22834809 a2ps should be 64-bit
24660351 a2ps should have some master test results
24660634 a2ps is missing many patches created by the Debian/Ubuntu community
24660835 problem in UTILITY/A2PS
Fix CVE-2001-1593
See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1593
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2001-1593
for more details.
Index: b/lib/routines.c
===================================================================
--- a/lib/routines.c
+++ b/lib/routines.c
@@ -242,3 +242,50 @@
/* Don't complain if you can't unlink. Who cares of a tmp file? */
unlink (filename);
}
+
+/*
+ * Securely generate a temp file, and make sure it gets
+ * deleted upon exit.
+ */
+static char ** tempfiles;
+static unsigned ntempfiles;
+
+static void
+cleanup_tempfiles()
+{
+ while (ntempfiles--)
+ unlink(tempfiles[ntempfiles]);
+}
+
+char *
+safe_tempnam(const char *pfx)
+{
+ char *dirname, *filename;
+ int fd;
+
+ if (!(dirname = getenv("TMPDIR")))
+ dirname = "/tmp";
+
+ tempfiles = (char **) realloc(tempfiles,
+ (ntempfiles+1) * sizeof(char *));
+ if (tempfiles == NULL)
+ return NULL;
+
+ filename = malloc(strlen(dirname) + strlen(pfx) + sizeof("/XXXXXX"));
+ if (!filename)
+ return NULL;
+
+ sprintf(filename, "%s/%sXXXXXX", dirname, pfx);
+
+ if ((fd = mkstemp(filename)) < 0) {
+ free(filename);
+ return NULL;
+ }
+ close(fd);
+
+ if (ntempfiles == 0)
+ atexit(cleanup_tempfiles);
+ tempfiles[ntempfiles++] = filename;
+
+ return filename;
+}
Index: b/lib/routines.h
===================================================================
--- a/lib/routines.h
+++ b/lib/routines.h
@@ -255,7 +255,8 @@
/* If _STR_ is not defined, give it a tempname in _TMPDIR_ */
#define tempname_ensure(Str) \
do { \
- (Str) = (Str) ? (Str) : tempnam (NULL, "a2_"); \
+ (Str) = (Str) ? (Str) : safe_tempnam("a2_"); \
} while (0)
+char * safe_tempnam(const char *);
#endif