Security fix for CAN-2004-1377:

"The fixps and psmandup scripts in a2ps allow local users to overwrite
 arbitrary files via a symlink attack on temporary files."

Patches from Gentoo with few minor issues corrected.

4 files changed, 74 insertions, 3 deletions

diff --git a/print/a2ps/Makefile b/print/a2ps/Makefile
index 8a4c2da4e02..25ddf18bc2c 100644
--- a/print/a2ps/Makefile
+++ b/print/a2ps/Makefile
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.53 2005/05/22 20:08:27 jlam Exp $
+# $NetBSD: Makefile,v 1.54 2005/06/09 14:53:49 salo Exp $
 
 DISTNAME=		a2ps-4.13b
 PKGNAME=		a2ps-4.13.0.2
-PKGREVISION=		6
+PKGREVISION=		7
 CATEGORIES=		print
 MASTER_SITES=		${MASTER_SITE_GNU:=a2ps/} \
 			ftp://ftp.enst.fr/pub/unix/a2ps/
@@ -14,6 +14,12 @@ COMMENT=		Formats an ascii file for printing on a postscript printer
 DEPENDS+=		papersize>=1.0.2:../../print/papersize
 DEPENDS+=		psutils>=1.17:../../print/psutils
 
+.include "../../mk/bsd.prefs.mk"
+
+.if empty(OPSYS:M*BSD)
+DEPENDS+=		mktemp>=1.5:../../sysutils/mktemp
+.endif
+
 WRKSRC=			${WRKDIR}/a2ps-4.13
 STRIP=			# empty
 
diff --git a/print/a2ps/distinfo b/print/a2ps/distinfo
index b4c1d780a1e..26be828a0f5 100644
--- a/print/a2ps/distinfo
+++ b/print/a2ps/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.8 2005/02/24 12:51:41 agc Exp $
+$NetBSD: distinfo,v 1.9 2005/06/09 14:53:49 salo Exp $
 
 SHA1 (a2ps-4.13b.tar.gz) = cfc79a3e54115e569f667fa3fd2c2ec16d22b31a
 RMD160 (a2ps-4.13b.tar.gz) = affc47a7487f2459184be0be76e49b1e185fc53d
@@ -6,3 +6,5 @@ Size (a2ps-4.13b.tar.gz) = 1944289 bytes
 SHA1 (patch-aa) = 67f0c9ddf6e9829aeecb3de596c925d451990877
 SHA1 (patch-ab) = ba7446a32733d60910036190be957045d4ec1218
 SHA1 (patch-ac) = 5daaedd3866c731206b829124d8a3f4741512d17
+SHA1 (patch-ad) = a9ed67aeb2723153e1023980ff69086bca0f1f59
+SHA1 (patch-ae) = 34b45a6c37b721547d23c1d65e51b6e919cb3671
diff --git a/print/a2ps/patches/patch-ad b/print/a2ps/patches/patch-ad
new file mode 100644
index 00000000000..347d466215f
--- /dev/null
+++ b/print/a2ps/patches/patch-ad
@@ -0,0 +1,31 @@
+$NetBSD: patch-ad,v 1.4 2005/06/09 14:53:49 salo Exp $
+
+Fix for CAN-2004-1377
+
+--- contrib/fixps.in.orig	2000-02-21 09:16:15.000000000 +0100
++++ contrib/fixps.in	2005-06-09 16:45:42.000000000 +0200
+@@ -38,7 +38,6 @@
+ run_gs=0
+ # What action to perform: fixps, cat, check, and gs
+ task=fixps
+-tmpdir=/tmp/$program.$$
+ verbose=echo
+ 
+ # The version/usage strings
+@@ -183,6 +182,8 @@
+       exit 1;;
+ esac
+ 
++tmpdir=`mktemp -d -t fixps.XXXXXX` || { echo "$program: Cannot create temporary directory!" >&2 ; exit 1; }
++
+ if test -n "$debug"; then
+   # Set -x now if debugging
+   set -x
+@@ -191,7 +192,6 @@
+   trap "/bin/rm -rf $tmpdir" 0 1 2 3 13 15
+ fi
+ 
+-mkdir $tmpdir
+ fixps_sed=$tmpdir/fixps.sed
+ 
+ # If printing from stdin, save into a tmp file
diff --git a/print/a2ps/patches/patch-ae b/print/a2ps/patches/patch-ae
new file mode 100644
index 00000000000..df873963442
--- /dev/null
+++ b/print/a2ps/patches/patch-ae
@@ -0,0 +1,32 @@
+$NetBSD: patch-ae,v 1.4 2005/06/09 14:53:49 salo Exp $
+
+Fix for CAN-2004-1377
+
+--- contrib/psmandup.in.orig	1999-10-24 15:06:42.000000000 +0200
++++ contrib/psmandup.in	2005-06-09 16:46:24.000000000 +0200
+@@ -36,7 +36,6 @@
+ message=
+ psselect=${PSSELECT:-psselect}
+ psset=${PSSET:-psset}
+-tmpdir=/tmp/$program.$$
+ 
+ # These two must be kept in synch.  They are opposed.
+ verbose=echo
+@@ -177,6 +176,8 @@
+       exit 1;;
+ esac
+ 
++tmpdir=`mktemp -d -t psmandup.XXXXXX` || { echo "$program: Cannot create temporary directory!" >&2 ; exit 1; }
++
+ if test -n "$debug"; then
+   # Set -x now if debugging
+   set -x
+@@ -185,8 +186,6 @@
+   trap "/bin/rm -rf $tmpdir" 0 1 2 3 13 15
+ fi
+ 
+-mkdir $tmpdir
+-
+ # If printing from stdin, save into a tmp file
+ if test $file = '-'; then
+   file=$tmpdir/stdin.ps