summaryrefslogtreecommitdiff
path: root/print
diff options
context:
space:
mode:
authorsalo <salo@pkgsrc.org>2005-06-09 14:53:49 +0000
committersalo <salo@pkgsrc.org>2005-06-09 14:53:49 +0000
commit1c0b66e6e09ef7061705befb715a506a2867b7c9 (patch)
tree2f08ccc01900d6d8af6a3fa4ef67e7a91a6f3f7a /print
parent3e339eb31918b16b29a5842c97e9f62589bf4d1c (diff)
downloadpkgsrc-1c0b66e6e09ef7061705befb715a506a2867b7c9.tar.gz
Security fix for CAN-2004-1377:
"The fixps and psmandup scripts in a2ps allow local users to overwrite arbitrary files via a symlink attack on temporary files." Patches from Gentoo with few minor issues corrected.
Diffstat (limited to 'print')
-rw-r--r--print/a2ps/Makefile10
-rw-r--r--print/a2ps/distinfo4
-rw-r--r--print/a2ps/patches/patch-ad31
-rw-r--r--print/a2ps/patches/patch-ae32
4 files changed, 74 insertions, 3 deletions
diff --git a/print/a2ps/Makefile b/print/a2ps/Makefile
index 8a4c2da4e02..25ddf18bc2c 100644
--- a/print/a2ps/Makefile
+++ b/print/a2ps/Makefile
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.53 2005/05/22 20:08:27 jlam Exp $
+# $NetBSD: Makefile,v 1.54 2005/06/09 14:53:49 salo Exp $
DISTNAME= a2ps-4.13b
PKGNAME= a2ps-4.13.0.2
-PKGREVISION= 6
+PKGREVISION= 7
CATEGORIES= print
MASTER_SITES= ${MASTER_SITE_GNU:=a2ps/} \
ftp://ftp.enst.fr/pub/unix/a2ps/
@@ -14,6 +14,12 @@ COMMENT= Formats an ascii file for printing on a postscript printer
DEPENDS+= papersize>=1.0.2:../../print/papersize
DEPENDS+= psutils>=1.17:../../print/psutils
+.include "../../mk/bsd.prefs.mk"
+
+.if empty(OPSYS:M*BSD)
+DEPENDS+= mktemp>=1.5:../../sysutils/mktemp
+.endif
+
WRKSRC= ${WRKDIR}/a2ps-4.13
STRIP= # empty
diff --git a/print/a2ps/distinfo b/print/a2ps/distinfo
index b4c1d780a1e..26be828a0f5 100644
--- a/print/a2ps/distinfo
+++ b/print/a2ps/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.8 2005/02/24 12:51:41 agc Exp $
+$NetBSD: distinfo,v 1.9 2005/06/09 14:53:49 salo Exp $
SHA1 (a2ps-4.13b.tar.gz) = cfc79a3e54115e569f667fa3fd2c2ec16d22b31a
RMD160 (a2ps-4.13b.tar.gz) = affc47a7487f2459184be0be76e49b1e185fc53d
@@ -6,3 +6,5 @@ Size (a2ps-4.13b.tar.gz) = 1944289 bytes
SHA1 (patch-aa) = 67f0c9ddf6e9829aeecb3de596c925d451990877
SHA1 (patch-ab) = ba7446a32733d60910036190be957045d4ec1218
SHA1 (patch-ac) = 5daaedd3866c731206b829124d8a3f4741512d17
+SHA1 (patch-ad) = a9ed67aeb2723153e1023980ff69086bca0f1f59
+SHA1 (patch-ae) = 34b45a6c37b721547d23c1d65e51b6e919cb3671
diff --git a/print/a2ps/patches/patch-ad b/print/a2ps/patches/patch-ad
new file mode 100644
index 00000000000..347d466215f
--- /dev/null
+++ b/print/a2ps/patches/patch-ad
@@ -0,0 +1,31 @@
+$NetBSD: patch-ad,v 1.4 2005/06/09 14:53:49 salo Exp $
+
+Fix for CAN-2004-1377
+
+--- contrib/fixps.in.orig 2000-02-21 09:16:15.000000000 +0100
++++ contrib/fixps.in 2005-06-09 16:45:42.000000000 +0200
+@@ -38,7 +38,6 @@
+ run_gs=0
+ # What action to perform: fixps, cat, check, and gs
+ task=fixps
+-tmpdir=/tmp/$program.$$
+ verbose=echo
+
+ # The version/usage strings
+@@ -183,6 +182,8 @@
+ exit 1;;
+ esac
+
++tmpdir=`mktemp -d -t fixps.XXXXXX` || { echo "$program: Cannot create temporary directory!" >&2 ; exit 1; }
++
+ if test -n "$debug"; then
+ # Set -x now if debugging
+ set -x
+@@ -191,7 +192,6 @@
+ trap "/bin/rm -rf $tmpdir" 0 1 2 3 13 15
+ fi
+
+-mkdir $tmpdir
+ fixps_sed=$tmpdir/fixps.sed
+
+ # If printing from stdin, save into a tmp file
diff --git a/print/a2ps/patches/patch-ae b/print/a2ps/patches/patch-ae
new file mode 100644
index 00000000000..df873963442
--- /dev/null
+++ b/print/a2ps/patches/patch-ae
@@ -0,0 +1,32 @@
+$NetBSD: patch-ae,v 1.4 2005/06/09 14:53:49 salo Exp $
+
+Fix for CAN-2004-1377
+
+--- contrib/psmandup.in.orig 1999-10-24 15:06:42.000000000 +0200
++++ contrib/psmandup.in 2005-06-09 16:46:24.000000000 +0200
+@@ -36,7 +36,6 @@
+ message=
+ psselect=${PSSELECT:-psselect}
+ psset=${PSSET:-psset}
+-tmpdir=/tmp/$program.$$
+
+ # These two must be kept in synch. They are opposed.
+ verbose=echo
+@@ -177,6 +176,8 @@
+ exit 1;;
+ esac
+
++tmpdir=`mktemp -d -t psmandup.XXXXXX` || { echo "$program: Cannot create temporary directory!" >&2 ; exit 1; }
++
+ if test -n "$debug"; then
+ # Set -x now if debugging
+ set -x
+@@ -185,8 +186,6 @@
+ trap "/bin/rm -rf $tmpdir" 0 1 2 3 13 15
+ fi
+
+-mkdir $tmpdir
+-
+ # If printing from stdin, save into a tmp file
+ if test $file = '-'; then
+ file=$tmpdir/stdin.ps