summaryrefslogtreecommitdiff
path: root/app-text/a2ps/files/a2ps-4.14-CVE-2001-1593.patch
diff options
context:
space:
mode:
Diffstat (limited to 'app-text/a2ps/files/a2ps-4.14-CVE-2001-1593.patch')
-rw-r--r--app-text/a2ps/files/a2ps-4.14-CVE-2001-1593.patch82
1 files changed, 0 insertions, 82 deletions
diff --git a/app-text/a2ps/files/a2ps-4.14-CVE-2001-1593.patch b/app-text/a2ps/files/a2ps-4.14-CVE-2001-1593.patch
deleted file mode 100644
index 06153f4858c4..000000000000
--- a/app-text/a2ps/files/a2ps-4.14-CVE-2001-1593.patch
+++ /dev/null
@@ -1,82 +0,0 @@
-CVE-2001-1593: Fix insecure use of /tmp
-
-
-Author(s):
-
- * Fri Jan 05 2001 Preston Brown <pbrown@redhat.com>
-
-followed the next month by a fix to that patch:
-
- * Mon Feb 12 2001 Tim Waugh <twaugh@redhat.com>
-
-(see https://bugzilla.redhat.com/show_bug.cgi?id=1060630#c5)
-
-Origin:
-
-http://pkgs.fedoraproject.org/cgit/a2ps.git/plain/a2ps-4.13-security.patch
-
---- a/lib/routines.c
-+++ b/lib/routines.c
-@@ -242,3 +242,50 @@
- /* Don't complain if you can't unlink. Who cares of a tmp file? */
- unlink (filename);
- }
-+
-+/*
-+ * Securely generate a temp file, and make sure it gets
-+ * deleted upon exit.
-+ */
-+static char ** tempfiles;
-+static unsigned ntempfiles;
-+
-+static void
-+cleanup_tempfiles()
-+{
-+ while (ntempfiles--)
-+ unlink(tempfiles[ntempfiles]);
-+}
-+
-+char *
-+safe_tempnam(const char *pfx)
-+{
-+ char *dirname, *filename;
-+ int fd;
-+
-+ if (!(dirname = getenv("TMPDIR")))
-+ dirname = "/tmp";
-+
-+ tempfiles = (char **) realloc(tempfiles,
-+ (ntempfiles+1) * sizeof(char *));
-+ if (tempfiles == NULL)
-+ return NULL;
-+
-+ filename = malloc(strlen(dirname) + strlen(pfx) + sizeof("/XXXXXX"));
-+ if (!filename)
-+ return NULL;
-+
-+ sprintf(filename, "%s/%sXXXXXX", dirname, pfx);
-+
-+ if ((fd = mkstemp(filename)) < 0) {
-+ free(filename);
-+ return NULL;
-+ }
-+ close(fd);
-+
-+ if (ntempfiles == 0)
-+ atexit(cleanup_tempfiles);
-+ tempfiles[ntempfiles++] = filename;
-+
-+ return filename;
-+}
---- a/lib/routines.h
-+++ b/lib/routines.h
-@@ -255,7 +255,8 @@
- /* If _STR_ is not defined, give it a tempname in _TMPDIR_ */
- #define tempname_ensure(Str) \
- do { \
-- (Str) = (Str) ? (Str) : tempnam (NULL, "a2_"); \
-+ (Str) = (Str) ? (Str) : safe_tempnam("a2_"); \
- } while (0)
-+char * safe_tempnam(const char *);
-
- #endif
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-17 02:42:16 +0000