diff options
| author |   Ulrich Müller <ulm@gentoo.org> | 2007-11-06 09:15:16 +0000 |
|---|---|---|
| committer | Ulrich Müller <ulm@gentoo.org> | 2007-11-06 09:15:16 +0000 |
| commit | de9b1597cd6f3d3193bbabe13ff9d22b192ccf07 (patch) | |
| tree | 9c5ed27e43968de88f8d01090b356c387e0d600b | |
| parent | Fix insecure temp file creation, security bug #198231. (diff) | |
| download | historical-de9b1597cd6f3d3193bbabe13ff9d22b192ccf07.tar.gz historical-de9b1597cd6f3d3193bbabe13ff9d22b192ccf07.tar.bz2 historical-de9b1597cd6f3d3193bbabe13ff9d22b192ccf07.zip | |
Fix insecure temp file creation, security bug #198231.
Package-Manager: portage-2.1.3.18
| -rw-r--r-- | dev-tex/feynmf/feynmf-1.08-r2.ebuild | 4 | ||||
| -rw-r--r-- | dev-tex/feynmf/files/feynmf-1.08-tempfile.patch | 33 |
2 files changed, 34 insertions, 3 deletions
diff --git a/dev-tex/feynmf/feynmf-1.08-r2.ebuild b/dev-tex/feynmf/feynmf-1.08-r2.ebuild index 0deda27ffe08..7668500810c8 100644 --- a/dev-tex/feynmf/feynmf-1.08-r2.ebuild +++ b/dev-tex/feynmf/feynmf-1.08-r2.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2007 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/dev-tex/feynmf/feynmf-1.08-r2.ebuild,v 1.1 2007/11/06 09:13:02 ulm Exp $ +# $Header: /var/cvsroot/gentoo-x86/dev-tex/feynmf/feynmf-1.08-r2.ebuild,v 1.2 2007/11/06 09:15:16 ulm Exp $ inherit eutils latex-package @@ -16,8 +16,6 @@ KEYWORDS="~amd64 ~ppc ~x86" IUSE="doc" DEPEND="|| ( dev-texlive/texlive-metapost virtual/tetex )" -RDEPEND="${DEPEND} - virtual/perl-File-Temp" S="${WORKDIR}/${PN}" diff --git a/dev-tex/feynmf/files/feynmf-1.08-tempfile.patch b/dev-tex/feynmf/files/feynmf-1.08-tempfile.patch new file mode 100644 index 000000000000..5e3ec840dcc2 --- /dev/null +++ b/dev-tex/feynmf/files/feynmf-1.08-tempfile.patch @@ -0,0 +1,33 @@ +--- feynmf-orig/feynmf.pl 2007-11-06 08:32:37.000000000 +0100 ++++ feynmf/feynmf.pl 2007-11-06 09:33:04.000000000 +0100 +@@ -119,6 +119,7 @@ + require 5.000; + # use strict; + use File::Find; ++use File::Temp qw(tempfile); + use Getopt::Long; + + ######################################################################## +@@ -270,18 +271,18 @@ + my @tfm = @_; + # Prepare a fake temporary PL file + # (/dev/null won't do, because the font must not be empty): +- my ($pl) = "/tmp/feynmf$$.pl"; + my ($tfm); + $pltotf_prog + or die "feynmf: fatal: pltopf programm required unless -notfm\n"; +- open (PL, ">$pl") or die "feynmf: can't open temporary file $pl: $!\n"; ++ my ($PL, $pl) = tempfile("/tmp/feynmfXXXXXX", SUFFIX => ".pl"); ++ $PL or die "feynmf: can't open temporary file: $!\n"; + push @temporay_files, $pl; +- print PL <<__END_PL__; ++ print $PL <<__END_PL__; + (FAMILY FEYNMF) + (DESIGNSIZE R 10.0) + (CHARACTER D 1 (CHARWD R 10.0) (CHARHT R 10.0)) + __END_PL__ +- close (PL); ++ close ($PL); + foreach $tfm (@tfm) { + maybe_run "$pltotf_prog $pl $tfm.tfm" unless -r "$tfm.tfm"; + } |