From 309f07e4e77bd6c97a675a744129eaac2f7e4ce0 Mon Sep 17 00:00:00 2001 From: snj Date: Thu, 9 Jun 2005 20:05:49 +0000 Subject: Pullup ticket 545 - requested by Lubomir Sedlacik security fix for a2ps Revisions pulled up: - pkgsrc/print/a2ps/Makefile 1.54 - pkgsrc/print/a2ps/distinfo 1.9 - pkgsrc/print/a2ps/patches/patch-ad 1.4 - pkgsrc/print/a2ps/patches/patch-ae 1.4 Module Name: pkgsrc Committed By: salo Date: Thu Jun 9 14:53:49 UTC 2005 Modified Files: pkgsrc/print/a2ps: Makefile distinfo Added Files: pkgsrc/print/a2ps/patches: patch-ad patch-ae Log Message: Security fix for CAN-2004-1377: "The fixps and psmandup scripts in a2ps allow local users to overwrite arbitrary files via a symlink attack on temporary files." Patches from Gentoo with few minor issues corrected. --- print/a2ps/Makefile | 10 ++++++++-- print/a2ps/distinfo | 4 +++- print/a2ps/patches/patch-ad | 31 +++++++++++++++++++++++++++++++ print/a2ps/patches/patch-ae | 32 ++++++++++++++++++++++++++++++++ 4 files changed, 74 insertions(+), 3 deletions(-) create mode 100644 print/a2ps/patches/patch-ad create mode 100644 print/a2ps/patches/patch-ae diff --git a/print/a2ps/Makefile b/print/a2ps/Makefile index 64012722e8a..57b7a985146 100644 --- a/print/a2ps/Makefile +++ b/print/a2ps/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.51 2004/12/31 13:27:06 minskim Exp $ +# $NetBSD: Makefile,v 1.51.2.1 2005/06/09 20:05:49 snj Exp $ DISTNAME= a2ps-4.13b PKGNAME= a2ps-4.13.0.2 -PKGREVISION= 6 +PKGREVISION= 7 CATEGORIES= print MASTER_SITES= ${MASTER_SITE_GNU:=a2ps/} \ ftp://ftp.enst.fr/pub/unix/a2ps/ @@ -14,6 +14,12 @@ COMMENT= Formats an ascii file for printing on a postscript printer DEPENDS+= papersize>=1.0.2:../../print/papersize DEPENDS+= psutils>=1.17:../../print/psutils +.include "../../mk/bsd.prefs.mk" + +.if empty(OPSYS:M*BSD) +DEPENDS+= mktemp>=1.5:../../sysutils/mktemp +.endif + WRKSRC= ${WRKDIR}/a2ps-4.13 STRIP= # empty diff --git a/print/a2ps/distinfo b/print/a2ps/distinfo index b4c1d780a1e..ce299d0993c 100644 --- a/print/a2ps/distinfo +++ b/print/a2ps/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.8 2005/02/24 12:51:41 agc Exp $ +$NetBSD: distinfo,v 1.8.2.1 2005/06/09 20:05:49 snj Exp $ SHA1 (a2ps-4.13b.tar.gz) = cfc79a3e54115e569f667fa3fd2c2ec16d22b31a RMD160 (a2ps-4.13b.tar.gz) = affc47a7487f2459184be0be76e49b1e185fc53d @@ -6,3 +6,5 @@ Size (a2ps-4.13b.tar.gz) = 1944289 bytes SHA1 (patch-aa) = 67f0c9ddf6e9829aeecb3de596c925d451990877 SHA1 (patch-ab) = ba7446a32733d60910036190be957045d4ec1218 SHA1 (patch-ac) = 5daaedd3866c731206b829124d8a3f4741512d17 +SHA1 (patch-ad) = a9ed67aeb2723153e1023980ff69086bca0f1f59 +SHA1 (patch-ae) = 34b45a6c37b721547d23c1d65e51b6e919cb3671 diff --git a/print/a2ps/patches/patch-ad b/print/a2ps/patches/patch-ad new file mode 100644 index 00000000000..19cf3db553e --- /dev/null +++ b/print/a2ps/patches/patch-ad @@ -0,0 +1,31 @@ +$NetBSD: patch-ad,v 1.3.12.1 2005/06/09 20:05:49 snj Exp $ + +Fix for CAN-2004-1377 + +--- contrib/fixps.in.orig 2000-02-21 09:16:15.000000000 +0100 ++++ contrib/fixps.in 2005-06-09 16:45:42.000000000 +0200 +@@ -38,7 +38,6 @@ + run_gs=0 + # What action to perform: fixps, cat, check, and gs + task=fixps +-tmpdir=/tmp/$program.$$ + verbose=echo + + # The version/usage strings +@@ -183,6 +182,8 @@ + exit 1;; + esac + ++tmpdir=`mktemp -d -t fixps.XXXXXX` || { echo "$program: Cannot create temporary directory!" >&2 ; exit 1; } ++ + if test -n "$debug"; then + # Set -x now if debugging + set -x +@@ -191,7 +192,6 @@ + trap "/bin/rm -rf $tmpdir" 0 1 2 3 13 15 + fi + +-mkdir $tmpdir + fixps_sed=$tmpdir/fixps.sed + + # If printing from stdin, save into a tmp file diff --git a/print/a2ps/patches/patch-ae b/print/a2ps/patches/patch-ae new file mode 100644 index 00000000000..151f6939259 --- /dev/null +++ b/print/a2ps/patches/patch-ae @@ -0,0 +1,32 @@ +$NetBSD: patch-ae,v 1.3.12.1 2005/06/09 20:05:49 snj Exp $ + +Fix for CAN-2004-1377 + +--- contrib/psmandup.in.orig 1999-10-24 15:06:42.000000000 +0200 ++++ contrib/psmandup.in 2005-06-09 16:46:24.000000000 +0200 +@@ -36,7 +36,6 @@ + message= + psselect=${PSSELECT:-psselect} + psset=${PSSET:-psset} +-tmpdir=/tmp/$program.$$ + + # These two must be kept in synch. They are opposed. + verbose=echo +@@ -177,6 +176,8 @@ + exit 1;; + esac + ++tmpdir=`mktemp -d -t psmandup.XXXXXX` || { echo "$program: Cannot create temporary directory!" >&2 ; exit 1; } ++ + if test -n "$debug"; then + # Set -x now if debugging + set -x +@@ -185,8 +186,6 @@ + trap "/bin/rm -rf $tmpdir" 0 1 2 3 13 15 + fi + +-mkdir $tmpdir +- + # If printing from stdin, save into a tmp file + if test $file = '-'; then + file=$tmpdir/stdin.ps -- cgit v1.2.3