summaryrefslogtreecommitdiffstats
path: root/print
diff options
context:
space:
mode:
authordinoex <dinoex@FreeBSD.org>2005-01-25 04:45:26 +0000
committerdinoex <dinoex@FreeBSD.org>2005-01-25 04:45:26 +0000
commitf3d77810e06fc0e24bad91debbe32e7a4e25bc69 (patch)
tree36b3b148f2cb102b6bebd360e39f41c5507c4ca5 /print
parent4c8d0bcac21dec1b75b93126dd79b12bc517f463 (diff)
downloadFreeBSD-ports-f3d77810e06fc0e24bad91debbe32e7a4e25bc69.zip
FreeBSD-ports-f3d77810e06fc0e24bad91debbe32e7a4e25bc69.tar.gz
- Security Fix
temporary file vulnerabilities in contributed scripts http://vuxml.FreeBSD.org/9168253c-5a6d-11d9-a9e7-0001020eed82.html Submitted by: simon
Diffstat (limited to 'print')
-rw-r--r--print/a2ps-letter/Makefile2
-rw-r--r--print/a2ps-letter/files/patch-contrib-tmpdircreation116
2 files changed, 117 insertions, 1 deletions
diff --git a/print/a2ps-letter/Makefile b/print/a2ps-letter/Makefile
index 96dc522..b66b17c 100644
--- a/print/a2ps-letter/Makefile
+++ b/print/a2ps-letter/Makefile
@@ -7,7 +7,7 @@
PORTNAME= a2ps
PORTVERSION= 4.13b
-PORTREVISION= 2
+PORTREVISION= 3
CATEGORIES= print
MASTER_SITES= ftp://ftp.enst.fr/pub/unix/a2ps/ \
${MASTER_SITE_GNU}
diff --git a/print/a2ps-letter/files/patch-contrib-tmpdircreation b/print/a2ps-letter/files/patch-contrib-tmpdircreation
new file mode 100644
index 0000000..e47e971
--- /dev/null
+++ b/print/a2ps-letter/files/patch-contrib-tmpdircreation
@@ -0,0 +1,116 @@
+diff -ru contrib.orig/card.in contrib/card.in
+--- contrib.orig/card.in Thu Dec 30 19:23:25 2004
++++ contrib/card.in Thu Dec 30 19:29:49 2004
+@@ -38,7 +38,7 @@
+ LC_ALL="${LC_ALL-C}" export LC_ALL
+ print_form_feeds=:
+ RM="/bin/rm -rf"
+-tmp_dir=${TMPDIR-/tmp}/$program.$$
++tmp_dir=$(mktemp -d -t ${program}) || exit 1
+ tmp_file=$tmp_dir/card
+ success=false
+ verbose=:
+@@ -190,7 +190,6 @@
+
+ # Create a tmp dir and be ready to clean up
+ trap "$RM $tmp_dir" 0 1 2 15
+-(umask 077 && mkdir $tmp_dir) || exit 1
+
+ case $LC_ALL in
+ fr) footer="Engendré par $version_short" ;;
+diff -ru contrib.orig/fixps.in contrib/fixps.in
+--- contrib.orig/fixps.in Thu Dec 30 19:23:25 2004
++++ contrib/fixps.in Thu Dec 30 19:31:22 2004
+@@ -38,7 +38,7 @@
+ run_gs=0
+ # What action to perform: fixps, cat, check, and gs
+ task=fixps
+-tmpdir=/tmp/$program.$$
++tmpdir=$(mktemp -d -t ${program}) || exit 1
+ verbose=echo
+
+ # The version/usage strings
+@@ -191,7 +191,6 @@
+ trap "/bin/rm -rf $tmpdir" 0 1 2 3 13 15
+ fi
+
+-mkdir $tmpdir
+ fixps_sed=$tmpdir/fixps.sed
+
+ # If printing from stdin, save into a tmp file
+diff -ru contrib.orig/pdiff.in contrib/pdiff.in
+--- contrib.orig/pdiff.in Thu Dec 30 19:23:25 2004
++++ contrib/pdiff.in Thu Dec 30 19:16:59 2004
+@@ -34,7 +34,7 @@
+ diff_options='-u'
+ file=
+ output=
+-tmpdir=/tmp/$program.$$
++tmpdir=$(mktemp -d -t ${program}) || exit 1
+ verbose=echo
+ wdiff_prog=${WDIFF:-wdiff}
+ wdiff_options='-w[wd- -x-wd] -y{wd+ -z+wd}'
+diff -ru contrib.orig/psmandup.in contrib/psmandup.in
+--- contrib.orig/psmandup.in Thu Dec 30 19:23:25 2004
++++ contrib/psmandup.in Thu Dec 30 19:32:30 2004
+@@ -36,7 +36,7 @@
+ message=
+ psselect=${PSSELECT:-psselect}
+ psset=${PSSET:-psset}
+-tmpdir=/tmp/$program.$$
++tmpdir=$(mktemp -d -t ${program}) || exit 1
+
+ # These two must be kept in synch. They are opposed.
+ verbose=echo
+@@ -184,8 +184,6 @@
+ # Temp dir. Get ready not to leave junk (if not debugging)
+ trap "/bin/rm -rf $tmpdir" 0 1 2 3 13 15
+ fi
+-
+-mkdir $tmpdir
+
+ # If printing from stdin, save into a tmp file
+ if test $file = '-'; then
+diff -ru contrib.orig/psset.in contrib/psset.in
+--- contrib.orig/psset.in Thu Dec 30 19:23:25 2004
++++ contrib/psset.in Thu Dec 30 19:33:50 2004
+@@ -33,7 +33,7 @@
+ output=-
+ pagedevices= # `;' separated list of `key:value'
+ quiet=: # i.e., verbose
+-tmpdir=${TMPDIR:-/tmp}/$program.$$
++tmpdir=$(mktemp -d -t ${program}) || exit 1
+ sedscript=$tmpdir/psset.sed
+
+ # The version/usage strings
+@@ -185,8 +185,6 @@
+ echo "$help" 1>&2
+ exit 1;;
+ esac
+-
+-mkdir $tmpdir
+
+ if test -n "$debug"; then
+ # Set -x now if debugging
+diff -ru contrib.orig/texi2dvi4a2ps contrib/texi2dvi4a2ps
+--- contrib.orig/texi2dvi4a2ps Thu Dec 30 19:23:25 2004
++++ contrib/texi2dvi4a2ps Thu Dec 30 19:34:36 2004
+@@ -91,7 +91,7 @@
+ quiet= # by default let the tools' message be displayed
+ set_language=
+ textra=
+-tmpdir=${TMPDIR:-/tmp}/t2d$$ # avoid collisions on 8.3 filesystems.
++tmpdir=$(mktemp -d -t ${program}) || exit 1
+ txincludes= # TEXINPUTS extensions
+ txiprereq=19990129 # minimum texinfo.tex version to have macro expansion
+ verbose=false # echo for verbose mode
+@@ -202,9 +202,6 @@
+ if test -z "$debug"; then
+ trap "cd / && rm -rf $tmpdir" 0 1 2 15
+ fi
+-
+-# Create the temporary directory with strict rights
+-(umask 077 && mkdir $tmpdir) || exit 1
+
+ # Prepare the tools we might need. This may be extra work in some
+ # cases, but improves the readibility of the script.
OpenPOWER on IntegriCloud