[pkgsrc/pkgsrc-2005Q1]: pkgsrc/print/a2ps Pullup ticket 545 - requested by Lu...

[snj <snj%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/c5af89e15644
branches:  pkgsrc-2005Q1
changeset: 491106:c5af89e15644
user:      snj <snj%pkgsrc.org@localhost>
date:      Thu Jun 09 20:05:49 2005 +0000

description:
Pullup ticket 545 - requested by Lubomir Sedlacik
security fix for a2ps

Revisions pulled up:
- pkgsrc/print/a2ps/Makefile            1.54
- pkgsrc/print/a2ps/distinfo            1.9
- pkgsrc/print/a2ps/patches/patch-ad    1.4
- pkgsrc/print/a2ps/patches/patch-ae    1.4

    Module Name:    pkgsrc
    Committed By:   salo
    Date:           Thu Jun  9 14:53:49 UTC 2005

    Modified Files:
            pkgsrc/print/a2ps: Makefile distinfo
    Added Files:
            pkgsrc/print/a2ps/patches: patch-ad patch-ae

    Log Message:
    Security fix for CAN-2004-1377:

    "The fixps and psmandup scripts in a2ps allow local users to overwrite
     arbitrary files via a symlink attack on temporary files."

    Patches from Gentoo with few minor issues corrected.

diffstat:

 print/a2ps/Makefile         |  10 ++++++++--
 print/a2ps/distinfo         |   4 +++-
 print/a2ps/patches/patch-ad |  31 +++++++++++++++++++++++++++++++
 print/a2ps/patches/patch-ae |  32 ++++++++++++++++++++++++++++++++
 4 files changed, 74 insertions(+), 3 deletions(-)

diffs (113 lines):

diff -r 42207c421b4c -r c5af89e15644 print/a2ps/Makefile
--- a/print/a2ps/Makefile       Wed Jun 08 01:29:34 2005 +0000
+++ b/print/a2ps/Makefile       Thu Jun 09 20:05:49 2005 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.51 2004/12/31 13:27:06 minskim Exp $
+# $NetBSD: Makefile,v 1.51.2.1 2005/06/09 20:05:49 snj Exp $
 
 DISTNAME=              a2ps-4.13b
 PKGNAME=               a2ps-4.13.0.2
-PKGREVISION=           6
+PKGREVISION=           7
 CATEGORIES=            print
 MASTER_SITES=          ${MASTER_SITE_GNU:=a2ps/} \
                        ftp://ftp.enst.fr/pub/unix/a2ps/
@@ -14,6 +14,12 @@
 DEPENDS+=              papersize>=1.0.2:../../print/papersize
 DEPENDS+=              psutils>=1.17:../../print/psutils
 
+.include "../../mk/bsd.prefs.mk"
+
+.if empty(OPSYS:M*BSD)
+DEPENDS+=              mktemp>=1.5:../../sysutils/mktemp
+.endif
+
 WRKSRC=                        ${WRKDIR}/a2ps-4.13
 STRIP=                 # empty
 
diff -r 42207c421b4c -r c5af89e15644 print/a2ps/distinfo
--- a/print/a2ps/distinfo       Wed Jun 08 01:29:34 2005 +0000
+++ b/print/a2ps/distinfo       Thu Jun 09 20:05:49 2005 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.8 2005/02/24 12:51:41 agc Exp $
+$NetBSD: distinfo,v 1.8.2.1 2005/06/09 20:05:49 snj Exp $
 
 SHA1 (a2ps-4.13b.tar.gz) = cfc79a3e54115e569f667fa3fd2c2ec16d22b31a
 RMD160 (a2ps-4.13b.tar.gz) = affc47a7487f2459184be0be76e49b1e185fc53d
@@ -6,3 +6,5 @@
 SHA1 (patch-aa) = 67f0c9ddf6e9829aeecb3de596c925d451990877
 SHA1 (patch-ab) = ba7446a32733d60910036190be957045d4ec1218
 SHA1 (patch-ac) = 5daaedd3866c731206b829124d8a3f4741512d17
+SHA1 (patch-ad) = a9ed67aeb2723153e1023980ff69086bca0f1f59
+SHA1 (patch-ae) = 34b45a6c37b721547d23c1d65e51b6e919cb3671
diff -r 42207c421b4c -r c5af89e15644 print/a2ps/patches/patch-ad
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/print/a2ps/patches/patch-ad       Thu Jun 09 20:05:49 2005 +0000
@@ -0,0 +1,31 @@
+$NetBSD: patch-ad,v 1.3.12.1 2005/06/09 20:05:49 snj Exp $
+
+Fix for CAN-2004-1377
+
+--- contrib/fixps.in.orig      2000-02-21 09:16:15.000000000 +0100
++++ contrib/fixps.in   2005-06-09 16:45:42.000000000 +0200
+@@ -38,7 +38,6 @@
+ run_gs=0
+ # What action to perform: fixps, cat, check, and gs
+ task=fixps
+-tmpdir=/tmp/$program.$$
+ verbose=echo
+ 
+ # The version/usage strings
+@@ -183,6 +182,8 @@
+       exit 1;;
+ esac
+ 
++tmpdir=`mktemp -d -t fixps.XXXXXX` || { echo "$program: Cannot create temporary directory!" >&2 ; exit 1; }
++
+ if test -n "$debug"; then
+   # Set -x now if debugging
+   set -x
+@@ -191,7 +192,6 @@
+   trap "/bin/rm -rf $tmpdir" 0 1 2 3 13 15
+ fi
+ 
+-mkdir $tmpdir
+ fixps_sed=$tmpdir/fixps.sed
+ 
+ # If printing from stdin, save into a tmp file
diff -r 42207c421b4c -r c5af89e15644 print/a2ps/patches/patch-ae
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/print/a2ps/patches/patch-ae       Thu Jun 09 20:05:49 2005 +0000
@@ -0,0 +1,32 @@
+$NetBSD: patch-ae,v 1.3.12.1 2005/06/09 20:05:49 snj Exp $
+
+Fix for CAN-2004-1377
+
+--- contrib/psmandup.in.orig   1999-10-24 15:06:42.000000000 +0200
++++ contrib/psmandup.in        2005-06-09 16:46:24.000000000 +0200
+@@ -36,7 +36,6 @@
+ message=
+ psselect=${PSSELECT:-psselect}
+ psset=${PSSET:-psset}
+-tmpdir=/tmp/$program.$$
+ 
+ # These two must be kept in synch.  They are opposed.
+ verbose=echo
+@@ -177,6 +176,8 @@
+       exit 1;;
+ esac
+ 
++tmpdir=`mktemp -d -t psmandup.XXXXXX` || { echo "$program: Cannot create temporary directory!" >&2 ; exit 1; }
++
+ if test -n "$debug"; then
+   # Set -x now if debugging
+   set -x
+@@ -185,8 +186,6 @@
+   trap "/bin/rm -rf $tmpdir" 0 1 2 3 13 15
+ fi
+ 
+-mkdir $tmpdir
+-
+ # If printing from stdin, save into a tmp file
+ if test $file = '-'; then
+   file=$tmpdir/stdin.ps