Upstream fix for very insecure temp file creation in example script

(CVE-2005-2965). Approved by: perky
svn path=/head/; revision=146689
2005-10-29 19:13:43 +00:00 · 2005-10-29 19:13:43 +00:00 · aa27779311 · 2021-03-31 03:12:20 +00:00
commit aa27779311
parent a5c92cca98
2 changed files with 22 additions and 1 deletions
--- a/graphics/graphviz/Makefile
+++ b/graphics/graphviz/Makefile
@ -7,7 +7,7 @@

 PORTNAME=	graphviz
 PORTVERSION=	2.2
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	graphics tk84
 MASTER_SITES=	http://www.graphviz.org/pub/graphviz/ARCHIVE/

--- a/graphics/graphviz/files/patch-dotty::dotty.lefty
+++ b/graphics/graphviz/files/patch-dotty::dotty.lefty
@ -0,0 +1,21 @@
+--- dotty/dotty.lefty.orig
+++ dotty/dotty.lefty
+@@ -668,7 +668,10 @@
+         if (~(otype = ask ('print to', 'choice', 'file|printer')))
+             return;
+     if (otype == 'printer') {
+-        name = '/tmp/dottyout.ps';
+        if (~getenv ('TMPDIR'))
+            name = concat (getenv ('HOME'), '/.dottyout.ps');
+        else
+            name = concat (getenv ('TMPDIR'), '/.dottyout.ps', random (10000));
+         if (getenv ('LEFTYWINSYS') ~= 'mswin' & ~pr)
+             if (~(pr = ask ('printer command', 'string', 'lpr')))
+                 return;
+@@ -768,5 +771,5 @@
+     vt.canvas = canvas;
+     destroywidget (pscanvas);
+     if (otype == 'printer' & getenv ('LEFTYWINSYS') ~= 'mswin')
+-        system (concat (pr, ' /tmp/dottyout.ps; rm /tmp/dottyout.ps'));
+        system (concat (pr, ' ', name, '; rm ',name));
+ };