head 1.22; access; symbols OPENPKG_E1_MP_HEAD:1.1 OPENPKG_E1_MP:1.1 OPENPKG_E1_MP_2_STABLE:1.1 OPENPKG_E1_FP:1.1 OPENPKG_2_STABLE_20061018:1.1 OPENPKG_2_STABLE:1.1.0.18 OPENPKG_2_STABLE_BP:1.1 OPENPKG_2_5_SOLID:1.1.0.16 OPENPKG_2_5_SOLID_BP:1.1 OPENPKG_2_4_RELEASE:1.1 OPENPKG_2_4_SOLID:1.1.0.14 OPENPKG_2_4_SOLID_BP:1.1 OPENPKG_2_3_RELEASE:1.1 OPENPKG_2_3_SOLID:1.1.0.12 OPENPKG_2_3_SOLID_BP:1.1 OPENPKG_2_2_RELEASE:1.1 OPENPKG_2_2_SOLID:1.1.0.10 OPENPKG_2_2_SOLID_BP:1.1 OPENPKG_2_1_RELEASE:1.1 OPENPKG_2_1_SOLID:1.1.0.8 OPENPKG_2_1_SOLID_BP:1.1 OPENPKG_2_0_RELEASE:1.1 OPENPKG_2_0_SOLID:1.1.0.6 OPENPKG_2_0_SOLID_BP:1.1 OPENPKG_1_1_SOLID:1.1.0.4 OPENPKG_1_2_SOLID:1.1.0.2; locks; strict; comment @# @; 1.22 date 2009.11.04.17.15.20; author rse; state Exp; branches; next 1.21; commitid r9UgnyD1CdYuYdau; 1.21 date 2009.10.28.20.49.30; author rse; state Exp; branches; next 1.20; commitid KAymbhCGzvsUnl9u; 1.20 date 2009.10.28.09.46.59; author rse; state Exp; branches; next 1.19; commitid oSpd7Ur9B2CDIh9u; 1.19 date 2009.10.28.09.45.21; author rse; state Exp; branches; next 1.18; commitid Py1IqGxyKq35Ih9u; 1.18 date 2009.10.10.18.05.03; author rse; state Exp; branches; next 1.17; commitid sjUhksblU7rn317u; 1.17 date 2009.10.04.17.13.23; author rse; state Exp; branches; next 1.16; commitid IhQgIt8tLMoCXe6u; 1.16 date 2009.05.29.17.22.37; author rse; state Exp; branches; next 1.15; commitid fH5mFHoooPIR7NPt; 1.15 date 2009.04.01.18.01.58; author rse; state Exp; branches; next 1.14; commitid r5je5YHFFR9XclIt; 1.14 date 2009.01.10.22.14.22; author rse; state Exp; branches; next 1.13; commitid SAcVJJ7RPoOYcXxt; 1.13 date 2008.08.18.17.58.28; author rse; state Exp; branches; next 1.12; commitid Gu4Vij0Te23asift; 1.12 date 2008.04.03.15.09.32; author rse; state Exp; branches; next 1.11; commitid xq2gLFMqhiaeVFXs; 1.11 date 2007.12.19.18.55.58; author cs; state Exp; branches; next 1.10; commitid Rt5K5EYWUCu9A4Ks; 1.10 date 2007.12.13.09.25.54; author rse; state Exp; branches; next 1.9; commitid DbPWSpMXMFSxCfJs; 1.9 date 2007.11.18.01.56.46; author cs; state Exp; branches; next 1.8; commitid ZWJaFuAo5uihWZFs; 1.8 date 2007.11.05.16.43.23; author cs; state Exp; branches; next 1.7; commitid 60NVnO7RK6nmgpEs; 1.7 date 2007.11.02.08.18.23; author rse; state Exp; branches; next 1.6; commitid jjgemt8vKRK5zYDs; 1.6 date 2007.10.31.07.41.35; author rse; state Exp; branches; next 1.5; commitid ZdNTXmlfrJbsqIDs; 1.5 date 2007.09.01.08.42.37; author cs; state Exp; branches; next 1.4; commitid czfXMyZc7ilXG0ws; 1.4 date 2007.08.11.15.27.11; author cs; state Exp; branches; next 1.3; commitid fNarm0ie9RgBBlts; 1.3 date 2007.08.03.05.14.42; author cs; state Exp; branches; next 1.2; commitid 0wfyRn7QIQVqtgss; 1.2 date 2007.07.15.18.00.10; author rse; state Exp; branches; next 1.1; commitid x8KQ3uvEf3ORjTps; 1.1 date 2003.07.10.14.21.14; author thl; state dead; branches 1.1.2.1 1.1.4.1; next ; 1.1.2.1 date 2003.07.10.14.21.14; author thl; state Exp; branches; next ; 1.1.4.1 date 2003.07.10.14.22.34; author thl; state Exp; branches; next ; desc @@ 1.22 log @upgrading package: imagemagick 6.5.6.8 -> 6.5.7.4 @ text @Index: PerlMagick/Makefile.PL.in --- PerlMagick/Makefile.PL.in.orig 2009-10-21 15:12:00 +0200 +++ PerlMagick/Makefile.PL.in 2009-11-04 17:56:02 +0100 @@@@ -139,7 +139,7 @@@@ # defaults for LIBS & INC & CCFLAGS params that we later pass to Writemakefile my $INC_magick = '-I../ -I@@top_srcdir@@ @@CPPFLAGS@@ -I"' . $Config{'usrinc'} . '/ImageMagick"'; -my $LIBS_magick = '-L../magick/.libs -lMagickCore -lperl @@MATH_LIBS@@'; +my $LIBS_magick = '-L../magick/.libs -lMagickCore -lperl @@MATH_LIBS@@ @@LDFLAGS@@ -llcms -ltiff -lfreetype -llqr-1 -ljasper -ljpeg -lpng -lglib2 -lgobject2 -lgio2 -lbz2 -lxml2 -lintl -liconv -lz -lm'; my $CCFLAGS_magick = "$Config{'ccflags'} @@CFLAGS@@"; my $LDFLAGS_magick = "-L../magick/.libs -lMagickCore $Config{'ldflags'} @@LDFLAGS@@"; my $LDDLFLAGS_magick = "-L../magick/.libs -lMagickCore $Config{'lddlflags'} @@LDFLAGS@@"; Index: configure --- configure.orig 2009-11-03 15:55:45 +0100 +++ configure 2009-11-04 17:53:50 +0100 @@@@ -49536,7 +49536,7 @@@@ # Append VALUE to the end of shell variable VAR. func_append () { - eval "$1+=\$2" + eval "$1=\"\$$1\$2\"" } _LT_EOF ;; @ 1.21 log @downgrade to 6.5.6.8 as this version still does not cause assertions and at the same time fix Perl bindings once again @ text @d2 3 a4 4 --- PerlMagick/Makefile.PL.in.orig 2009-10-03 21:09:01 +0200 +++ PerlMagick/Makefile.PL.in 2009-10-04 19:05:17 +0200 @@@@ -83,7 +83,7 @@@@ 'INSTALLBIN' => '@@BIN_DIR@@', d6 7 a12 6 # Library specification - 'LIBS' => [ '-L../magick/.libs -lMagickCore -L../wand/.libs -lperl @@MATH_LIBS@@' ], + 'LIBS' => [ '-L../magick/.libs -lMagickCore -L../wand/.libs -lMagickWand -lperl @@MATH_LIBS@@ @@LDFLAGS@@ -llcms -ltiff -lfreetype -llqr-1 -ljasper -ljpeg -lpng -lglib2 -lgobject2 -lgio2 -lbz2 -lxml2 -lintl -liconv -lz -lm' ], # Perl binary name (if a Perl binary is built) 'MAP_TARGET' => 'PerlMagick', d14 3 a16 3 --- configure.orig 2009-10-04 02:27:08 +0200 +++ configure 2009-10-04 19:00:27 +0200 @@@@ -49565,7 +49565,7 @@@@ @ 1.20 log @try to fix Perl bindings (once again) @ text @d2 4 a5 3 --- PerlMagick/Makefile.PL.in.orig 2009-10-21 15:12:00 +0200 +++ PerlMagick/Makefile.PL.in 2009-10-25 18:50:11 +0100 @@@@ -139,7 +139,7 @@@@ d7 6 a12 7 # defaults for LIBS & INC & CCFLAGS params that we later pass to Writemakefile my $INC_magick = '-I../ -I@@top_srcdir@@ @@CPPFLAGS@@ -I"' . $Config{'usrinc'} . '/ImageMagick"'; -my $LIBS_magick = '-L../magick/.libs -lMagickCore -lperl @@MATH_LIBS@@'; +my $LIBS_magick = '-L../magick/.libs -lMagickCore -lMagickWand -lperl @@MATH_LIBS@@ @@LDFLAGS@@ -llcms -ltiff -lfreetype -llqr-1 -ljasper -ljpeg -lpng -lbz2 -lxml2 -liconv -lz -lm'; my $CCFLAGS_magick = "$Config{'ccflags'} @@CFLAGS@@"; my $LDFLAGS_magick = "-L../magick/.libs -lMagickCore $Config{'ldflags'} @@LDFLAGS@@"; my $LDDLFLAGS_magick = "-L../magick/.libs -lMagickCore $Config{'lddlflags'} @@LDFLAGS@@"; d14 3 a16 3 --- configure.orig 2009-10-24 04:34:56 +0200 +++ configure 2009-10-25 18:49:09 +0100 @@@@ -49536,7 +49536,7 @@@@ @ 1.19 log @upgrading package: imagemagick 6.5.7.0 -> 6.5.7.2 @ text @d9 1 a9 1 +my $LIBS_magick = '-L../magick/.libs -lMagickCore -lMagickWand -lperl @@MATH_LIBS@@ @@LDFLAGS@@ -llcms -ltiff -lfreetype -ljasper -ljpeg -lpng -lbz2 -lxml2 -liconv -lz -lm'; @ 1.18 log @upgrading package: imagemagick 6.5.6.9 -> 6.5.6.10 @ text @d2 3 a4 3 --- PerlMagick/Makefile.PL.in.orig 2009-10-09 03:49:39 +0200 +++ PerlMagick/Makefile.PL.in 2009-10-10 19:56:09 +0200 @@@@ -140,7 +140,7 @@@@ d8 2 a9 2 -my $LIBS_magick = '-L../magick/.libs -lMagickCore -L../wand/.libs -lperl @@MATH_LIBS@@'; +my $LIBS_magick = '-L../magick/.libs -lMagickCore -L../wand/.libs -lMagickWand -lperl @@MATH_LIBS@@ @@LDFLAGS@@ -llcms -ltiff -lfreetype -ljasper -ljpeg -lpng -lbz2 -lxml2 -liconv -lz -lm'; d11 2 a12 2 if (($^O eq 'MSWin32') && ($Config{cc} =~ /gcc/)) { d14 3 a16 3 --- configure.orig 2009-10-10 05:02:45 +0200 +++ configure 2009-10-10 19:53:10 +0200 @@@@ -49565,7 +49565,7 @@@@ @ 1.17 log @upgrading package: imagemagick 6.5.6.7 -> 6.5.6.8 @ text @d2 3 a4 4 --- PerlMagick/Makefile.PL.in.orig 2009-10-03 21:09:01 +0200 +++ PerlMagick/Makefile.PL.in 2009-10-04 19:05:17 +0200 @@@@ -83,7 +83,7 @@@@ 'INSTALLBIN' => '@@BIN_DIR@@', d6 5 a10 3 # Library specification - 'LIBS' => [ '-L../magick/.libs -lMagickCore -L../wand/.libs -lperl @@MATH_LIBS@@' ], + 'LIBS' => [ '-L../magick/.libs -lMagickCore -L../wand/.libs -lMagickWand -lperl @@MATH_LIBS@@ @@LDFLAGS@@ -llcms -ltiff -lfreetype -ljasper -ljpeg -lpng -lbz2 -lxml2 -liconv -lz -lm' ], d12 1 a12 2 # Perl binary name (if a Perl binary is built) 'MAP_TARGET' => 'PerlMagick', d14 2 a15 2 --- configure.orig 2009-10-04 02:27:08 +0200 +++ configure 2009-10-04 19:00:27 +0200 @ 1.16 log @upgrading package: imagemagick 6.5.2.9 -> 6.5.2.10 @ text @d2 2 a3 2 --- PerlMagick/Makefile.PL.in.orig 2009-05-28 15:21:28 +0200 +++ PerlMagick/Makefile.PL.in 2009-05-29 19:13:57 +0200 d8 1 a8 1 - 'LIBS' => [ '-L../magick/.libs -lMagickCore -L../wand/.libs -lMagickWand -lperl @@MATH_LIBS@@' ], d14 3 a16 3 --- configure.orig 2009-05-28 20:44:36 +0200 +++ configure 2009-05-29 19:10:54 +0200 @@@@ -48278,7 +48278,7 @@@@ @ 1.15 log @upgrading package: imagemagick 6.5.0.10 -> 6.5.1.0 @ text @d2 3 a4 3 --- PerlMagick/Makefile.PL.in.orig 2009-03-31 02:29:56 +0200 +++ PerlMagick/Makefile.PL.in 2009-04-01 19:48:42 +0200 @@@@ -77,7 +77,7 @@@@ d8 2 a9 2 - 'LIBS' => [ '-L../magick/.libs -lMagickCore -L../wand/.libs -lMagickWand -lperl @@MATH_LIBS@@' ], + 'LIBS' => [ '-L../magick/.libs -lMagickCore -L../wand/.libs -lMagickWand -lperl @@MATH_LIBS@@ @@LDFLAGS@@ -llcms -ltiff -lfreetype -ljasper -ljpeg -lpng -lbz2 -lxml2 -liconv -lz -lm' ], d14 3 a16 3 --- configure.orig 2009-03-31 17:48:11 +0200 +++ configure 2009-04-01 19:46:57 +0200 @@@@ -48241,7 +48241,7 @@@@ @ 1.14 log @upgrading package: imagemagick 6.4.8.3 -> 6.4.8.4 @ text @d2 2 a3 2 --- PerlMagick/Makefile.PL.in.orig 2009-01-03 16:55:31 +0100 +++ PerlMagick/Makefile.PL.in 2009-01-10 20:46:53 +0100 d8 2 a9 2 - 'LIBS' => [ '-L@@MAGICKCORE_PATH@@ -L../magick/.libs -lMagickCore -L../wand/.libs -lMagickWand -lperl @@MATH_LIBS@@' ], + 'LIBS' => [ '-L@@MAGICKCORE_PATH@@ -L../magick/.libs -lMagickCore -L../wand/.libs -lMagickWand -lperl @@MATH_LIBS@@ @@LDFLAGS@@ -llcms -ltiff -lfreetype -ljasper -ljpeg -lpng -lbz2 -lxml2 -liconv -lz -lm' ], d14 3 a16 3 --- configure.orig 2009-01-10 06:02:50 +0100 +++ configure 2009-01-10 20:46:04 +0100 @@@@ -48143,7 +48143,7 @@@@ @ 1.13 log @upgrading package: imagemagick 6.4.2.9 -> 6.4.2.10 @ text @d2 2 a3 2 --- PerlMagick/Makefile.PL.in.orig 2008-08-17 03:01:11 +0200 +++ PerlMagick/Makefile.PL.in 2008-08-18 19:33:38 +0200 d8 2 a9 2 - 'LIBS' => [ '-L@@MAGICKCORE_PATH@@ -L../magick/.libs -lMagickCore -L../wand/.libs -lMagickWand' ], + 'LIBS' => [ '-L@@MAGICKCORE_PATH@@ -L../magick/.libs -lMagickCore -L../wand/.libs -lMagickWand @@LDFLAGS@@ -llcms -ltiff -lfreetype -ljasper -ljpeg -lpng -lbz2 -lxml2 -liconv -lz -lm' ], d14 3 a16 3 --- configure.orig 2008-08-17 20:29:52 +0200 +++ configure 2008-08-18 19:30:22 +0200 @@@@ -48156,7 +48156,7 @@@@ @ 1.12 log @fix building of Perl bindings @ text @d2 2 a3 2 --- PerlMagick/Makefile.PL.in.orig 2008-02-05 19:50:44 +0100 +++ PerlMagick/Makefile.PL.in 2008-04-03 16:08:07 +0200 d8 2 a9 2 - 'LIBS' => [ '-L@@MAGICKLIBDIR@@ -L../magick/.libs -lMagickCore -L../wand/.libs -lMagickWand' ], + 'LIBS' => [ '-L@@MAGICKLIBDIR@@ -L../magick/.libs -lMagickCore -L../wand/.libs -lMagickWand @@LDFLAGS@@ -llcms -ltiff -lfreetype -ljasper -ljpeg -lpng -lbz2 -lxml2 -liconv -lz -lm' ], d14 3 a16 3 --- configure.orig 2008-04-01 02:18:31 +0200 +++ configure 2008-04-03 16:05:00 +0200 @@@@ -46399,7 +46399,7 @@@@ @ 1.11 log @upgrading package: imagemagick 6.3.7.5 -> 6.3.7.6 @ text @d1 12 d14 3 a16 3 --- configure.orig 2007-12-13 09:34:07 +0100 +++ configure 2007-12-13 10:17:10 +0100 @@@@ -46724,7 +46724,7 @@@@ @ 1.10 log @upgrading package: imagemagick 6.3.7.2 -> 6.3.7.4 @ text @a0 12 Index: PerlMagick/Makefile.PL --- PerlMagick/Makefile.PL.orig 2007-12-13 01:43:53 +0100 +++ PerlMagick/Makefile.PL 2007-12-13 09:33:24 +0100 @@@@ -27,7 +27,7 @@@@ # Compute test specification my $delegate_tests='t/*.t'; my $delegate; -foreach $delegate (qw/bzlib fontconfig freetype gs gvc jpeg jp2 lcms openexr png tiff x11 xml zlib/) { +foreach $delegate (qw/bzlib fontconfig freetype gs gvc jpeg lcms openexr png tiff x11 xml zlib/) { if ( -d "t/$delegate" ) { if ($delegate =~ /x11/) { if ( defined $ENV{'DISPLAY'} ) { @ 1.9 log @upgrading package: imagemagick 6.3.6.10 -> 6.3.7.0 @ text @d2 2 a3 2 --- PerlMagick/Makefile.PL.orig 2007-11-16 19:14:27 +0100 +++ PerlMagick/Makefile.PL 2007-11-18 02:42:02 +0100 d8 2 a9 2 -foreach $delegate (qw/bzlib fontconfig freetype gs gvc jpeg jp2 lcms openexr png tiff wmf x11 xml zlib/) { +foreach $delegate (qw/bzlib fontconfig freetype gs gvc jpeg lcms openexr png tiff wmf x11 xml zlib/) { d13 12 @ 1.8 log @upgrading package: imagemagick 6.3.6.7 -> 6.3.6.8 @ text @d2 2 a3 2 --- PerlMagick/Makefile.PL.orig 2007-11-05 02:48:40 +0100 +++ PerlMagick/Makefile.PL 2007-11-05 17:39:12 +0100 d8 2 a9 2 -foreach $delegate (qw/bzlib fontconfig freetype gs gvc jpeg jp2 lcms openexr png tiff wmf x11 xml wmf zlib/) { +foreach $delegate (qw/bzlib fontconfig freetype gs gvc jpeg lcms openexr png tiff wmf x11 xml wmf zlib/) { @ 1.7 log @upgrading package: imagemagick 6.3.6.4 -> 6.3.6.5 @ text @d2 2 a3 2 --- PerlMagick/Makefile.PL.orig 2007-11-02 01:07:15 +0100 +++ PerlMagick/Makefile.PL 2007-11-02 09:13:39 +0100 d10 3 a12 3 if( -d "t/$delegate" ) { $delegate_tests .= " t/$delegate/*.t"; } @ 1.6 log @upgrading package: imagemagick 6.3.6.3 -> 6.3.6.4 @ text @d2 2 a3 2 --- PerlMagick/Makefile.PL.orig 2007-10-30 14:45:23 +0100 +++ PerlMagick/Makefile.PL 2007-10-31 08:33:06 +0100 d8 2 a9 2 -foreach $delegate (qw/bzlib fontconfig freetype gvc jpeg jp2 lcms openexr png rsvg tiff x11 xml zlib/) { +foreach $delegate (qw/bzlib fontconfig freetype gvc jpeg lcms openexr png rsvg tiff x11 xml zlib/) { @ 1.5 log @upgrading package: imagemagick 6.3.5.6 -> 6.3.5.7 @ text @d2 3 a4 3 --- PerlMagick/Makefile.PL.orig 2007-09-01 01:14:58 +0200 +++ PerlMagick/Makefile.PL 2007-09-01 10:34:23 +0200 @@@@ -18,7 +18,7 @@@@ d8 2 a9 2 -foreach $delegate (qw/bzlib fontconfig freetype gs gvc jpeg jp2 lcms openexr png tiff wmf x11 xml wmf zlib/) { +foreach $delegate (qw/bzlib fontconfig freetype gs gvc jpeg lcms openexr png tiff wmf x11 xml wmf zlib/) { @ 1.4 log @upgrading package: imagemagick 6.3.5.5 -> 6.3.5.6 @ text @d2 2 a3 2 --- PerlMagick/Makefile.PL.orig 2007-08-11 02:46:48 +0200 +++ PerlMagick/Makefile.PL 2007-08-11 17:02:19 +0200 d8 2 a9 2 -foreach $delegate (qw/bzlib fontconfig freetype gvc jpeg jp2 lcms openexr png rsvg tiff x11 xml zlib/) { +foreach $delegate (qw/bzlib fontconfig freetype gvc jpeg lcms openexr png rsvg tiff x11 xml zlib/) { @ 1.3 log @upgrading package: imagemagick 6.3.5.4 -> 6.3.5.5 @ text @d2 2 a3 2 --- PerlMagick/Makefile.PL.orig 2007-08-02 04:05:37 +0200 +++ PerlMagick/Makefile.PL 2007-08-02 16:56:24 +0200 d8 1 a8 1 -foreach $delegate (qw/bzlib fontconfig freetype gs gvc jpeg jp2 lcms openexr png tiff wmf x11 xml wmf zlib/) { a12 9 @@@@ -41,7 +41,7 @@@@ 'VERSION' => '6.3.5', # Preprocessor defines - 'DEFINE' => ' -D_LARGE_FILES=1 -DHAVE_CONFIG_H', # e.g., '-DHAVE_SOMETHING' + 'DEFINE' => ' -D_FILE_OFFSET_BITS=64 -D_LARGE_FILES=1 -DHAVE_CONFIG_H', # e.g., '-DHAVE_SOMETHING' # Header search specfication and preprocessor flags 'INC' => '-I../ -I.. -I/usr/include/freetype2 -I/usr/include/libxml2', @ 1.2 log @upgrading package: imagemagick 6.3.5.0 -> 6.3.5.1 @ text @d2 2 a3 2 --- PerlMagick/Makefile.PL 2007-06-17 20:18:49 +0200 +++ PerlMagick/Makefile.PL 2007-06-13 02:28:39 +0200 d14 1 a14 1 'VERSION' => '6.3.4', a21 9 @@@@ -62,7 +62,7 @@@@ 'INSTALLBIN' => '/usr/bin', # Library specification - 'LIBS' => [ '-L/usr/lib -L../magick/.libs -lMagick -L/usr/lib64 -lfreetype -llcms -ltiff -lfreetype -ljpeg -lfontconfig -lXext -lSM -lICE -lX11 -lXt -lbz2 -lz -lpthread -lm -lpthread' ], + 'LIBS' => [ '-L/usr/lib -L../magick/.libs -lMagick -lfreetype -llcms -ltiff -lfreetype -ljpeg -lfontconfig -lXext -lSM -lICE -lX11 -lXt -lbz2 -lz -lpthread -lm -lpthread' ], # Perl binary name (if a Perl binary is built) 'MAP_TARGET' => 'PerlMagick', @ 1.1 log @file imagemagick.patch was initially added on branch OPENPKG_1_2_SOLID. @ text @d1 30 @ 1.1.4.1 log @SA-2003.034-imagemagick; CAN-2003-0455 @ text @a0 48 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0455 The imagemagick libmagick library 5.5 and earlier creates temporary files insecurely, which allows local users to create or overwrite arbitrary files. this patch based on Daniel Kobras code to fix insecure temporary file creation which is mentioned in http://www.debian.org/security/2003/dsa-331 --- magick/utility.c.orig Sun Aug 18 17:42:45 2002 +++ magick/utility.c Thu Jul 10 15:19:27 2003 @@@@ -3181,7 +3181,37 @@@@ % file name is returned in this array. % */ + +/* Attention: this creates an additional + * intermediate directory for security reasons, + * but unfortunately it is never deleted. + */ +static void TemporaryFilenameHelper(char *); MagickExport void TemporaryFilename(char *filename) +{ + static char *mSafeTmpdir = NULL; + char *name; + + filename[0] = '\0'; + if (mSafeTmpdir == NULL) { + do { + TemporaryFilenameHelper(filename); + if (mkdir(filename, S_IRWXU) == 0) { + mSafeTmpdir = strdup(filename); + break; + } + } while (errno == EEXIST); + } + if (mSafeTmpdir == NULL) + return; + if ((name = tempnam(mSafeTmpdir, (char *)NULL)) == NULL) + return; + (void)strncpy(filename, name, MaxTextExtent-1); + free(name); + return; +} + +static void TemporaryFilenameHelper(char *filename) { assert(filename != (char *) NULL); (void) strcpy(filename,"magic"); @ 1.1.2.1 log @SA-2003.034-imagemagick; CAN-2003-0455 @ text @a0 50 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0455 The imagemagick libmagick library 5.5 and earlier creates temporary files insecurely, which allows local users to create or overwrite arbitrary files. this patch based on Daniel Kobras code to fix insecure temporary file creation which is mentioned in http://www.debian.org/security/2003/dsa-331 ported because added randomness just makes the race condition harder to achieve, but not impossible. --- magick/utility.c.orig Fri Dec 13 16:34:24 2002 +++ magick/utility.c Thu Jul 10 15:20:20 2003 @@@@ -3258,7 +3258,37 @@@@ % name is returned in this array. % */ + +/* Attention: this creates an additional + * intermediate directory for security reasons, + * but unfortunately it is never deleted. + */ +static void TemporaryFilenameHelper(char *); MagickExport void TemporaryFilename(char *path) +{ + static char *mSafeTmpdir = NULL; + char *name; + + path[0] = '\0'; + if (mSafeTmpdir == NULL) { + do { + TemporaryFilenameHelper(path); + if (mkdir(path, S_IRWXU) == 0) { + mSafeTmpdir = strdup(path); + break; + } + } while (errno == EEXIST); + } + if (mSafeTmpdir == NULL) + return; + if ((name = tempnam(mSafeTmpdir, (char *)NULL)) == NULL) + return; + (void)strncpy(path, name, MaxTextExtent-1); + free(name); + return; +} + +static void TemporaryFilenameHelper(char *path) { #define RandomKeyExtent 6 @