1 |
ulm 07/11/06 09:13:03 |
2 |
|
3 |
Added: feynmf-1.08-tempfile.patch digest-feynmf-1.08-r2 |
4 |
Log: |
5 |
Fix insecure temp file creation, security bug #198231. |
6 |
(Portage version: 2.1.3.18) |
7 |
|
8 |
Revision Changes Path |
9 |
1.1 dev-tex/feynmf/files/feynmf-1.08-tempfile.patch |
10 |
|
11 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-tex/feynmf/files/feynmf-1.08-tempfile.patch?rev=1.1&view=markup |
12 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-tex/feynmf/files/feynmf-1.08-tempfile.patch?rev=1.1&content-type=text/plain |
13 |
|
14 |
Index: feynmf-1.08-tempfile.patch |
15 |
=================================================================== |
16 |
--- feynmf-orig/feynmf.pl 2007-11-06 08:32:37.000000000 +0100 |
17 |
+++ feynmf/feynmf.pl 2007-11-06 09:33:04.000000000 +0100 |
18 |
@@ -119,6 +119,7 @@ |
19 |
require 5.000; |
20 |
# use strict; |
21 |
use File::Find; |
22 |
+use File::Temp qw(tempfile); |
23 |
use Getopt::Long; |
24 |
|
25 |
######################################################################## |
26 |
@@ -270,18 +271,18 @@ |
27 |
my @tfm = @_; |
28 |
# Prepare a fake temporary PL file |
29 |
# (/dev/null won't do, because the font must not be empty): |
30 |
- my ($pl) = "/tmp/feynmf$$.pl"; |
31 |
my ($tfm); |
32 |
$pltotf_prog |
33 |
or die "feynmf: fatal: pltopf programm required unless -notfm\n"; |
34 |
- open (PL, ">$pl") or die "feynmf: can't open temporary file $pl: $!\n"; |
35 |
+ my ($PL, $pl) = tempfile("/tmp/feynmfXXXXXX", SUFFIX => ".pl"); |
36 |
+ $PL or die "feynmf: can't open temporary file: $!\n"; |
37 |
push @temporay_files, $pl; |
38 |
- print PL <<__END_PL__; |
39 |
+ print $PL <<__END_PL__; |
40 |
(FAMILY FEYNMF) |
41 |
(DESIGNSIZE R 10.0) |
42 |
(CHARACTER D 1 (CHARWD R 10.0) (CHARHT R 10.0)) |
43 |
__END_PL__ |
44 |
- close (PL); |
45 |
+ close ($PL); |
46 |
foreach $tfm (@tfm) { |
47 |
maybe_run "$pltotf_prog $pl $tfm.tfm" unless -r "$tfm.tfm"; |
48 |
} |
49 |
|
50 |
|
51 |
|
52 |
1.1 dev-tex/feynmf/files/digest-feynmf-1.08-r2 |
53 |
|
54 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-tex/feynmf/files/digest-feynmf-1.08-r2?rev=1.1&view=markup |
55 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-tex/feynmf/files/digest-feynmf-1.08-r2?rev=1.1&content-type=text/plain |
56 |
|
57 |
Index: digest-feynmf-1.08-r2 |
58 |
=================================================================== |
59 |
MD5 689bb25c24cd7be7d625454cc16c26ec feynmf-1.08.tar.gz 286208 |
60 |
RMD160 94b091e6cfe0ae26766bcb4a8d591cfa30b7b48c feynmf-1.08.tar.gz 286208 |
61 |
SHA256 07bd8c23246fc3e8c7bab6590570e601dcbab2e7b07119cc052693c06d31bd0f feynmf-1.08.tar.gz 286208 |
62 |
MD5 4357d09d7d7e38ad3d312942f303394b feynmf-cnl.tar.gz 49920 |
63 |
RMD160 8c6aec2e050ed6cc9b3b7484b870543c3a7907b6 feynmf-cnl.tar.gz 49920 |
64 |
SHA256 18bbfc2aedcb76f20c8817a1ee002962baa1172f5b2c9fb23f968268db2c75d5 feynmf-cnl.tar.gz 49920 |
65 |
|
66 |
|
67 |
|
68 |
-- |
69 |
gentoo-commits@g.o mailing list |