Use mktemp when creating debug log file in foomatic-rip (CVE-2011-2924, bug #726426).

foomatic-filters-CVE-2011-2924.patch

@@ -0,0 +1,12 @@
+diff -up foomatic-filters-4.0.8/renderer.c.CVE-2011-2924 foomatic-filters-4.0.8/renderer.c
+--- foomatic-filters-4.0.8/renderer.c.CVE-2011-2924	2011-07-25 10:50:57.000000000 +0100
++++ foomatic-filters-4.0.8/renderer.c	2011-08-18 12:12:36.758458765 +0100
+@@ -434,7 +434,7 @@ int exec_kid3(FILE *in, FILE *out, void 
+         }
+ 
+         /* Save the data supposed to be fed into the renderer also into a file*/
+-        dstrprepend(commandline, "tee -a " LOG_FILE ".ps | ( ");
++        dstrprepend(commandline, "tee $(mktemp " LOG_FILE "-XXXXXX.ps) | ( ");
+         dstrcat(commandline, ")");
+     }
+ 

foomatic.spec

@@ -4,7 +4,7 @@
 Summary: Tools for using the foomatic database of printers and printer drivers
 Name:       foomatic
 Version:    %{enginever}
-Release:    1%{?dist}
+Release:    2%{?dist}
 License:    GPLv2+
 Group: System Environment/Libraries
 
@@ -15,6 +15,7 @@ Source0: http://www.openprinting.org/download/foomatic/foomatic-db-engine-%{engi
 Source1: http://www.openprinting.org/download/foomatic/foomatic-filters-%{filtersver}.tar.gz
 
 ## PATCHES FOR FOOMATIC-FILTERS (PATCHES 1 TO 100)
+Patch1: foomatic-filters-CVE-2011-2924.patch
 
 ## PATCHES FOR FOOMATIC-DB-ENGINE (PATCHES 101 TO 200)
 
@@ -73,6 +74,10 @@ CUPS print filters for the foomatic package.
 %setup -q -c -a 1
 
 pushd foomatic-filters-%{filtersver}
+# Use mktemp when creating debug log file in foomatic-rip
+# (CVE-2011-2924, bug #726426).
+%patch1 -p1 -b .CVE-2011-2924
+
 aclocal
 automake --add-missing
 autoconf
@@ -179,6 +184,10 @@ rm -fr %buildroot $RPM_BUILD_DIR/%{name}
 %{_mandir}/man1/foomatic-rip.1*
 
 %changelog
+* Tue Aug 18 2011 Tim Waugh <twaugh@redhat.com> - 4.0.8-2
+- Use mktemp when creating debug log file in foomatic-rip
+  (CVE-2011-2924, bug #726426).
+
 * Mon Jul 25 2011 Jiri Popelka <jpopelka@redhat.com> - 4.0.8-1
 - 4.0.8 (all patches merged upstream)