Commit 33c0cbd5 authored by Eric Bélanger's avatar Eric Bélanger
Browse files

Add security fix (close FS#38799), Add build fix

parent 01b79509
......@@ -2,19 +2,20 @@
pkgname=a2ps
pkgver=4.14
pkgrel=5
pkgrel=6
pkgdesc="An Any to PostScript filter"
arch=('i686' 'x86_64')
url="http://www.gnu.org/software/a2ps/"
license=('GPL3')
depends=('ghostscript' 'psutils' 'imagemagick')
depends=('psutils' 'imagemagick')
makedepends=('gperf')
backup=('etc/a2ps/a2ps.cfg' 'etc/a2ps/a2ps-site.cfg')
install=a2ps.install
source=(ftp://ftp.gnu.org/gnu/a2ps/${pkgname}-${pkgver}.tar.gz{,.sig}
a2ps-4.13c-fnmatch-replacement.patch a2ps-4.13c-emacs.patch
a2ps-4.13-manpage-chmod.patch a2ps-4.14-check-mempcpy.patch
a2ps-4.14-fix-stpcpy-proto.patch a2ps-texinfo5.patch)
a2ps-4.13c-fnmatch-replacement.patch a2ps-4.13c-emacs.patch
a2ps-4.13-manpage-chmod.patch a2ps-4.14-check-mempcpy.patch
a2ps-4.14-fix-stpcpy-proto.patch a2ps-texinfo5.patch
a2ps-4.13-security.patch)
sha1sums=('365abbbe4b7128bf70dad16d06e23c5701874852'
'SKIP'
'8783952d3410d8d59ed953e1db45e2ef1a0b8f65'
......@@ -22,7 +23,8 @@ sha1sums=('365abbbe4b7128bf70dad16d06e23c5701874852'
'2bb3d0a2ef2f3ff9262723e35c742a80ab0235ce'
'6aed29c1399e79f3914b408059610f9e7c0fc38e'
'58fa90134f1027e3f05aeb08212cbcc10f420738'
'81269db9dd29685b0ece2539070ced3f7a8472df')
'81269db9dd29685b0ece2539070ced3f7a8472df'
'93a4db17edfaa99e3498c7d952c560dab49dbe42')
prepare() {
cd ${pkgname}-${pkgver}
......@@ -36,13 +38,14 @@ prepare() {
patch -p1 -i "${srcdir}/a2ps-4.14-check-mempcpy.patch"
patch -p0 -i "${srcdir}/a2ps-4.14-fix-stpcpy-proto.patch"
patch -p1 -i "${srcdir}/a2ps-texinfo5.patch"
patch -p1 -i "${srcdir}/a2ps-4.13-security.patch"
}
build() {
cd ${pkgname}-${pkgver}
libtoolize --force --copy
autoreconf --force --install -I m4
./configure --prefix=/usr --sysconfdir=/etc/a2ps \
LIBS+="-lm" ./configure --prefix=/usr --sysconfdir=/etc/a2ps \
--includedir=/usr/include --enable-shared --enable-nls
make
}
......
--- a2ps-4.13/lib/routines.c.security Sat Oct 16 05:46:37 1999
+++ a2ps-4.13/lib/routines.c Mon Feb 12 17:45:15 2001
@@ -242,3 +242,50 @@
/* Don't complain if you can't unlink. Who cares of a tmp file? */
unlink (filename);
}
+
+/*
+ * Securely generate a temp file, and make sure it gets
+ * deleted upon exit.
+ */
+static char ** tempfiles;
+static unsigned ntempfiles;
+
+static void
+cleanup_tempfiles()
+{
+ while (ntempfiles--)
+ unlink(tempfiles[ntempfiles]);
+}
+
+char *
+safe_tempnam(const char *pfx)
+{
+ char *dirname, *filename;
+ int fd;
+
+ if (!(dirname = getenv("TMPDIR")))
+ dirname = "/tmp";
+
+ tempfiles = (char **) realloc(tempfiles,
+ (ntempfiles+1) * sizeof(char *));
+ if (tempfiles == NULL)
+ return NULL;
+
+ filename = malloc(strlen(dirname) + strlen(pfx) + sizeof("/XXXXXX"));
+ if (!filename)
+ return NULL;
+
+ sprintf(filename, "%s/%sXXXXXX", dirname, pfx);
+
+ if ((fd = mkstemp(filename)) < 0) {
+ free(filename);
+ return NULL;
+ }
+ close(fd);
+
+ if (ntempfiles == 0)
+ atexit(cleanup_tempfiles);
+ tempfiles[ntempfiles++] = filename;
+
+ return filename;
+}
--- a2ps-4.13/lib/routines.h.security Mon Oct 18 21:24:41 1999
+++ a2ps-4.13/lib/routines.h Mon Feb 12 17:39:30 2001
@@ -255,7 +255,8 @@
/* If _STR_ is not defined, give it a tempname in _TMPDIR_ */
#define tempname_ensure(Str) \
do { \
- (Str) = (Str) ? (Str) : tempnam (NULL, "a2_"); \
+ (Str) = (Str) ? (Str) : safe_tempnam("a2_"); \
} while (0)
+char * safe_tempnam(const char *);
#endif
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment