diff options
| author | salo <salo> | 2005-06-09 14:53:49 +0000 |
|---|---|---|
| committer | salo <salo> | 2005-06-09 14:53:49 +0000 |
| commit | 7700e566d02cb786706a642d1d479a3f73d85990 (patch) | |
| tree | 2f08ccc01900d6d8af6a3fa4ef67e7a91a6f3f7a /print/a2ps/patches | |
| parent | 25b039a48b6981b8da4808415c9efc454c3525c0 (diff) | |
| download | pkgsrc-7700e566d02cb786706a642d1d479a3f73d85990.tar.gz | |
Security fix for CAN-2004-1377:
"The fixps and psmandup scripts in a2ps allow local users to overwrite
arbitrary files via a symlink attack on temporary files."
Patches from Gentoo with few minor issues corrected.
Diffstat (limited to 'print/a2ps/patches')
| -rw-r--r-- | print/a2ps/patches/patch-ad | 31 | ||||
| -rw-r--r-- | print/a2ps/patches/patch-ae | 32 |
2 files changed, 63 insertions, 0 deletions
diff --git a/print/a2ps/patches/patch-ad b/print/a2ps/patches/patch-ad new file mode 100644 index 00000000000..347d466215f --- /dev/null +++ b/print/a2ps/patches/patch-ad @@ -0,0 +1,31 @@ +$NetBSD: patch-ad,v 1.4 2005/06/09 14:53:49 salo Exp $ + +Fix for CAN-2004-1377 + +--- contrib/fixps.in.orig 2000-02-21 09:16:15.000000000 +0100 ++++ contrib/fixps.in 2005-06-09 16:45:42.000000000 +0200 +@@ -38,7 +38,6 @@ + run_gs=0 + # What action to perform: fixps, cat, check, and gs + task=fixps +-tmpdir=/tmp/$program.$$ + verbose=echo + + # The version/usage strings +@@ -183,6 +182,8 @@ + exit 1;; + esac + ++tmpdir=`mktemp -d -t fixps.XXXXXX` || { echo "$program: Cannot create temporary directory!" >&2 ; exit 1; } ++ + if test -n "$debug"; then + # Set -x now if debugging + set -x +@@ -191,7 +192,6 @@ + trap "/bin/rm -rf $tmpdir" 0 1 2 3 13 15 + fi + +-mkdir $tmpdir + fixps_sed=$tmpdir/fixps.sed + + # If printing from stdin, save into a tmp file diff --git a/print/a2ps/patches/patch-ae b/print/a2ps/patches/patch-ae new file mode 100644 index 00000000000..df873963442 --- /dev/null +++ b/print/a2ps/patches/patch-ae @@ -0,0 +1,32 @@ +$NetBSD: patch-ae,v 1.4 2005/06/09 14:53:49 salo Exp $ + +Fix for CAN-2004-1377 + +--- contrib/psmandup.in.orig 1999-10-24 15:06:42.000000000 +0200 ++++ contrib/psmandup.in 2005-06-09 16:46:24.000000000 +0200 +@@ -36,7 +36,6 @@ + message= + psselect=${PSSELECT:-psselect} + psset=${PSSET:-psset} +-tmpdir=/tmp/$program.$$ + + # These two must be kept in synch. They are opposed. + verbose=echo +@@ -177,6 +176,8 @@ + exit 1;; + esac + ++tmpdir=`mktemp -d -t psmandup.XXXXXX` || { echo "$program: Cannot create temporary directory!" >&2 ; exit 1; } ++ + if test -n "$debug"; then + # Set -x now if debugging + set -x +@@ -185,8 +186,6 @@ + trap "/bin/rm -rf $tmpdir" 0 1 2 3 13 15 + fi + +-mkdir $tmpdir +- + # If printing from stdin, save into a tmp file + if test $file = '-'; then + file=$tmpdir/stdin.ps |