diff options
| author | Hiroki Sato <hrs@FreeBSD.org> | 2005-11-27 17:57:19 +0000 |
|---|---|---|
| committer | Hiroki Sato <hrs@FreeBSD.org> | 2005-11-27 17:57:19 +0000 |
| commit | ceed13510d97700f33cafcf230ced4a000b45102 (patch) | |
| tree | 6fc9a41cc760174c691eb69f6e4bb6b813609775 /print/ghostscript-gnu/files/patch-lib:pv.sh.CAN-2004-0967 | |
| parent | Fix problem with -encoding flag. (diff) | |
Security fix: several shell scripts included in the Ghostscript package
allow local users to overwrite files via a symlink attack on temporary
files.
Security: CAN-2004-0967
Notes
Notes:
svn path=/head/; revision=149682
Diffstat (limited to 'print/ghostscript-gnu/files/patch-lib:pv.sh.CAN-2004-0967')
| -rw-r--r-- | print/ghostscript-gnu/files/patch-lib:pv.sh.CAN-2004-0967 | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/print/ghostscript-gnu/files/patch-lib:pv.sh.CAN-2004-0967 b/print/ghostscript-gnu/files/patch-lib:pv.sh.CAN-2004-0967 new file mode 100644 index 000000000000..a37fc43aada9 --- /dev/null +++ b/print/ghostscript-gnu/files/patch-lib:pv.sh.CAN-2004-0967 @@ -0,0 +1,16 @@ +--- lib/pv.sh.orig Mon Nov 28 02:18:26 2005 ++++ lib/pv.sh Mon Nov 28 02:18:59 2005 +@@ -29,9 +29,10 @@ + PAGE=$1 + shift + FILE=$1 ++TEMPFILE=`mktemp -t ${FILE}XXXXXX` || exit 1 + shift +-trap "rm -rf $TEMPDIR/$FILE.$$.pv" 0 1 2 15 ++trap "rm -rf $TEMPFILE" 0 1 2 15 + #dvips -D$RESOLUTION -p $PAGE -n 1 $FILE $* -o $FILE.$$.pv +-dvips -p $PAGE -n 1 $FILE $* -o $FILE.$$.pv +-gs $FILE.$$.pv ++dvips -p $PAGE -n 1 $FILE $* -o $TEMPFILE ++gs $TEMPFILE + exit 0 |