCover(rarfiles)
+         if cover:
+-            picture = StringIO.StringIO(os.popen('%s p -inul -- "%s" "%s"' 
+-                % (rar, compressed_file, cover), "r").read())
++            #picture = StringIO.StringIO(os.popen('%s p -inul -- "%s" "%s"' 
++                #% (rar, compressed_file, cover), "r").read())
++            picture = StringIO.StringIO(subprocess.Popen(
++                [rar, 'p', '-inul', '--', compressed_file, cover],
++                 stdout=subprocess.PIPE).stdout.read())
+         else:
+             subarchive = first_archive(rarfiles)
+             if subarchive:
+-                os.popen('%s p -inul -- "%s" "%s" > "/tmp/comicthumb/archive%d"'
+-                    % (rar, compressed_file, subarchive, depth), "r")
+-                return get_image("/tmp/comicthumb/archive%d" % (depth), 
++                #os.popen('%s p -inul -- "%s" "%s" > "/tmp/comicthumb/archive%d"'
++                    #% (rar, compressed_file, subarchive, depth), "r")
++                filen = _tmp_dir + "archive%d"%(depth)
++                try:
++                   os.remove(filen)
++                except:
++                   pass
++                fp = open(filen, 'w')
++                fdp = fp.fileno()
++                subprocess.Popen(
++                    [rar, 'p', '-inul', '--', compressed_file, subarchive],
++                    stdout = fdp).wait()
++                fp.close()
++                return get_image( _tmp_dir + "archive%d" % (depth), 
+                     depth + 1)
+     return picture
+ 
+@@ -207,8 +231,8 @@
+     exit_flag = 1
+ 
+ # remove tempory stuff
+-if os.path.isdir('/tmp/comicthumb/'):
+-    shutil.rmtree('/tmp/comicthumb/')
++if os.path.isdir(_tmp_dir):
++    shutil.rmtree(_tmp_dir)
+ 
+ # and exit
+ sys.exit(exit_flag)
+only in patch2:
+unchanged:
diff -r 7a9873f421f4 -r 90c1d8b02061 graphics/comix/patches/patch-ab
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/comix/patches/patch-ab   Sat Apr 19 14:28:46 2008 +0000
@@ -0,0 +1,182 @@
+$NetBSD: patch-ab,v 1.1 2008/04/19 14:28:46 tonnerre Exp $
+
+Fix insecure temporary file handling in comic utility.
+Eliminate insufficient escaping on shell calls for rar archives/jpegtran.
+
+--- comix.orig
++++ comix
+@@ -44,6 +44,11 @@
+ import pwd
+ import cPickle
+ 
++import subprocess
++import string
++
++import tempfile
++
+ try:
+     import pygtk
+     pygtk.require('2.0')
+@@ -254,6 +259,8 @@
+     window_height = 0
+     colour_adjust_signal_kill = False
+     colour_adjust_dialog_displayed = False
++
++    _tmp_dir = None
+     
+     def close_application(self, widget, event=None):
+         
+@@ -267,8 +274,8 @@
+         self.prefs['page of last file'] = self.file_number
+         if os.path.exists(self.base_dir):
+             shutil.rmtree(self.base_dir)
+-            if len(os.listdir('/tmp/comix')) == 0:
+-                shutil.rmtree('/tmp/comix')
++            if len(os.listdir(self._tmp_dir)) == 0:
++                shutil.rmtree(self._tmp_dir)
+         self.exit = True
+ 
+         # =======================================================
+@@ -366,9 +373,9 @@
+         # =======================================================
+         if os.path.exists(self.base_dir):
+             shutil.rmtree(self.base_dir)
+-        if os.path.isdir('/tmp/comix'):
+-            if len(os.listdir('/tmp/comix')) == 0:
+-                shutil.rmtree('/tmp/comix')
++        if os.path.isdir(self._tmp_dir):
++            if len(os.listdir(self._tmp_dir)) == 0:
++                shutil.rmtree(self._tmp_dir)
+ 
+         
+         # =======================================================
+@@ -6277,9 +6284,12 @@
+                         archive = tarfile.open(path, 'r')
+                         files = archive.getnames()
+                     elif type == 'rar':
++                        #files = \
++                            #os.popen(self.rar + ' vb "' + path +
++                                #'"').readlines()
+                         files = \
+-                            os.popen(self.rar + ' vb "' + path +
+-                                '"').readlines()
++                             subprocess.Popen([self.rar, 'vb', path], 
++                             stdout=subprocess.PIPE).communicate()[0].splitlines()
+                         files = [file.rstrip('\n') for file in files]
+                     cover = None
+                     files.sort()
+@@ -6302,9 +6312,20 @@
+                                 break
+                     if cover != None:
+                         if type == 'rar':
+-                            os.popen(self.rar + ' p -inul -- "' + path + '" "' +
+-                                cover + '" > "' + thumb_dir +
+-                                '/temp" 2>/dev/null', "r").close()
++                            #os.popen(self.rar + ' p -inul -- "' + path + '" "' +
++                                #cover + '" > "' + thumb_dir +
++                                #'/temp" 2>/dev/null', "r").close()
++                            filen = thumb_dir + '/temp'
++                            try:
++                                os.remove(filen)
++                            except:
++                                pass
++                            fp = open(filen, 'w')
++                            fdp = fp.fileno()
++                            p = subprocess.Popen(
++                                [self.rar, 'p', '-inul', '--', path,
++                                 cover ],  stdout = fdp).wait()
++                            fp.close()
+                             image = Image.open(thumb_dir + '/temp')
+                             os.remove(thumb_dir + '/temp')
+                         elif type == 'zip':
+@@ -8010,7 +8031,7 @@
+             return False
+         
+         # We don't want to open files from our selves.
+-        if selection.data.startswith('file:///tmp/comix/'):
++        if selection.data.startswith('file://' + self._tmp_dir):
+             return
+         
+         uri = selection.data.strip()
+@@ -8733,8 +8754,10 @@
+             # =======================================================
+             elif archive_type == 'rar':
+                 if self.rar:
+-                    os.popen(
+-                        self.rar + ' x "' + src_path + '" "' + dst_path + '"')
++                    #os.popen(
++                        #self.rar + ' x "' + src_path + '" "' + dst_path + '"')
++                    subprocess.Popen(
++                        [self.rar, 'x', src_path, dst_path],stdout=sys.stdout).wait()
+                 else:
+                     self.statusbar.push(0,
+                         _('Could not find the unrar executable. Please install it if you wish to open RAR archives.'))
+@@ -9168,9 +9191,37 @@
+         self.are_you_sure_dialog.hide()
+         if response != -5:
+             return
+-        os.popen(self.jpegtran + ' -copy all -trim ' + operation +
+-            ' -outfile "' + self.file[self.file_number] + '" "' +
+-            self.file[self.file_number] + '"')
++        #os.popen(self.jpegtran + ' -copy all -trim ' + operation +
++            #' -outfile "' + self.file[self.file_number] + '" "' +
++            #self.file[self.file_number] + '"')
++        op = operation.split()
++        op_len = len(op)
++
++        i=1
++        filen = self.file[self.file_number]
++        while (1):
++            tmp_file = filen + '.tmp' + 'z' * i
++            if os.path.exists(tmp_file):
++                i += 1
++            else:
++                break
++        
++        # Ugly hack :(
++        if op_len == 2:
++            p = subprocess.Popen(
++              [self.jpegtran, '-copy', 'all', '-trim', op[0], op[1], 
++               '-outfile', tmp_file, filen], 
++               stdin=sys.stdin, stdout=sys.stdout)
++        else:
++            p = subprocess.Popen(
++              [self.jpegtran, '-copy', 'all', '-trim', op[0], 
++               '-outfile', tmp_file, filen], 
++               stdin=sys.stdin, stdout=sys.stdout)
++        p.wait()
++        if p.returncode == 0:
++            shutil.copymode(filen, tmp_file)



Home | Main Index | Thread Index | Old Index