Description: Fix CVE-2011-4328.
Origin: http://git.sv.gnu.org/cgit/gnash.git/patch/?id=8fc19a890ee787d26200dc1b8b5546e3bb15ac7b
Author: Gabriele Giacone <1o5g4r8o@gmail.com>
Bug-Debian: http://bugs.debian.org/649384

--- a/macros/boost.m4
+++ b/macros/boost.m4
@@ -33,10 +33,10 @@ AC_DEFUN([GNASH_PATH_BOOST],
   libname=""
   dnl this is a list of *required* headers. If any of these are missing, this
   dnl test will return a failure, and Gnash won't build.
-  boost_headers="detail/lightweight_mutex.hpp thread/thread.hpp multi_index_container.hpp multi_index/key_extractors.hpp thread/mutex.hpp"
+  boost_headers="detail/lightweight_mutex.hpp thread/thread.hpp multi_index_container.hpp multi_index/key_extractors.hpp thread/mutex.hpp program_options/options_description.hpp boost/iostreams/stream.hpp"
   dnl this is a list of *required* libraries. If any of these are missing, this
   dnl test will return a failure, and Gnash won't build.
-  boost_libs="thread date_time"
+  boost_libs="thread date_time iostreams"
 
   dnl this is a list of *recommended* libraries. If any of these are missing, this
   dnl test will return a warning, and Gnash will build, but testing won't work.
--- a/plugin/npapi/Makefile.am
+++ b/plugin/npapi/Makefile.am
@@ -70,6 +70,7 @@ libgnashplugin_la_SOURCES  = plugin.cpp \
 
 libgnashplugin_la_LIBADD   = \
 	$(GLIB_LIBS) \
+	-lboost_iostreams \
 	$(NULL)
 
 # Scriptable plugin support
--- a/plugin/npapi/plugin.cpp
+++ b/plugin/npapi/plugin.cpp
@@ -76,6 +76,8 @@
 #include <boost/tokenizer.hpp>
 #include <boost/algorithm/string/join.hpp>
 #include <boost/format.hpp>
+#include <boost/iostreams/device/file_descriptor.hpp>
+#include <boost/iostreams/stream.hpp>
 #include <sys/param.h>
 #include <csignal>
 #include <cstdio>
@@ -132,6 +134,17 @@ getPluginDescription()
     return desc;
 }
 
+boost::iostreams::file_descriptor_sink getfdsink(char mkstemplate[]);
+
+boost::iostreams::file_descriptor_sink
+getfdsink(char mksTemplate[])
+{
+  int suffix = std::string(mksTemplate).size() - std::string(mksTemplate).find("XXXXXX") - 6;
+  int fd = mkstemps (mksTemplate, suffix);
+  boost::iostreams::file_descriptor_sink fdsink(fd, true);
+  return fdsink;
+}
+
 //
 // general initialization and shutdown
 //
@@ -919,20 +932,23 @@ create_standalone_launcher(const std::string& page_url, const std::string& swf_u
         return;
     }
 
-    std::ofstream saLauncher;
-
-    std::stringstream ss;
-    static int debugno = 0;
-    debugno = (debugno + 1) % 10;
-    ss << "/tmp/gnash-debug-" << debugno << ".sh";
-    saLauncher.open(ss.str().c_str(), std::ios::out | std::ios::trunc);
+    char debugname[] = "/tmp/gnash-debug-XXXXXX.sh";
+    boost::iostreams::file_descriptor_sink fdsink = getfdsink(debugname);
+    if (fdsink.handle() == -1) {
+        gnash::log_error("Failed to create sink: %s", debugname);
+        return;
+    }
+    boost::iostreams::stream<boost::iostreams::file_descriptor_sink>
+        saLauncher (fdsink);
 
     if (!saLauncher) {
-        gnash::log_error("Failed to open new file for standalone launcher: " + ss.str());
+        gnash::log_error("Failed to open new file for standalone launcher: %s", debugname);
         return;
     }
 
     saLauncher << "#!/bin/sh" << std::endl
+               << "export GNASH_COOKIES_IN="
+               << std::getenv("GNASH_COOKIES_IN") << std::endl
                << getGnashExecutable() << " ";
 
     if (!page_url.empty()) {
@@ -951,6 +967,7 @@ create_standalone_launcher(const std::string& page_url, const std::string& swf_u
                << std::endl;
 
     saLauncher.close();
+    fdsink.close();
 #endif
 }
 
@@ -996,15 +1013,20 @@ nsPluginInstance::getCmdLine(int hostfd, int controlfd)
         std::string ncookie (cookie, length);
         if (cookie) {
             gnash::log_debug("The Cookie for %s is %s", url, ncookie);
-            std::ofstream cookiefile;
-            std::stringstream ss;
-            ss << "/tmp/gnash-cookies." << getpid(); 
             
-            cookiefile.open(ss.str().c_str(), std::ios::out | std::ios::trunc);
+            char cookiename[] = "/tmp/gnash-cookies.XXXXXX";
+            boost::iostreams::file_descriptor_sink fdsink = getfdsink(cookiename);
+            if (fdsink.handle() == -1) {
+                gnash::log_error("Failed to create sink: %s", cookiename);
+                return arg_vec;
+            }
+            boost::iostreams::stream<boost::iostreams::file_descriptor_sink>
+            cookiefile (fdsink);
             cookiefile << "Set-Cookie: " << ncookie << std::endl;
             cookiefile.close();
+            fdsink.close();
             
-            if (setenv("GNASH_COOKIES_IN", ss.str().c_str(), 1) < 0) {
+            if (setenv("GNASH_COOKIES_IN", cookiename, 1) < 0) {
                 gnash::log_error(
                     "Couldn't set environment variable GNASH_COOKIES_IN to %s",
                     ncookie);
