diff --git a/print/a2ps/Makefile b/print/a2ps/Makefile
index 0f87796cda36..e11279b47ce5 100644
--- a/print/a2ps/Makefile
+++ b/print/a2ps/Makefile
@@ -1,87 +1,92 @@
 # Created by: Chuck Robey <chuckr@FreeBSD.org>
 
 PORTNAME=	a2ps
 PORTVERSION=	4.13b
-PORTREVISION=	15
+PORTREVISION=	16
 CATEGORIES=	print
 MASTER_SITES=	GNU LOCAL/hrs/a2ps/:i18n
 
 MAINTAINER=	dinoex@FreeBSD.org
 COMMENT=	Formats an ASCII file for printing on a postscript printer
 
 LICENSE=	GPLv2
 
 LIB_DEPENDS=	libpaper.so:print/libpaper
 
 PORTSCOUT=	skipv:4.14
 
 USES=		perl5 cpe
 USE_CSTD=	gnu89
 GNU_CONFIGURE=	yes
 USE_LDCONFIG=	yes
 INFO=		a2ps ogonkify regex
 WRKSRC=		${WRKDIR}/${PORTNAME}-4.13
 I18N_PACKAGE=	i18n-fonts-0.1
 CPE_VENDOR=	gnu
+# CVE-2015-8107 fixed in files/patch-output.c
+# CVE-2014-0466 fixed in files/patch-fixps.in
+# CVE-2004-1377 fixed in files/patch-fixps.in files/patch-contrib-tmpdircreation
+# CVE-2004-1170 fixed in files/patch-select.c
+# CVE-2001-1593 fixed in files/patch-routines.[hc]
 
 CONFIGURE_ARGS=	--with-medium=libpaper --sharedstatedir=${PREFIX}/share \
 	--sysconfdir=${PREFIX}/etc --datadir=${PREFIX}/share \
 	--localstatedir=${PREFIX}/share
 LIBS+=		-L${LOCALBASE}/lib
 
 PAPERSIZE?=
 .if ${PAPERSIZE:tl} == a4
 RUN_DEPENDS+=	${LOCALBASE}/etc/papersize:print/papersize-default-a4
 .endif
 
 OPTIONS_DEFINE=NLS I18N EMACS
 NO_OPTIONS_SORT=yes
 OPTIONS_SUB=	yes
 EMACS_DESC=Enable Emacs support
 I18N_DESC=Enable I18N support
 
 NLS_USES=		gettext
 NLS_CONFIGURE_ENABLE=	nls
 EMACS_USES=		emacs:build
 EMACS_CONFIGURE_ON=	--with-lispdir=${LOCALBASE}/${EMACS_SITE_LISPDIR}
 
 .include <bsd.port.options.mk>
 
 .if ! ${PORT_OPTIONS:MEMACS}
 CONFIGURE_ENV+=	EMACS=no
 .endif
 
 .if ${OPSYS} == FreeBSD && ${OSVERSION} > 1300512
 CFLAGS+=	-DHAVE_MEMPCPY
 .endif
 
 post-patch:
 	${REINPLACE_CMD} -e 's|^DESTDIR|#DESTDIR|' \
 		`${FIND} ${WRKSRC} -name "Makefile.in"`
 
 .if ${PORT_OPTIONS:MI18N}
 #DISTFILES+=	${I18N_PACKAGE}${EXTRACT_SUFX}:i18n
 DISTFILES=	${DISTNAME}${EXTRACT_SUFX} ${I18N_PACKAGE}${EXTRACT_SUFX}:i18n
 
 pre-configure:
 	cd ${WRKDIR}/${I18N_PACKAGE}/afm && \
 		${ECHO_CMD} *.afm > afms.lst && \
 		${MV} *.afm ${WRKSRC}/afm
 	cd ${WRKDIR}/${I18N_PACKAGE}/fonts && \
 		${MV} *.pfb ${WRKSRC}/fonts
 
 post-configure:
 	@cd ${WRKSRC}/fonts && { ${ECHO_CMD} ''; \
 	${ECHO_CMD} "pfb_fonts =" *.pfb; } >> Makefile && \
 	${REINPLACE_CMD} 's,^\(fonts_DATA = .*\),\1 $$(pfb_fonts),' Makefile
 	@cd ${WRKSRC}/afm && { ${ECHO_CMD} ''; \
 	${ECHO_CMD} "i18n_afms =" `cat ${WRKDIR}/${I18N_PACKAGE}/afm/afms.lst`; } >> Makefile && \
 	${REINPLACE_CMD} 's,^\(all_afms = .*\),\1 $$(i18n_afms),' Makefile
 .endif
 
 post-install:
 	cd ${WRKSRC}/doc && \
 		${SETENV} ${MAKE_ENV} ${MAKE} ${.MAKEFLAGS} ${MAKE_ARGS} ${INSTALL_TARGET}
 	${RM} ${STAGEDIR}${PREFIX}/lib/liba2ps.la
 
 .include <bsd.port.mk>
diff --git a/print/a2ps/files/patch-routines.c b/print/a2ps/files/patch-routines.c
new file mode 100644
index 000000000000..c59557984912
--- /dev/null
+++ b/print/a2ps/files/patch-routines.c
@@ -0,0 +1,53 @@
+--- lib/routines.c.orig	1999-10-16 04:46:37 UTC
++++ lib/routines.c
+@@ -242,3 +242,50 @@ unlink2 (PARAM_UNUSED void * dummy, const char * filen
+   /* Don't complain if you can't unlink.  Who cares of a tmp file? */
+   unlink (filename);
+ }
++
++/*
++ * Securely generate a temp file, and make sure it gets
++ * deleted upon exit.
++ */
++static char **	tempfiles;
++static unsigned	ntempfiles;
++
++static void
++cleanup_tempfiles()
++{
++	while (ntempfiles--)
++		unlink(tempfiles[ntempfiles]);
++}
++
++char *
++safe_tempnam(const char *pfx)
++{
++	char	*dirname, *filename;
++	int	fd;
++
++	if (!(dirname = getenv("TMPDIR")))
++		dirname = "/tmp";
++
++	tempfiles = (char **) realloc(tempfiles,
++			(ntempfiles+1) * sizeof(char *));
++	if (tempfiles == NULL)
++		return NULL;
++
++	filename = malloc(strlen(dirname) + strlen(pfx) + sizeof("/XXXXXX"));
++	if (!filename)
++		return NULL;
++
++	sprintf(filename, "%s/%sXXXXXX", dirname, pfx);
++
++	if ((fd = mkstemp(filename)) < 0) {
++		free(filename);
++		return NULL;
++	}
++	close(fd);
++
++	if (ntempfiles == 0)
++		atexit(cleanup_tempfiles);
++	tempfiles[ntempfiles++] = filename;
++
++	return filename;
++}
diff --git a/print/a2ps/files/patch-routines.h b/print/a2ps/files/patch-routines.h
new file mode 100644
index 000000000000..68a01d5e2325
--- /dev/null
+++ b/print/a2ps/files/patch-routines.h
@@ -0,0 +1,12 @@
+--- lib/routines.h.orig	1999-10-18 20:24:41 UTC
++++ lib/routines.h
+@@ -255,7 +255,8 @@ FILE * xwpopen PARAMS ((const char * command));
+ /* If _STR_ is not defined, give it a tempname in _TMPDIR_ */
+ #define tempname_ensure(Str)				\
+ do {							\
+-  (Str) = (Str) ? (Str) : tempnam (NULL, "a2_");	\
++  (Str) = (Str) ? (Str) : safe_tempnam("a2_");	\
+ } while (0)
++char * safe_tempnam(const char *);
+ 
+ #endif