Update to 1.6.1nb1: fix temporary file creation vulnerability;

from Tim Waugh via Debian.

4 files changed, 107 insertions, 2 deletions

diff --git a/print/enscript/Makefile b/print/enscript/Makefile
index 26c1422d35b..c9f6267da33 100644
--- a/print/enscript/Makefile
+++ b/print/enscript/Makefile
@@ -1,8 +1,9 @@
-# $NetBSD: Makefile,v 1.19 2001/09/27 23:18:36 jlam Exp $
+# $NetBSD: Makefile,v 1.20 2002/01/25 18:57:58 kleink Exp $
 # FreeBSD Id: Makefile,v 1.4 1997/11/27 08:10:30 tg Exp
 #
 
 DISTNAME=		enscript-1.6.1
+PKGREVISION=		1
 CATEGORIES=		print
 MASTER_SITES=		${MASTER_SITE_GNU:=enscript/}
 
diff --git a/print/enscript/distinfo b/print/enscript/distinfo
index 1a50d28cb95..0976df97a9c 100644
--- a/print/enscript/distinfo
+++ b/print/enscript/distinfo
@@ -1,4 +1,6 @@
-$NetBSD: distinfo,v 1.2 2001/04/20 12:41:49 agc Exp $
+$NetBSD: distinfo,v 1.3 2002/01/25 18:57:59 kleink Exp $
 
 SHA1 (enscript-1.6.1.tar.gz) = f99e21a8366baf331daaa6675d7c9d2dc026eb27
 Size (enscript-1.6.1.tar.gz) = 645856 bytes
+SHA1 (patch-aa) = 7cab0636de9b4551391a6c2753eaf0c8c2a01679
+SHA1 (patch-ab) = 1cb3f286421dc772475246617ec270d887971018
diff --git a/print/enscript/patches/patch-aa b/print/enscript/patches/patch-aa
new file mode 100644
index 00000000000..5c91ded87fe
--- /dev/null
+++ b/print/enscript/patches/patch-aa
@@ -0,0 +1,45 @@
+$NetBSD: patch-aa,v 1.1 2002/01/25 18:58:02 kleink Exp $
+
+--- src/main.c.orig	Thu Jun 25 10:26:00 1998
++++ src/main.c	Fri Jan 25 19:35:40 2002
+@@ -642,7 +642,6 @@
+  * Print Table of Contents page.
+  */
+ int toc = 0;
+-char toc_fname[512];
+ FILE *toc_fp;
+ char *toc_fmt_string;
+ 
+@@ -1429,19 +1428,10 @@
+       /* Table of Contents. */
+       if (toc)
+ 	{
+-	  cp = tmpnam (toc_fname);
+-	  if (cp == NULL)
++	  toc_fp = tmpfile ();
++	  if (toc_fp == NULL)
+ 	    FATAL ((stderr, _("couldn't create toc file name: %s"),
+ 		    strerror (errno)));
+-
+-	  toc_fp = fopen (toc_fname, "w+b");
+-	  if (toc_fp == NULL)
+-	    FATAL ((stderr, _("couldn't create toc file \"%s\": %s"),
+-		    toc_fname, strerror (errno)));
+-
+-	  if (remove (toc_fname) == 0)
+-	    /* Remove successfull, no need to remove file at exit. */
+-	    toc_fname[0] = '\0';
+ 	}
+ 
+ 
+@@ -1519,10 +1509,6 @@
+ 
+ 	  /* Clean up toc file. */
+ 	  fclose (toc_fp);
+-
+-	  /* Do we have to remove the toc file? */
+-	  if (toc_fname[0])
+-	    (void) remove (toc_fname);
+ 	}
+ 
+       /* Give trailer a chance to dump itself. */
diff --git a/print/enscript/patches/patch-ab b/print/enscript/patches/patch-ab
new file mode 100644
index 00000000000..12d40ccb4bd
--- /dev/null
+++ b/print/enscript/patches/patch-ab
@@ -0,0 +1,57 @@
+$NetBSD: patch-ab,v 1.1 2002/01/25 18:58:02 kleink Exp $
+
+--- src/psgen.c.orig	Thu Jun 25 09:18:54 1998
++++ src/psgen.c	Fri Jan 25 19:39:07 2002
+@@ -2398,7 +2398,7 @@
+ read_float (InputStream *is, int units, int horizontal)
+ {
+   char buf[256];
+-  int i, ch;
++  int i, ch = 0;
+   double val;
+ 
+   for (i = 0; (i < sizeof (buf) - 1
+@@ -2618,31 +2618,15 @@
+ static void
+ divert ()
+ {
+-  char *cp;
+-
+   assert (divertfp == NULL);
+ 
+   /* Open divert file. */
+ 
+-  cp = tempnam (NULL, "ens");
+-  if (cp == NULL)
+-    FATAL ((stderr, _("couldn't create divert file name: %s"),
+-	    strerror (errno)));
+-
+-  strcpy (divertfname, cp);
+-
+-  divertfp = fopen (divertfname, "w+b");
++  divertfp = tmpfile ();
+   if (divertfp == NULL)
+     FATAL ((stderr, _("couldn't create divert file \"%s\": %s"), divertfname,
+ 	    strerror (errno)));
+ 
+-  if (remove (divertfname) == 0)
+-    /* Remove successfull, no need to remove file in undivert(). */
+-    divertfname[0] = '\0';
+-
+-  /* Free the buffer allocated by tempnam(). */
+-  free (cp);
+-
+   cofp = divertfp;
+ }
+ 
+@@ -2696,10 +2680,6 @@
+ 
+   fclose (divertfp);
+   divertfp = NULL;
+-
+-  /* Do we have to remove the divert file? */
+-  if (divertfname[0])
+-    (void) remove (divertfname);
+ 
+   cofp = ofp;
+ }