[gentoo-commits] gentoo-x86 commit in dev-tex/feynmf/files: feynmf-1.08-tempfile.patch digest-feynmf-1.08-r2 - gentoo-commits

From:	"Ulrich Mueller (ulm)" <ulm@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo-x86 commit in dev-tex/feynmf/files: feynmf-1.08-tempfile.patch digest-feynmf-1.08-r2
Date:	Tue, 06 Nov 2007 09:13:09
Message-Id:	`E1IpKUZ-0003Y0-Rs@stork.gentoo.org`

1

ulm         07/11/06 09:13:03

2

3

  Added:                feynmf-1.08-tempfile.patch digest-feynmf-1.08-r2

4

  Log:

5

  Fix insecure temp file creation, security bug #198231.

6

  (Portage version: 2.1.3.18)

7

8

Revision  Changes    Path

9

1.1                  dev-tex/feynmf/files/feynmf-1.08-tempfile.patch

10

11

file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-tex/feynmf/files/feynmf-1.08-tempfile.patch?rev=1.1&view=markup

12

plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-tex/feynmf/files/feynmf-1.08-tempfile.patch?rev=1.1&content-type=text/plain

13

14

Index: feynmf-1.08-tempfile.patch

15

===================================================================

16

--- feynmf-orig/feynmf.pl	2007-11-06 08:32:37.000000000 +0100

17

+++ feynmf/feynmf.pl	2007-11-06 09:33:04.000000000 +0100

18

@@ -119,6 +119,7 @@

19

 require 5.000;

20

 # use strict;

21

 use File::Find;

22

+use File::Temp qw(tempfile);

23

 use Getopt::Long;

24

25

 ########################################################################

26

@@ -270,18 +271,18 @@

27

     my @tfm = @_;

28

     # Prepare a fake temporary PL file

29

     # (/dev/null won't do, because the font must not be empty):

30

-    my ($pl) = "/tmp/feynmf$$.pl";

31

     my ($tfm);

32

     $pltotf_prog

33

 	or die "feynmf: fatal: pltopf programm required unless -notfm\n";

34

-    open (PL, ">$pl") or die "feynmf: can't open temporary file $pl: $!\n";

35

+    my ($PL, $pl) = tempfile("/tmp/feynmfXXXXXX", SUFFIX => ".pl");

36

+    $PL or die "feynmf: can't open temporary file: $!\n";

37

     push @temporay_files, $pl;

38

-    print PL <<__END_PL__;

39

+    print $PL <<__END_PL__;

40

       (FAMILY FEYNMF)

41

       (DESIGNSIZE R 10.0)

42

       (CHARACTER D 1 (CHARWD R 10.0) (CHARHT R 10.0))

43

 __END_PL__

44

-    close (PL);

45

+    close ($PL);

46

     foreach $tfm (@tfm) {

47

 	maybe_run "$pltotf_prog $pl $tfm.tfm" unless -r "$tfm.tfm";

48

}

1.1                  dev-tex/feynmf/files/digest-feynmf-1.08-r2

53

54

file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-tex/feynmf/files/digest-feynmf-1.08-r2?rev=1.1&view=markup

55

plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-tex/feynmf/files/digest-feynmf-1.08-r2?rev=1.1&content-type=text/plain

56

57

Index: digest-feynmf-1.08-r2

58

===================================================================

59

MD5 689bb25c24cd7be7d625454cc16c26ec feynmf-1.08.tar.gz 286208

60

RMD160 94b091e6cfe0ae26766bcb4a8d591cfa30b7b48c feynmf-1.08.tar.gz 286208

61

SHA256 07bd8c23246fc3e8c7bab6590570e601dcbab2e7b07119cc052693c06d31bd0f feynmf-1.08.tar.gz 286208

62

MD5 4357d09d7d7e38ad3d312942f303394b feynmf-cnl.tar.gz 49920

63

RMD160 8c6aec2e050ed6cc9b3b7484b870543c3a7907b6 feynmf-cnl.tar.gz 49920

64

SHA256 18bbfc2aedcb76f20c8817a1ee002962baa1172f5b2c9fb23f968268db2c75d5 feynmf-cnl.tar.gz 49920

--

69

gentoo-commits@g.o mailing list

1	ulm 07/11/06 09:13:03
2
3	Added: feynmf-1.08-tempfile.patch digest-feynmf-1.08-r2
4	Log:
5	Fix insecure temp file creation, security bug #198231.
6	(Portage version: 2.1.3.18)
7
8	Revision Changes Path
9	1.1 dev-tex/feynmf/files/feynmf-1.08-tempfile.patch
10
11	file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-tex/feynmf/files/feynmf-1.08-tempfile.patch?rev=1.1&view=markup
12	plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-tex/feynmf/files/feynmf-1.08-tempfile.patch?rev=1.1&content-type=text/plain
13
14	Index: feynmf-1.08-tempfile.patch
15	===================================================================
16	--- feynmf-orig/feynmf.pl 2007-11-06 08:32:37.000000000 +0100
17	+++ feynmf/feynmf.pl 2007-11-06 09:33:04.000000000 +0100
18	@@ -119,6 +119,7 @@
19	require 5.000;
20	# use strict;
21	use File::Find;
22	+use File::Temp qw(tempfile);
23	use Getopt::Long;
24
25	########################################################################
26	@@ -270,18 +271,18 @@
27	my @tfm = @_;
28	# Prepare a fake temporary PL file
29	# (/dev/null won't do, because the font must not be empty):
30	- my ($pl) = "/tmp/feynmf$$.pl";
31	my ($tfm);
32	$pltotf_prog
33	or die "feynmf: fatal: pltopf programm required unless -notfm\n";
34	- open (PL, ">$pl") or die "feynmf: can't open temporary file $pl: $!\n";
35	+ my ($PL, $pl) = tempfile("/tmp/feynmfXXXXXX", SUFFIX => ".pl");
36	+ $PL or die "feynmf: can't open temporary file: $!\n";
37	push @temporay_files, $pl;
38	- print PL <<__END_PL__;
39	+ print $PL <<__END_PL__;
40	(FAMILY FEYNMF)
41	(DESIGNSIZE R 10.0)
42	(CHARACTER D 1 (CHARWD R 10.0) (CHARHT R 10.0))
43	__END_PL__
44	- close (PL);
45	+ close ($PL);
46	foreach $tfm (@tfm) {
47	maybe_run "$pltotf_prog $pl $tfm.tfm" unless -r "$tfm.tfm";
48	}
49
50
51
52	1.1 dev-tex/feynmf/files/digest-feynmf-1.08-r2
53
54	file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-tex/feynmf/files/digest-feynmf-1.08-r2?rev=1.1&view=markup
55	plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-tex/feynmf/files/digest-feynmf-1.08-r2?rev=1.1&content-type=text/plain
56
57	Index: digest-feynmf-1.08-r2
58	===================================================================
59	MD5 689bb25c24cd7be7d625454cc16c26ec feynmf-1.08.tar.gz 286208
60	RMD160 94b091e6cfe0ae26766bcb4a8d591cfa30b7b48c feynmf-1.08.tar.gz 286208
61	SHA256 07bd8c23246fc3e8c7bab6590570e601dcbab2e7b07119cc052693c06d31bd0f feynmf-1.08.tar.gz 286208
62	MD5 4357d09d7d7e38ad3d312942f303394b feynmf-cnl.tar.gz 49920
63	RMD160 8c6aec2e050ed6cc9b3b7484b870543c3a7907b6 feynmf-cnl.tar.gz 49920
64	SHA256 18bbfc2aedcb76f20c8817a1ee002962baa1172f5b2c9fb23f968268db2c75d5 feynmf-cnl.tar.gz 49920
65
66
67
68	--
69	gentoo-commits@g.o mailing list

Gentoo Archives: gentoo-commits