From c3c758e01da6308bfb4f2853362fa04077659103 Mon Sep 17 00:00:00 2001
From: Joe Marcus Clarke <marcus@FreeBSD.org>
Date: Wed, 9 Oct 2002 16:34:46 +0000
Subject: Apply the vendor patch for the recent security exploit.

See http://online.securityfocus.com/bid/5602/info/ for more details.
---
 textproc/scrollkeeper/Makefile             |   2 +-
 textproc/scrollkeeper/files/patch-security | 139 +++++++++++++++++++++++++++++
 2 files changed, 140 insertions(+), 1 deletion(-)
 create mode 100644 textproc/scrollkeeper/files/patch-security

(limited to 'textproc/scrollkeeper')

diff --git a/textproc/scrollkeeper/Makefile b/textproc/scrollkeeper/Makefile
index 793bf1309560..44cdb8b2cffd 100644
--- a/textproc/scrollkeeper/Makefile
+++ b/textproc/scrollkeeper/Makefile
@@ -7,7 +7,7 @@
 
 PORTNAME=	scrollkeeper
 PORTVERSION=	0.3.11
-PORTREVISION=	2
+PORTREVISION=	3
 PORTEPOCH=	1
 CATEGORIES=	textproc gnome
 MASTER_SITES=	${MASTER_SITE_GNOME}
diff --git a/textproc/scrollkeeper/files/patch-security b/textproc/scrollkeeper/files/patch-security
new file mode 100644
index 000000000000..8ca68bd701e4
--- /dev/null
+++ b/textproc/scrollkeeper/files/patch-security
@@ -0,0 +1,139 @@
+This patch fixes a security issue in scrollkeeper.  It will be integrated
+into the next release.
+
+--- cl/src/get-cl.c	2002/02/25 08:23:14	1.18
++++ cl/src/get-cl.c	2002/09/22 07:13:59	1.19
+@@ -27,6 +27,7 @@
+ #include <unistd.h>
+ #include <sys/stat.h>
+ #include <locale.h>
++#include <fcntl.h>
+ 
+ /* cycles through five temporary filenames of the form /tmp/scrollkeeper-templfile.x,
+    where x is number from 0 to 4 and returns the first one that does not exist or the
+@@ -35,7 +36,7 @@
+ static char *get_next_free_temp_file_path(char outputprefs)
+ {
+ 	char path[PATHLEN], *filename;
+-	int i, num;
++	int i, num, fd;
+ 	struct stat buf;
+ 	time_t prev;
+ 	
+@@ -82,6 +83,17 @@
+ 	check_ptr(filename, "scrollkeeper-get-cl");
+ 	snprintf(filename, PATHLEN, "/tmp/scrollkeeper-tempfile.%d", num);
+ 
++	unlink(filename);
++	
++	fd = open(filename, O_RDWR | O_CREAT | O_EXCL | O_TRUNC | O_NONBLOCK,
++		  S_IRWXU | S_IRGRP | S_IROTH);
++
++	if (fd < 0) {
++	        fprintf (stderr, _("scrollkeeper-get-cl: Cannot open temp file: %s\n"), filename);
++		exit (EXIT_FAILURE);
++	}
++	close(fd);
++	
+ 	return filename;
+ }
+ 
+--- libs/extract.c	2002/03/16 19:08:48	1.12
++++ libs/extract.c	2002/09/22 07:14:01	1.14
+@@ -43,16 +43,16 @@
+ 	int i;
+ 	int returnval = 1;
+ 	FILE *fid;
++	struct stat buf;
+ #ifndef SOLARIS
+ 	char line[1024], *start, *end;
+ 	int num;
+ 	FILE *res_fid;
+ 	char *doctype;
+ 	char command[1024];
+-	pid_t pid;
+ 	char temp1[PATHLEN], temp2[PATHLEN], errors[PATHLEN];
++	int temp1_fd, temp2_fd, errors_fd;
+ #endif
+-	struct stat buf;
+ 
+ 	if (input_file == NULL ||
+ 	    stylesheets == NULL ||
+@@ -69,11 +69,23 @@
+ #ifdef SOLARIS
+ 		doc = docbParseFile(input_file, NULL);
+ #else
+-		pid = getpid();		
+-		
+-		snprintf(temp1, PATHLEN, "/var/tmp/scrollkeeper-extract-1-%ld.xml", (long)pid);
+-		snprintf(temp2, PATHLEN, "/var/tmp/scrollkeeper-extract-2-%ld.xml", (long)pid);
+-		snprintf(errors, PATHLEN, "/var/tmp/scrollkeeper-extract-errors-%ld", (long)pid);		
++		snprintf(temp1, PATHLEN, SCROLLKEEPER_STATEDIR "/tmp/scrollkeeper-extract-1.xml.XXXXXX");
++		snprintf(temp2, PATHLEN, SCROLLKEEPER_STATEDIR "/tmp/scrollkeeper-extract-2.xml.XXXXXX");
++		snprintf(errors, PATHLEN, SCROLLKEEPER_STATEDIR "/tmp/scrollkeeper-extract-errors.XXXXXX");
++
++		temp1_fd = mkstemp(temp1);
++		printf ("%s\n", temp1);
++		if (temp1_fd == -1) {
++			sk_message(outputprefs, SKOUT_DEFAULT, SKOUT_QUIET, "(apply_stylesheets)", _("Cannot create temporary file: %s : %s\n"),temp1, strerror(errno));
++			return 0;
++		}
++		  
++		errors_fd = mkstemp(errors);
++		if (errors_fd == -1) {
++			sk_message(outputprefs, SKOUT_DEFAULT, SKOUT_QUIET, "(apply_stylesheets)", _("Cannot create temporary file: %s : %s\n"),errors, strerror(errno));
++			return 0;
++		}
++		close(errors_fd);
+ 
+ 		snprintf(command, 1024, "sgml2xml -xlower -f%s %s > %s", errors, input_file, temp1);
+ 		system(command);
+@@ -83,6 +95,7 @@
+ 		fid = fopen(input_file, "r");
+ 		if (fid == NULL) {
+ 			sk_message(outputprefs, SKOUT_DEFAULT, SKOUT_QUIET, "(apply_stylesheets)", _("Cannot read file: %s : %s\n"),input_file, strerror(errno));
++		        close(temp1_fd);
+ 			return 0;
+ 		}
+ 
+@@ -106,14 +119,25 @@
+ 		}
+ 		
+ 		if (doctype == NULL) {
++		        close(temp1_fd);
+ 			unlink(temp1);
+ 			return 0;		
+ 		}
+-		
+-		fid = fopen(temp1, "r");
+-		res_fid = fopen(temp2, "w");
++
++		temp2_fd = mkstemp(temp2);
++		if (temp2_fd == -1) {
++		        close(temp1_fd);
++			unlink(temp1);
++			sk_message(outputprefs, SKOUT_DEFAULT, SKOUT_QUIET, "(apply_stylesheets)", _("Cannot create temporary file: %s : %s\n"),temp2, strerror(errno));
++			return 0;
++		}
++
++		fid = fdopen(temp1_fd, "r");
++		res_fid = fdopen(temp2_fd, "w");
+ 		if (fid == NULL || res_fid == NULL) {
++		        close(temp1_fd);
+ 			unlink(temp1);
++		        close(temp2_fd);
+ 			unlink(temp2);
+ 			return 0;
+ 		}
+--- libs/Makefile.in.orig	Wed Oct  9 12:36:43 2002
++++ libs/Makefile.in	Wed Oct  9 12:37:05 2002
+@@ -130,7 +130,8 @@
+ INCLUDES = \
+         $(XML_CFLAGS) \
+ 	$(XSLT_CFLAGS) \
+-	$(HOST_TYPE)
++	$(HOST_TYPE) \
++	-DSCROLLKEEPER_STATEDIR=\""$(localstatedir)"\"
+ 
+ 
+ libscrollkeeper_la_SOURCES = \
-- 
cgit v1.2.3