head	1.2;
access;
symbols
	pkgsrc-2022Q4:1.1.0.72
	pkgsrc-2022Q4-base:1.1
	pkgsrc-2022Q3:1.1.0.70
	pkgsrc-2022Q3-base:1.1
	pkgsrc-2022Q2:1.1.0.68
	pkgsrc-2022Q2-base:1.1
	pkgsrc-2022Q1:1.1.0.66
	pkgsrc-2022Q1-base:1.1
	pkgsrc-2021Q4:1.1.0.64
	pkgsrc-2021Q4-base:1.1
	pkgsrc-2021Q3:1.1.0.62
	pkgsrc-2021Q3-base:1.1
	pkgsrc-2021Q2:1.1.0.60
	pkgsrc-2021Q2-base:1.1
	pkgsrc-2021Q1:1.1.0.58
	pkgsrc-2021Q1-base:1.1
	pkgsrc-2020Q4:1.1.0.56
	pkgsrc-2020Q4-base:1.1
	pkgsrc-2020Q3:1.1.0.54
	pkgsrc-2020Q3-base:1.1
	pkgsrc-2020Q2:1.1.0.50
	pkgsrc-2020Q2-base:1.1
	pkgsrc-2020Q1:1.1.0.30
	pkgsrc-2020Q1-base:1.1
	pkgsrc-2019Q4:1.1.0.52
	pkgsrc-2019Q4-base:1.1
	pkgsrc-2019Q3:1.1.0.48
	pkgsrc-2019Q3-base:1.1
	pkgsrc-2019Q2:1.1.0.46
	pkgsrc-2019Q2-base:1.1
	pkgsrc-2019Q1:1.1.0.44
	pkgsrc-2019Q1-base:1.1
	pkgsrc-2018Q4:1.1.0.42
	pkgsrc-2018Q4-base:1.1
	pkgsrc-2018Q3:1.1.0.40
	pkgsrc-2018Q3-base:1.1
	pkgsrc-2018Q2:1.1.0.38
	pkgsrc-2018Q2-base:1.1
	pkgsrc-2018Q1:1.1.0.36
	pkgsrc-2018Q1-base:1.1
	pkgsrc-2017Q4:1.1.0.34
	pkgsrc-2017Q4-base:1.1
	pkgsrc-2017Q3:1.1.0.32
	pkgsrc-2017Q3-base:1.1
	pkgsrc-2017Q2:1.1.0.28
	pkgsrc-2017Q2-base:1.1
	pkgsrc-2017Q1:1.1.0.26
	pkgsrc-2017Q1-base:1.1
	pkgsrc-2016Q4:1.1.0.24
	pkgsrc-2016Q4-base:1.1
	pkgsrc-2016Q3:1.1.0.22
	pkgsrc-2016Q3-base:1.1
	pkgsrc-2016Q2:1.1.0.20
	pkgsrc-2016Q2-base:1.1
	pkgsrc-2016Q1:1.1.0.18
	pkgsrc-2016Q1-base:1.1
	pkgsrc-2015Q4:1.1.0.16
	pkgsrc-2015Q4-base:1.1
	pkgsrc-2015Q3:1.1.0.14
	pkgsrc-2015Q3-base:1.1
	pkgsrc-2015Q2:1.1.0.12
	pkgsrc-2015Q2-base:1.1
	pkgsrc-2015Q1:1.1.0.10
	pkgsrc-2015Q1-base:1.1
	pkgsrc-2014Q4:1.1.0.8
	pkgsrc-2014Q4-base:1.1
	pkgsrc-2014Q3:1.1.0.6
	pkgsrc-2014Q3-base:1.1
	pkgsrc-2014Q2:1.1.0.4
	pkgsrc-2014Q2-base:1.1
	pkgsrc-2014Q1:1.1.0.2
	pkgsrc-2014Q1-base:1.1;
locks; strict;
comment	@# @;


1.2
date	2023.03.13.10.39.29;	author wiz;	state dead;
branches;
next	1.1;
commitid	sK29OznPBjIi1XgE;

1.1
date	2014.02.05.17.20.31;	author drochner;	state Exp;
branches;
next	;
commitid	Uo8EvxMaUfSZ2Wnx;


desc
@@


1.2
log
@a2ps: update to 4.15.

* Noteworthy changes in release 4.15 (2023-03-07) [stable]
 * New maintainer, Reuben Thomas.
 * Features:
   - Replace the 'psmandup' utility with simpler 'lp2' to directly print
     documents to a simplex printer.
   - Remove the outdated 'psset' and 'fixnt', and simplify 'fixps' to
     always process its input with Ghostscript.
   - Use libpaper's paper sizes. This includes user-defined paper sizes
     when using libpaper 2. It is still possible to define custom margins
     using "Medium:" specifications in the configuration file, and the
     one size defined by a2ps that libpaper does not know about, Quarto, is
     retained for backwards compatiblity, and as an example.
 * Documentation
   - Remove some obsolete explanations.
   - Reformat --help output consistently to 80 columns.
   - Some English fixes.
 * Bug fixes:
   - Avoid a crash when a medium is not specified; instead, use the default
     libpaper size (configured by the user or sysadmin, or the locale
     default).
   - Fix some other potential crashes and compiler warnings.
   - Fixes for security bugs CVE-2001-1593, CVE-2015-8107 and CVE-2014-0466.
   - Minor bugs fixed.
 * Predefined delegations:
   - Remove support for defunct Netscape and proprietary Acrobat Reader.
   - Add lpr wrapper for automatic detection of different printing systems,
     including CUPS support.
 * Encodings:
   - Use libre fonts for KOI-8.
   - Composite fonts support.
 * Build
   - Update build system to more recent autotools and gettext versions.
   - Build man pages in a simpler and more robust way.
   - Document runtime dependencies.
   - Minor code quality improvements.
   - Minor tidy up and removal of obsolete code.
   - Require libpaper.
   - Remove OS/2 support.
@
text
@$NetBSD: patch-CVE-2001-1593_1,v 1.1 2014/02/05 17:20:31 drochner Exp $

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737385

--- lib/routines.c.orig	2007-12-29 01:58:23.000000000 +0000
+++ lib/routines.c
@@@@ -242,3 +242,50 @@@@ unlink2 (PARAM_UNUSED void * dummy, cons
   /* Don't complain if you can't unlink.  Who cares of a tmp file? */
   unlink (filename);
 }
+
+/*
+ * Securely generate a temp file, and make sure it gets
+ * deleted upon exit.
+ */
+static char **	tempfiles;
+static unsigned	ntempfiles;
+
+static void
+cleanup_tempfiles()
+{
+	while (ntempfiles--)
+		unlink(tempfiles[ntempfiles]);
+}
+
+char *
+safe_tempnam(const char *pfx)
+{
+	char	*dirname, *filename;
+	int	fd;
+
+	if (!(dirname = getenv("TMPDIR")))
+		dirname = "/tmp";
+
+	tempfiles = (char **) realloc(tempfiles,
+			(ntempfiles+1) * sizeof(char *));
+	if (tempfiles == NULL)
+		return NULL;
+
+	filename = malloc(strlen(dirname) + strlen(pfx) + sizeof("/XXXXXX"));
+	if (!filename)
+		return NULL;
+
+	sprintf(filename, "%s/%sXXXXXX", dirname, pfx);
+
+	if ((fd = mkstemp(filename)) < 0) {
+		free(filename);
+		return NULL;
+	}
+	close(fd);
+
+	if (ntempfiles == 0)
+		atexit(cleanup_tempfiles);
+	tempfiles[ntempfiles++] = filename;
+
+	return filename;
+}
@


1.1
log
@add patch from Fedora to fix insecure /tmp file use (CVE-2001-1593)
bump PKGREV
@
text
@d1 1
a1 1
$NetBSD$
@