diff options
Diffstat (limited to 'print')
| -rw-r--r-- | print/a2ps/Makefile | 4 | ||||
| -rw-r--r-- | print/a2ps/distinfo | 4 | ||||
| -rw-r--r-- | print/a2ps/patches/patch-CVE-2001-1593_1 | 57 | ||||
| -rw-r--r-- | print/a2ps/patches/patch-CVE-2001-1593_2 | 14 |
4 files changed, 76 insertions, 3 deletions
diff --git a/print/a2ps/Makefile b/print/a2ps/Makefile index 021d0df238e..a9311d53f1c 100644 --- a/print/a2ps/Makefile +++ b/print/a2ps/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.75 2013/05/31 12:41:47 wiz Exp $ +# $NetBSD: Makefile,v 1.76 2014/02/05 17:20:31 drochner Exp $ DISTNAME= a2ps-4.14 -PKGREVISION= 4 +PKGREVISION= 5 CATEGORIES= print MASTER_SITES= ${MASTER_SITE_GNU:=a2ps/} \ ftp://ftp.enst.fr/pub/unix/a2ps/ diff --git a/print/a2ps/distinfo b/print/a2ps/distinfo index 28f830f4dec..a8d3b996cec 100644 --- a/print/a2ps/distinfo +++ b/print/a2ps/distinfo @@ -1,8 +1,10 @@ -$NetBSD: distinfo,v 1.13 2012/03/23 18:44:23 marino Exp $ +$NetBSD: distinfo,v 1.14 2014/02/05 17:20:31 drochner Exp $ SHA1 (a2ps-4.14.tar.gz) = 365abbbe4b7128bf70dad16d06e23c5701874852 RMD160 (a2ps-4.14.tar.gz) = a5105d6256a809483e099519325979aaaff7219e Size (a2ps-4.14.tar.gz) = 2552507 bytes +SHA1 (patch-CVE-2001-1593_1) = d0ce811248c33c5df6952f84176c2901ca4bd176 +SHA1 (patch-CVE-2001-1593_2) = f3a40104b0c510480ce5107a8acf2924d4ef5974 SHA1 (patch-aa) = 6317b6abca697388538fc705037da55379a4e1e1 SHA1 (patch-ab) = 7b1f1e3ed2af47e7d9864ec2dbcd7d105f93632a SHA1 (patch-ac) = 8e09c4c3b320b58bf12c4266d4d22977b5f9b826 diff --git a/print/a2ps/patches/patch-CVE-2001-1593_1 b/print/a2ps/patches/patch-CVE-2001-1593_1 new file mode 100644 index 00000000000..a5fda99d643 --- /dev/null +++ b/print/a2ps/patches/patch-CVE-2001-1593_1 @@ -0,0 +1,57 @@ +$NetBSD: patch-CVE-2001-1593_1,v 1.1 2014/02/05 17:20:31 drochner Exp $ + +http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737385 + +--- lib/routines.c.orig 2007-12-29 01:58:23.000000000 +0000 ++++ lib/routines.c +@@ -242,3 +242,50 @@ unlink2 (PARAM_UNUSED void * dummy, cons + /* Don't complain if you can't unlink. Who cares of a tmp file? */ + unlink (filename); + } ++ ++/* ++ * Securely generate a temp file, and make sure it gets ++ * deleted upon exit. ++ */ ++static char ** tempfiles; ++static unsigned ntempfiles; ++ ++static void ++cleanup_tempfiles() ++{ ++ while (ntempfiles--) ++ unlink(tempfiles[ntempfiles]); ++} ++ ++char * ++safe_tempnam(const char *pfx) ++{ ++ char *dirname, *filename; ++ int fd; ++ ++ if (!(dirname = getenv("TMPDIR"))) ++ dirname = "/tmp"; ++ ++ tempfiles = (char **) realloc(tempfiles, ++ (ntempfiles+1) * sizeof(char *)); ++ if (tempfiles == NULL) ++ return NULL; ++ ++ filename = malloc(strlen(dirname) + strlen(pfx) + sizeof("/XXXXXX")); ++ if (!filename) ++ return NULL; ++ ++ sprintf(filename, "%s/%sXXXXXX", dirname, pfx); ++ ++ if ((fd = mkstemp(filename)) < 0) { ++ free(filename); ++ return NULL; ++ } ++ close(fd); ++ ++ if (ntempfiles == 0) ++ atexit(cleanup_tempfiles); ++ tempfiles[ntempfiles++] = filename; ++ ++ return filename; ++} diff --git a/print/a2ps/patches/patch-CVE-2001-1593_2 b/print/a2ps/patches/patch-CVE-2001-1593_2 new file mode 100644 index 00000000000..8f74dd6c8f7 --- /dev/null +++ b/print/a2ps/patches/patch-CVE-2001-1593_2 @@ -0,0 +1,14 @@ +$NetBSD: patch-CVE-2001-1593_2,v 1.1 2014/02/05 17:20:31 drochner Exp $ + +--- lib/routines.h.orig 2007-12-29 01:37:59.000000000 +0000 ++++ lib/routines.h +@@ -255,7 +255,8 @@ FILE * xwpopen PARAMS ((const char * com + /* If _STR_ is not defined, give it a tempname in _TMPDIR_ */ + #define tempname_ensure(Str) \ + do { \ +- (Str) = (Str) ? (Str) : tempnam (NULL, "a2_"); \ ++ (Str) = (Str) ? (Str) : safe_tempnam("a2_"); \ + } while (0) ++char * safe_tempnam(const char *); + + #endif |