From nobody Mon Mar 14 10:06:24 2022 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 727331A180B0; Mon, 14 Mar 2022 10:06:24 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4KHByS2lhlz4ZMn; Mon, 14 Mar 2022 10:06:24 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1647252384; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=82idEBORxNR1/oRKvSBF09bJibMmr0fdJgf2mSKW6KE=; b=ZMyLlJoX8th0E1AwyFVQ+6wlhLXUEkrN3XlwXnF6ovVBy15FIyKLwGxEvAeWEL2yRdZrMB As8XfUORf2Smz+EfjTUOiqHMi+yakEPES8CWVtzsf+ASbhpQoI/9A54AIDYjbID9l5yIuh Eqwq4Jj4zbR5WxNomU6tdKPpBP7LYIOojiSO0JgrVaoMZghKPfhuSypDUIRFL6KXieDOiz lZgMKUV3hgqMoRGzRZB7H7oyMozl23xnoeayVtPemhSIkplkvip2+ezs1dINYJrdsNzNby fmmbeSw9akcxjBNQJbGbLCO6voYacuBTa07kpCop3pc8co8JPyiZvHeFyxj7Pg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 3F00333B6; Mon, 14 Mar 2022 10:06:24 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 22EA6OiG076540; Mon, 14 Mar 2022 10:06:24 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 22EA6O2v076539; Mon, 14 Mar 2022 10:06:24 GMT (envelope-from git) Date: Mon, 14 Mar 2022 10:06:24 GMT Message-Id: <202203141006.22EA6O2v076539@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Dirk Meyer Subject: git: 4b378d2f8e9d - main - print/a2ps: use safer patches and comment CVEs List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-main@freebsd.org X-BeenThere: dev-commits-ports-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: dinoex X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 4b378d2f8e9d27a16581898baa5bc92816ebc185 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1647252384; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=82idEBORxNR1/oRKvSBF09bJibMmr0fdJgf2mSKW6KE=; b=eNFPAJ47mQX4AM1ZJpOn/4sv8IeQqiW65xdwssTgi2M5sROcQmx+sRjtnc1zdcvDTjtsjP fO541U5eGECiPt74RYVrnxzVppQwXiJPOjAj5tqnI8TtRUnURJ4OnJe6oGC6Sekokb9o/v b2l1P9Ye3VJgWidapckOaqlE4xv2O9dipr23S8z7zdwaUugkfvA39Zd7Shnhmm0hXtFLQG tTHzMNtkTR8EmQDcmnyEyNWby/ohnw76G7scjC7tEvpDGO/cUOjySNrZQYVs1QytzsJmB/ 5Q4402uFgiS2ORr+JNTa+IdIpF0FbeMj6/Z4MkoLhcx3u/hIHwGYRQGKobHWYg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1647252384; a=rsa-sha256; cv=none; b=M5uT1vBxOCa08phyk/vLz48Ey/buQhOFKfs/6BjQhoFqYC2p822jEJyFPLEgUMg1Ph9ZVJ AtPqdCRevzRUDon/Jsuqv0azUR9WW7CwKHj/z+/uIjmiiwHeJoZzzi4iFtT8Jctoi9M0lb TVpZjFmovS3rKAABbly4z9j7igLex4Cnemt9JkS5p0aq5urT6F/NlMoQK9nsPSXVOuQBGp zyKdIzuGQkyjC66wz6vcPaTBGcYk/ZOA8CmPtk/+88c8wUYo0CyYFFkawoz8uu1Zqt8qwy Xhnsz1a7fH0urLig9MjkriHbUtzP1cTT14OjMJgICsqnsSfJfiWlSOeIBpBVzw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by dinoex: URL: https://cgit.FreeBSD.org/ports/commit/?id=4b378d2f8e9d27a16581898baa5bc92816ebc185 commit 4b378d2f8e9d27a16581898baa5bc92816ebc185 Author: Dirk Meyer AuthorDate: 2022-03-14 10:06:07 +0000 Commit: Dirk Meyer CommitDate: 2022-03-14 10:06:07 +0000 print/a2ps: use safer patches and comment CVEs --- print/a2ps/Makefile | 7 +++++- print/a2ps/files/patch-routines.c | 53 +++++++++++++++++++++++++++++++++++++++ print/a2ps/files/patch-routines.h | 12 +++++++++ 3 files changed, 71 insertions(+), 1 deletion(-) diff --git a/print/a2ps/Makefile b/print/a2ps/Makefile index 0f87796cda36..e11279b47ce5 100644 --- a/print/a2ps/Makefile +++ b/print/a2ps/Makefile @@ -2,7 +2,7 @@ PORTNAME= a2ps PORTVERSION= 4.13b -PORTREVISION= 15 +PORTREVISION= 16 CATEGORIES= print MASTER_SITES= GNU LOCAL/hrs/a2ps/:i18n @@ -23,6 +23,11 @@ INFO= a2ps ogonkify regex WRKSRC= ${WRKDIR}/${PORTNAME}-4.13 I18N_PACKAGE= i18n-fonts-0.1 CPE_VENDOR= gnu +# CVE-2015-8107 fixed in files/patch-output.c +# CVE-2014-0466 fixed in files/patch-fixps.in +# CVE-2004-1377 fixed in files/patch-fixps.in files/patch-contrib-tmpdircreation +# CVE-2004-1170 fixed in files/patch-select.c +# CVE-2001-1593 fixed in files/patch-routines.[hc] CONFIGURE_ARGS= --with-medium=libpaper --sharedstatedir=${PREFIX}/share \ --sysconfdir=${PREFIX}/etc --datadir=${PREFIX}/share \ diff --git a/print/a2ps/files/patch-routines.c b/print/a2ps/files/patch-routines.c new file mode 100644 index 000000000000..c59557984912 --- /dev/null +++ b/print/a2ps/files/patch-routines.c @@ -0,0 +1,53 @@ +--- lib/routines.c.orig 1999-10-16 04:46:37 UTC ++++ lib/routines.c +@@ -242,3 +242,50 @@ unlink2 (PARAM_UNUSED void * dummy, const char * filen + /* Don't complain if you can't unlink. Who cares of a tmp file? */ + unlink (filename); + } ++ ++/* ++ * Securely generate a temp file, and make sure it gets ++ * deleted upon exit. ++ */ ++static char ** tempfiles; ++static unsigned ntempfiles; ++ ++static void ++cleanup_tempfiles() ++{ ++ while (ntempfiles--) ++ unlink(tempfiles[ntempfiles]); ++} ++ ++char * ++safe_tempnam(const char *pfx) ++{ ++ char *dirname, *filename; ++ int fd; ++ ++ if (!(dirname = getenv("TMPDIR"))) ++ dirname = "/tmp"; ++ ++ tempfiles = (char **) realloc(tempfiles, ++ (ntempfiles+1) * sizeof(char *)); ++ if (tempfiles == NULL) ++ return NULL; ++ ++ filename = malloc(strlen(dirname) + strlen(pfx) + sizeof("/XXXXXX")); ++ if (!filename) ++ return NULL; ++ ++ sprintf(filename, "%s/%sXXXXXX", dirname, pfx); ++ ++ if ((fd = mkstemp(filename)) < 0) { ++ free(filename); ++ return NULL; ++ } ++ close(fd); ++ ++ if (ntempfiles == 0) ++ atexit(cleanup_tempfiles); ++ tempfiles[ntempfiles++] = filename; ++ ++ return filename; ++} diff --git a/print/a2ps/files/patch-routines.h b/print/a2ps/files/patch-routines.h new file mode 100644 index 000000000000..68a01d5e2325 --- /dev/null +++ b/print/a2ps/files/patch-routines.h @@ -0,0 +1,12 @@ +--- lib/routines.h.orig 1999-10-18 20:24:41 UTC ++++ lib/routines.h +@@ -255,7 +255,8 @@ FILE * xwpopen PARAMS ((const char * command)); + /* If _STR_ is not defined, give it a tempname in _TMPDIR_ */ + #define tempname_ensure(Str) \ + do { \ +- (Str) = (Str) ? (Str) : tempnam (NULL, "a2_"); \ ++ (Str) = (Str) ? (Str) : safe_tempnam("a2_"); \ + } while (0) ++char * safe_tempnam(const char *); + + #endif