add patch from Fedora to fix insecure /tmp file use (CVE-2001-1593)

bump PKGREV

4 files changed, 76 insertions, 3 deletions

diff --git a/print/a2ps/Makefile b/print/a2ps/Makefile
index 021d0df238e..a9311d53f1c 100644
--- a/print/a2ps/Makefile
+++ b/print/a2ps/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.75 2013/05/31 12:41:47 wiz Exp $
+# $NetBSD: Makefile,v 1.76 2014/02/05 17:20:31 drochner Exp $
 
 DISTNAME=		a2ps-4.14
-PKGREVISION=		4
+PKGREVISION=		5
 CATEGORIES=		print
 MASTER_SITES=		${MASTER_SITE_GNU:=a2ps/} \
 			ftp://ftp.enst.fr/pub/unix/a2ps/
diff --git a/print/a2ps/distinfo b/print/a2ps/distinfo
index 28f830f4dec..a8d3b996cec 100644
--- a/print/a2ps/distinfo
+++ b/print/a2ps/distinfo
@@ -1,8 +1,10 @@
-$NetBSD: distinfo,v 1.13 2012/03/23 18:44:23 marino Exp $
+$NetBSD: distinfo,v 1.14 2014/02/05 17:20:31 drochner Exp $
 
 SHA1 (a2ps-4.14.tar.gz) = 365abbbe4b7128bf70dad16d06e23c5701874852
 RMD160 (a2ps-4.14.tar.gz) = a5105d6256a809483e099519325979aaaff7219e
 Size (a2ps-4.14.tar.gz) = 2552507 bytes
+SHA1 (patch-CVE-2001-1593_1) = d0ce811248c33c5df6952f84176c2901ca4bd176
+SHA1 (patch-CVE-2001-1593_2) = f3a40104b0c510480ce5107a8acf2924d4ef5974
 SHA1 (patch-aa) = 6317b6abca697388538fc705037da55379a4e1e1
 SHA1 (patch-ab) = 7b1f1e3ed2af47e7d9864ec2dbcd7d105f93632a
 SHA1 (patch-ac) = 8e09c4c3b320b58bf12c4266d4d22977b5f9b826
diff --git a/print/a2ps/patches/patch-CVE-2001-1593_1 b/print/a2ps/patches/patch-CVE-2001-1593_1
new file mode 100644
index 00000000000..a5fda99d643
--- /dev/null
+++ b/print/a2ps/patches/patch-CVE-2001-1593_1
@@ -0,0 +1,57 @@
+$NetBSD: patch-CVE-2001-1593_1,v 1.1 2014/02/05 17:20:31 drochner Exp $
+
+http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737385
+
+--- lib/routines.c.orig	2007-12-29 01:58:23.000000000 +0000
++++ lib/routines.c
+@@ -242,3 +242,50 @@ unlink2 (PARAM_UNUSED void * dummy, cons
+   /* Don't complain if you can't unlink.  Who cares of a tmp file? */
+   unlink (filename);
+ }
++
++/*
++ * Securely generate a temp file, and make sure it gets
++ * deleted upon exit.
++ */
++static char **	tempfiles;
++static unsigned	ntempfiles;
++
++static void
++cleanup_tempfiles()
++{
++	while (ntempfiles--)
++		unlink(tempfiles[ntempfiles]);
++}
++
++char *
++safe_tempnam(const char *pfx)
++{
++	char	*dirname, *filename;
++	int	fd;
++
++	if (!(dirname = getenv("TMPDIR")))
++		dirname = "/tmp";
++
++	tempfiles = (char **) realloc(tempfiles,
++			(ntempfiles+1) * sizeof(char *));
++	if (tempfiles == NULL)
++		return NULL;
++
++	filename = malloc(strlen(dirname) + strlen(pfx) + sizeof("/XXXXXX"));
++	if (!filename)
++		return NULL;
++
++	sprintf(filename, "%s/%sXXXXXX", dirname, pfx);
++
++	if ((fd = mkstemp(filename)) < 0) {
++		free(filename);
++		return NULL;
++	}
++	close(fd);
++
++	if (ntempfiles == 0)
++		atexit(cleanup_tempfiles);
++	tempfiles[ntempfiles++] = filename;
++
++	return filename;
++}
diff --git a/print/a2ps/patches/patch-CVE-2001-1593_2 b/print/a2ps/patches/patch-CVE-2001-1593_2
new file mode 100644
index 00000000000..8f74dd6c8f7
--- /dev/null
+++ b/print/a2ps/patches/patch-CVE-2001-1593_2
@@ -0,0 +1,14 @@
+$NetBSD: patch-CVE-2001-1593_2,v 1.1 2014/02/05 17:20:31 drochner Exp $
+
+--- lib/routines.h.orig	2007-12-29 01:37:59.000000000 +0000
++++ lib/routines.h
+@@ -255,7 +255,8 @@ FILE * xwpopen PARAMS ((const char * com
+ /* If _STR_ is not defined, give it a tempname in _TMPDIR_ */
+ #define tempname_ensure(Str)				\
+ do {							\
+-  (Str) = (Str) ? (Str) : tempnam (NULL, "a2_");	\
++  (Str) = (Str) ? (Str) : safe_tempnam("a2_");	\
+ } while (0)
++char * safe_tempnam(const char *);
+ 
+ #endif