Upstream fix for very insecure temp file creation in example script
(CVE-2005-2965). Approved by: perky
This commit is contained in:
parent
a5c92cca98
commit
aa27779311
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=146689
@ -7,7 +7,7 @@
|
||||
|
||||
PORTNAME= graphviz
|
||||
PORTVERSION= 2.2
|
||||
PORTREVISION= 1
|
||||
PORTREVISION= 2
|
||||
CATEGORIES= graphics tk84
|
||||
MASTER_SITES= http://www.graphviz.org/pub/graphviz/ARCHIVE/
|
||||
|
||||
|
21
graphics/graphviz/files/patch-dotty::dotty.lefty
Normal file
21
graphics/graphviz/files/patch-dotty::dotty.lefty
Normal file
@ -0,0 +1,21 @@
|
||||
--- dotty/dotty.lefty.orig
|
||||
+++ dotty/dotty.lefty
|
||||
@@ -668,7 +668,10 @@
|
||||
if (~(otype = ask ('print to', 'choice', 'file|printer')))
|
||||
return;
|
||||
if (otype == 'printer') {
|
||||
- name = '/tmp/dottyout.ps';
|
||||
+ if (~getenv ('TMPDIR'))
|
||||
+ name = concat (getenv ('HOME'), '/.dottyout.ps');
|
||||
+ else
|
||||
+ name = concat (getenv ('TMPDIR'), '/.dottyout.ps', random (10000));
|
||||
if (getenv ('LEFTYWINSYS') ~= 'mswin' & ~pr)
|
||||
if (~(pr = ask ('printer command', 'string', 'lpr')))
|
||||
return;
|
||||
@@ -768,5 +771,5 @@
|
||||
vt.canvas = canvas;
|
||||
destroywidget (pscanvas);
|
||||
if (otype == 'printer' & getenv ('LEFTYWINSYS') ~= 'mswin')
|
||||
- system (concat (pr, ' /tmp/dottyout.ps; rm /tmp/dottyout.ps'));
|
||||
+ system (concat (pr, ' ', name, '; rm ',name));
|
||||
};
|
Loading…
Reference in New Issue
Block a user