add patch for bug #432144 to tl-core patchset

2 files changed, 27 insertions, 0 deletions

diff --git a/src/patchsets/texlive/2015/texlive-core/050_all_latex2man_predictable_tmp.patch b/src/patchsets/texlive/2015/texlive-core/050_all_latex2man_predictable_tmp.patch
new file mode 100644
index 0000000000..62bf08da2b
--- /dev/null
+++ b/src/patchsets/texlive/2015/texlive-core/050_all_latex2man_predictable_tmp.patch
@@ -0,0 +1,26 @@
+https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668779
+https://bugs.gentoo.org/show_bug.cgi?id=432144
+CVE-2012-2120 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2120)
+
+Index: texlive-20150521-source/texmf-dist/scripts/latex2man/latex2man
+===================================================================
+--- texlive-20150521-source.orig/texmf-dist/scripts/latex2man/latex2man
++++ texlive-20150521-source/texmf-dist/scripts/latex2man/latex2man
+@@ -29,8 +29,6 @@ sub date2str;
+ $VERSION = "1.24";
+ $DATE    = date2str ('$Date: 2016/12/05 14:20:01 $' =~ m|(\d+/\d+/\d+)|);
+ 
+-$tmp = "/tmp/$CMD.$$";
+-
+ ##################################################################
+ # check option and arguments
+ ##################################################################
+@@ -124,6 +122,8 @@ $SrcFile  = $ARGV[0];
+ $DestFile = $ARGV[1];
+ open (SRC,  "<$SrcFile")  || die "$CMD: Can't open file \`$SrcFile' for reading.\n";
+ if ($opt_H || $opt_T) {
++    $tmp = `mktemp` || die;
++    chomp $tmp;
+     # DestFile will be written in the postprocess
+     open (DEST, ">$tmp")      || die "$CMD: Can't open file \`$tmp' for writing.\n";
+ } else {
diff --git a/src/patchsets/texlive/2015/texlive-core/series b/src/patchsets/texlive/2015/texlive-core/series
index 39fc7b7013..b5acfefe79 100644
--- a/src/patchsets/texlive/2015/texlive-core/series
+++ b/src/patchsets/texlive/2015/texlive-core/series
@@ -2,3 +2,4 @@
 020_all_a2ping_invocation.patch
 030_all_updmap_normalize.patch
 040_all_remove_define_abs.patch
+050_all_latex2man_predictable_tmp.patch