git: 4b378d2f8e9d - main - print/a2ps: use safer patches and comment CVEs

From: Dirk Meyer <dinoex_at_FreeBSD.org>
Date: Mon, 14 Mar 2022 10:06:24 UTC 
The branch main has been updated by dinoex:

URL: https://cgit.FreeBSD.org/ports/commit/?id=4b378d2f8e9d27a16581898baa5bc92816ebc185

commit 4b378d2f8e9d27a16581898baa5bc92816ebc185
Author:     Dirk Meyer <dinoex@FreeBSD.org>
AuthorDate: 2022-03-14 10:06:07 +0000
Commit:     Dirk Meyer <dinoex@FreeBSD.org>
CommitDate: 2022-03-14 10:06:07 +0000

    print/a2ps: use safer patches and comment CVEs
---
 print/a2ps/Makefile               |  7 +++++-
 print/a2ps/files/patch-routines.c | 53 +++++++++++++++++++++++++++++++++++++++
 print/a2ps/files/patch-routines.h | 12 +++++++++
 3 files changed, 71 insertions(+), 1 deletion(-)

diff --git a/print/a2ps/Makefile b/print/a2ps/Makefile
index 0f87796cda36..e11279b47ce5 100644
--- a/print/a2ps/Makefile
+++ b/print/a2ps/Makefile
@@ -2,7 +2,7 @@
 
 PORTNAME=	a2ps
 PORTVERSION=	4.13b
-PORTREVISION=	15
+PORTREVISION=	16
 CATEGORIES=	print
 MASTER_SITES=	GNU LOCAL/hrs/a2ps/:i18n
 
@@ -23,6 +23,11 @@ INFO=		a2ps ogonkify regex
 WRKSRC=		${WRKDIR}/${PORTNAME}-4.13
 I18N_PACKAGE=	i18n-fonts-0.1
 CPE_VENDOR=	gnu
+# CVE-2015-8107 fixed in files/patch-output.c
+# CVE-2014-0466 fixed in files/patch-fixps.in
+# CVE-2004-1377 fixed in files/patch-fixps.in files/patch-contrib-tmpdircreation
+# CVE-2004-1170 fixed in files/patch-select.c
+# CVE-2001-1593 fixed in files/patch-routines.[hc]
 
 CONFIGURE_ARGS=	--with-medium=libpaper --sharedstatedir=${PREFIX}/share \
 	--sysconfdir=${PREFIX}/etc --datadir=${PREFIX}/share \
diff --git a/print/a2ps/files/patch-routines.c b/print/a2ps/files/patch-routines.c
new file mode 100644
index 000000000000..c59557984912
--- /dev/null
+++ b/print/a2ps/files/patch-routines.c
@@ -0,0 +1,53 @@
+--- lib/routines.c.orig	1999-10-16 04:46:37 UTC
++++ lib/routines.c
+@@ -242,3 +242,50 @@ unlink2 (PARAM_UNUSED void * dummy, const char * filen
+   /* Don't complain if you can't unlink.  Who cares of a tmp file? */
+   unlink (filename);
+ }
++
++/*
++ * Securely generate a temp file, and make sure it gets
++ * deleted upon exit.
++ */
++static char **	tempfiles;
++static unsigned	ntempfiles;
++
++static void
++cleanup_tempfiles()
++{
++	while (ntempfiles--)
++		unlink(tempfiles[ntempfiles]);
++}
++
++char *
++safe_tempnam(const char *pfx)
++{
++	char	*dirname, *filename;
++	int	fd;
++
++	if (!(dirname = getenv("TMPDIR")))
++		dirname = "/tmp";
++
++	tempfiles = (char **) realloc(tempfiles,
++			(ntempfiles+1) * sizeof(char *));
++	if (tempfiles == NULL)
++		return NULL;
++
++	filename = malloc(strlen(dirname) + strlen(pfx) + sizeof("/XXXXXX"));
++	if (!filename)
++		return NULL;
++
++	sprintf(filename, "%s/%sXXXXXX", dirname, pfx);
++
++	if ((fd = mkstemp(filename)) < 0) {
++		free(filename);
++		return NULL;
++	}
++	close(fd);
++
++	if (ntempfiles == 0)
++		atexit(cleanup_tempfiles);
++	tempfiles[ntempfiles++] = filename;
++
++	return filename;
++}
diff --git a/print/a2ps/files/patch-routines.h b/print/a2ps/files/patch-routines.h
new file mode 100644
index 000000000000..68a01d5e2325
--- /dev/null
+++ b/print/a2ps/files/patch-routines.h
@@ -0,0 +1,12 @@
+--- lib/routines.h.orig	1999-10-18 20:24:41 UTC
++++ lib/routines.h
+@@ -255,7 +255,8 @@ FILE * xwpopen PARAMS ((const char * command));
+ /* If _STR_ is not defined, give it a tempname in _TMPDIR_ */
+ #define tempname_ensure(Str)				\
+ do {							\
+-  (Str) = (Str) ? (Str) : tempnam (NULL, "a2_");	\
++  (Str) = (Str) ? (Str) : safe_tempnam("a2_");	\
+ } while (0)
++char * safe_tempnam(const char *);
+ 
+ #endif