Bug#596403: mailscanner: NMU diff for 4.79.11-2.1 (Intent to NMU; CVE-2010-3095)

Mon, 18 Oct 2010 01:42:21 -0700 

Dear maintainer,

Here is the NMU diff according to DevRef 5.11.1[1][2] for bug: #596403.
See the debian/patches directory for the important fixes.

Please let me know if it's ok to proceed with the NMU.

Thank you for maintaining the package,
Jari Aalto

[1] http://www.debian.org/doc/developers-reference/pkgs.html#nmu
[2] http://dep.debian.net/deps/dep1.html

lsdiff(1) of changes:

    mailscanner-4.79.11/debian/changelog
    mailscanner-4.79.11/debian/patches/CVE-2010-3095--bug596403.patch
    mailscanner-4.79.11/debian/patches/series


diffstat for mailscanner-4.79.11 mailscanner-4.79.11

 changelog                              |    9 +
 patches/CVE-2010-3095--bug596403.patch |  244 +++++++++++++++++++++++++++++++++
 patches/series                         |    1 
 3 files changed, 254 insertions(+)

diff -Nru mailscanner-4.79.11/debian/changelog mailscanner-4.79.11/debian/changelog
--- mailscanner-4.79.11/debian/changelog	2010-04-11 19:53:16.000000000 +0300
+++ mailscanner-4.79.11/debian/changelog	2010-10-18 00:47:47.000000000 +0300
@@ -1,3 +1,12 @@
+mailscanner (4.79.11-2.1) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * debian/patches
+    - (CVE-2010-3095--bug596403): New. Fix insecure handling of
+      temporary files: use of $$. (grave, security; Closes: #596403).
+
+ -- Jari Aalto <jari.aa...@cante.net>  Mon, 18 Oct 2010 00:47:47 +0300
+
 mailscanner (4.79.11-2) unstable; urgency=low
 
   * Fixed hourly cronjob script to restart mailscanner (Closes: #575952)
diff -Nru mailscanner-4.79.11/debian/patches/CVE-2010-3095--bug596403.patch mailscanner-4.79.11/debian/patches/CVE-2010-3095--bug596403.patch
--- mailscanner-4.79.11/debian/patches/CVE-2010-3095--bug596403.patch	1970-01-01 02:00:00.000000000 +0200
+++ mailscanner-4.79.11/debian/patches/CVE-2010-3095--bug596403.patch	2010-10-18 00:39:34.000000000 +0300
@@ -0,0 +1,244 @@
+From 2f5abce67a459c951392de101e4c2d4e5f1b6268 Mon Sep 17 00:00:00 2001
+From: Jari Aalto <jari.aa...@cante.net>
+Date: Mon, 18 Oct 2010 00:34:50 +0300
+Subject: [PATCH] CVE-2010-3095: Insecure temporary handling
+Organization: Private
+Content-Type: text/plain; charset="utf-8"
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Jari Aalto <jari.aa...@cante.net>
+---
+ bin/Sophos.install                                 |    8 +++++---
+ bin/Sophos.install.linux                           |    8 +++++---
+ bin/Sophos.install.solaris                         |    8 +++++---
+ lib/MailScanner/CustomFunctions/DavidHooton.pm     |    7 +++++--
+ lib/MailScanner/CustomFunctions/LastSpam.pm        |    4 +++-
+ .../CustomFunctions/Ruleset-from-Function.pm       |    3 ++-
+ lib/MailScanner/TNEF.pm                            |    3 ++-
+ lib/bitdefender-wrapper                            |    3 ++-
+ lib/clamav-wrapper                                 |    2 +-
+ lib/kaspersky-wrapper                              |    6 +++---
+ lib/trend-autoupdate                               |    3 ++-
+ 11 files changed, 35 insertions(+), 20 deletions(-)
+
+diff --git a/bin/Sophos.install b/bin/Sophos.install
+index c3dee40..407eb9e 100755
+--- a/bin/Sophos.install
++++ b/bin/Sophos.install
+@@ -122,9 +122,11 @@ else
+   # Remove the Sophos root cron job
+   sleep 5
+   echo 'Commenting out root cron job.'
+-  rm -f /tmp/crontab.$$
+-  crontab -l | sed -e 's/^\(.*savupdate.*\)$/# &/' > /tmp/crontab.$$
+-  crontab /tmp/crontab.$$
++
++  crontmpfile=$(tempfile) || { echo "$0: Cannot create temporary file" >&2; exit 1; }
++  crontab -l | sed -e 's/^\(.*savupdate.*\)$/# &/' > $crontmpfile
++  crontab $crontmpfile
++  rm -f  $crontmpfile
+ 
+   # Shutdown and kill off all the Sophos V6 daemons
+   sleep 2
+diff --git a/bin/Sophos.install.linux b/bin/Sophos.install.linux
+index e53b8e3..1d25bfe 100755
+--- a/bin/Sophos.install.linux
++++ b/bin/Sophos.install.linux
+@@ -122,9 +122,11 @@ else
+   # Remove the Sophos root cron job
+   sleep 5
+   echo 'Commenting out root cron job.'
+-  rm -f /tmp/crontab.$$
+-  crontab -l | sed -e 's/^\(.*savupdate.*\)$/# &/' > /tmp/crontab.$$
+-  crontab /tmp/crontab.$$
++
++  crontmpfile=$(tempfile) || { echo "$0: Cannot create temporary file" >&2; exit 1; }
++  crontab -l | sed -e 's/^\(.*savupdate.*\)$/# &/' > $crontmpfile
++  crontab $crontmpfile
++  rm -f $crontmpfile
+ 
+   # Shutdown and kill off all the Sophos V6 daemons
+   sleep 2
+diff --git a/bin/Sophos.install.solaris b/bin/Sophos.install.solaris
+index e92abf6..ed23c3a 100755
+--- a/bin/Sophos.install.solaris
++++ b/bin/Sophos.install.solaris
+@@ -97,9 +97,11 @@ else
+   # Remove the Sophos root cron job
+   sleep 5
+   echo 'Commenting out root cron job.'
+-  rm -f /tmp/crontab.$$
+-  crontab -l | sed -e 's/^\(.*savupdate.*\)$/# &/' > /tmp/crontab.$$
+-  crontab /tmp/crontab.$$
++
++  crontmpfile=$(tempfile) || { echo "$0: Cannot create temporary file" >&2; exit 1; }
++  crontab -l | sed -e 's/^\(.*savupdate.*\)$/# &/' > $crontmpfile
++  crontab $crontmpfile
++  rm -f $crontmpfile
+ 
+   # Can't easily do service management on Solaris
+   ## Shutdown and kill off all the Sophos V5 daemons
+diff --git a/lib/MailScanner/CustomFunctions/DavidHooton.pm b/lib/MailScanner/CustomFunctions/DavidHooton.pm
+index 508e73a..17716a2 100644
+--- a/lib/MailScanner/CustomFunctions/DavidHooton.pm
++++ b/lib/MailScanner/CustomFunctions/DavidHooton.pm
+@@ -6,6 +6,7 @@
+ package MailScanner::CustomConfig;
+ 
+ use DirHandle;
++use File::Temp qw(tempfile tempdir);
+ 
+ use strict 'vars';
+ use strict 'refs';
+@@ -47,7 +48,8 @@ sub InitInlineTextSignature {
+   $LastMessage = undef;
+   $SigTxt = "";
+   $SigHTML = "";
+-  $TempDir = "/tmp/SignRandom.$$";
++  my($tmpfh, $tmpfile) = tempfile("SignRandom.XXXXXX", TMPDIR => 1, UNLINK => 0);
++  $TempDir = $tmpfile;
+ }
+ 
+ sub InitInlineHTMLSignature {
+@@ -57,7 +59,8 @@ sub InitInlineHTMLSignature {
+   $LastMessage = undef;
+   $SigTxt = "";
+   $SigHTML = "";
+-  $TempDir = "/tmp/SignRandom.$$";
++  my($tmpfh, $tmpfile) = tempfile("SignRandom.XXXXXX", TMPDIR => 1, UNLINK => 0);
++  $TempDir = $tmpfile;
+ }
+ 
+ sub EndInlineTextSignature {
+diff --git a/lib/MailScanner/CustomFunctions/LastSpam.pm b/lib/MailScanner/CustomFunctions/LastSpam.pm
+index b79ef55..bf4e205 100644
+--- a/lib/MailScanner/CustomFunctions/LastSpam.pm
++++ b/lib/MailScanner/CustomFunctions/LastSpam.pm
+@@ -18,6 +18,7 @@
+ package MailScanner::CustomConfig;
+ 
+ use FileHandle;
++use File::Temp qw(tempfile tempdir);
+ 
+ use strict 'vars';
+ use strict 'refs';
+@@ -29,7 +30,8 @@ use vars qw($VERSION);
+ $VERSION = substr q$Revision: 1.1.2.1 $, 10;
+ 
+ my $Debug = 0; # Set to 1 to enable debug output to STDERR
+-my $tmpfilename = "/tmp/MailScanner.LastSpam.$$.conf"; # Temp MS.conf file
++# Temp MS.conf file
++my($tmpfh, $tmpfilename) = tempfile("MailScanner.LastSpam.XXXXXX", TMPDIR => 1, UNLINK => 0);
+ my %modtime = (); # Time domain list magic word file was last changed
+ my %filename = (); # Map Config option to magic word file
+ my %magicwords = {}; # Map Config option --> domains --> magic words
+diff --git a/lib/MailScanner/CustomFunctions/Ruleset-from-Function.pm b/lib/MailScanner/CustomFunctions/Ruleset-from-Function.pm
+index fef4066..3a15f5f 100644
+--- a/lib/MailScanner/CustomFunctions/Ruleset-from-Function.pm
++++ b/lib/MailScanner/CustomFunctions/Ruleset-from-Function.pm
+@@ -18,6 +18,7 @@
+ package MailScanner::CustomConfig;
+ 
+ use FileHandle;
++use File::Temp qw(tempfile tempdir);
+ 
+ use strict 'vars';
+ use strict 'refs';
+@@ -29,7 +30,7 @@ use vars qw($VERSION);
+ $VERSION = substr q$Revision: 1.1.2.1 $, 10;
+ 
+ my $Debug = 0; # Set to 1 to enable debug output to STDERR
+-my $tmpfilename = "/tmp/MailScanner.$$.conf"; # Temp MS.conf file
++my($tmpfh, $tmpfilename) = tempfile("MailScanner.XXXXXX", TMPDIR => 1, UNLINK => 0);
+ 
+ 
+ 
+diff --git a/lib/MailScanner/TNEF.pm b/lib/MailScanner/TNEF.pm
+index 8fe1e64..7be0aee 100644
+--- a/lib/MailScanner/TNEF.pm
++++ b/lib/MailScanner/TNEF.pm
+@@ -228,7 +228,8 @@ sub ExternalDecoder {
+   my($dir, $tnefname, $message, $perms, $owner, $group, $change) = @_;
+ 
+   # Create the subdir to unpack it into
+-  my $unpackdir = "tnef.$$";
++  my ($tmpfh, $unpackdir) = tempfile("tnefXXXXXX", TMPDIR => $dir, UNLINK => 0);
++  $dir =~ s,^.*/,,;
+   $unpackdir = $message->MakeNameSafe($unpackdir, $dir);
+   unless (mkdir "$dir/$unpackdir", 0777) {
+     MailScanner::Log::WarnLog("Trying to unpack %s in message %s, could not create subdirectory %s, failed to unpack TNEF message", $tnefname, $message->{id},
+diff --git a/lib/bitdefender-wrapper b/lib/bitdefender-wrapper
+index ff277a2..4b0b72c 100755
+--- a/lib/bitdefender-wrapper
++++ b/lib/bitdefender-wrapper
+@@ -33,7 +33,8 @@ shift
+ prog=bdc
+ extras=''
+ 
+-LogFile=/tmp/log.bdc.$$
++LogFile=$(tempfile) || { echo "$0: Cannot create temporary file" >&2; exit 1; }
++
+ 
+ if [ -x ${PackageDir}/bdscan ]; then
+   # Version 7.5 is installed
+diff --git a/lib/clamav-wrapper b/lib/clamav-wrapper
+index 86be77b..70c82ab 100755
+--- a/lib/clamav-wrapper
++++ b/lib/clamav-wrapper
+@@ -51,7 +51,7 @@
+ 
+ # You may want to check this script for bash-isms
+ 
+-TempDir="/tmp/clamav.$$"
++TempDir=$(tempfile) || { echo "$0: Cannot make name for temporary dir" >&2; exit 1;  }
+ ClamUser="clamav"
+ ClamGroup="clamav"
+ 
+diff --git a/lib/kaspersky-wrapper b/lib/kaspersky-wrapper
+index 53c3e8b..182f7f3 100755
+--- a/lib/kaspersky-wrapper
++++ b/lib/kaspersky-wrapper
+@@ -41,7 +41,7 @@ shift
+ # For KAV4FS 5.5
+ Scanner=kav4fs/bin/kav4fs-kavscanner
+ if [ -x ${PackageDir}/$Scanner ]; then
+-  Report=/tmp/kavoutput.tmp.$$
++  Report=$(tempfile) || { echo "$0: Cannot create temporary file" >&2; exit 1; }
+   ScanOptions="-xp -i0" # Don't report progress, don't attempt to clean
+   if [ "x$1" = "x-IsItInstalled" ]; then
+     exit 0
+@@ -59,7 +59,7 @@ fi
+ # For KAV 5.5.0
+ Scanner=kav4unix/bin/kavscanner
+ if [ -x ${PackageDir}/$Scanner ]; then
+-  Report=/tmp/kavoutput.tmp.$$
++  Report=$(tempfile) || { echo "$0: Cannot create temporary file" >&2; exit 1; }
+   ScanOptions="-xp -i0" # Don't report progress, don't attempt to clean
+   if [ "x$1" = "x-IsItInstalled" ]; then
+     exit 0
+@@ -77,7 +77,7 @@ fi
+ # For KAV 4.5.0
+ Scanner=bin/kavscanner
+ if [ -x ${PackageDir}/$Scanner ]; then
+-  Report=/tmp/kavoutput.tmp.$$
++  Report=$(tempfile) || { echo "$0: Cannot create temporary file" >&2; exit 1; }
+   ScanOptions="-xp -i0" # Don't report progress, don't attempt to clean
+   if [ "x$1" = "x-IsItInstalled" ]; then
+     exit 0
+diff --git a/lib/trend-autoupdate b/lib/trend-autoupdate
+index 198a13c..e262bb5 100755
+--- a/lib/trend-autoupdate
++++ b/lib/trend-autoupdate
+@@ -15,7 +15,8 @@ shift
+ # Throw away lockfile
+ shift
+ 
+-TEMPDIR=/tmp/trend-update.$$
++TEMPDIR=$(tempfile) || { echo "$0: Cannot create temporary file" >&2; exit 1; }
++
+ # In case it's a link
+ rm -f $TEMPDIR >/dev/null 2>&1
+ # In case it's a dir
+-- 
+1.7.1
+
diff -Nru mailscanner-4.79.11/debian/patches/series mailscanner-4.79.11/debian/patches/series
--- mailscanner-4.79.11/debian/patches/series	2010-04-11 18:29:44.000000000 +0300
+++ mailscanner-4.79.11/debian/patches/series	2010-10-18 00:40:35.000000000 +0300
@@ -14,3 +14,4 @@
 clean.SA.cache.patch
 processing_messages_alert.patch
 update_bad_phishing_emails.patch
+CVE-2010-3095--bug596403.patch

Reply via email to