#! /bin/sh /usr/share/dpatch/dpatch-run
## CVE-2011-2722.dpatch by Didier Raboud <odyx@debian.org>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: Fix "Insecure tempfile handling" CVE-2011-2722 by backporting from
## DP: 3.11.10 the removal of the culprit code by upstream.
#
# Bug-Debian: http://bugs.debian.org/635549
# Author: Didier Raboud <odyx@debian.org

@DPATCH@
diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' hplip-3.10.6~/prnt/hpijs/hpcupsfax.cpp hplip-3.10.6/prnt/hpijs/hpcupsfax.cpp
--- hplip-3.10.6~/prnt/hpijs/hpcupsfax.cpp	2010-07-19 04:15:17.000000000 +0200
+++ hplip-3.10.6/prnt/hpijs/hpcupsfax.cpp	2011-11-25 13:13:29.000000000 +0100
@@ -582,7 +582,6 @@
     int     iSize, i;
     int     len;
     BYTE    *pTmp = NULL;
-    FILE    *fp = NULL;
 
     iSize = lseek (fromFD, 0, SEEK_END);
     lseek (fromFD, 0, SEEK_SET);
@@ -602,28 +601,12 @@
         }
     }
 
-    fp = NULL;
-    if (iLogLevel & SAVE_PCL_FILE)
-    {
-        fp = fopen ("/tmp/hpcupsfax.out", "w");
-        system ("chmod 666 /tmp/hpcupsfax.out");
-    }
-    
     while ((len = read (fromFD, pTmp, iSize)) > 0)
     {
         write (STDOUT_FILENO, pTmp, len);
-        if (iLogLevel & SAVE_PCL_FILE && fp)
-        {
-            fwrite (pTmp, 1, len, fp);
-        }
     }
     free (pTmp);
 
-    if (fp)
-    {
-        fclose (fp);
-    }
-
     return 0;
 }