pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/math/scilab Address tmp file vulnerability noted at
details: https://anonhg.NetBSD.org/pkgsrc/rev/9ca6e7c81029
branches: trunk
changeset: 550093:9ca6e7c81029
user: dmcmahill <dmcmahill%pkgsrc.org@localhost>
date: Sat Nov 15 01:19:08 2008 +0000
description:
Address tmp file vulnerability noted at
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4983
Bump pkgrev.
diffstat:
math/scilab/Makefile | 8 ++++-
math/scilab/distinfo | 5 ++-
math/scilab/patches/patch-ax | 66 ++++++++++++++++++++++++++++++++++++++++++++
math/scilab/patches/patch-ay | 65 +++++++++++++++++++++++++++++++++++++++++++
math/scilab/patches/patch-az | 54 ++++++++++++++++++++++++++++++++++++
5 files changed, 195 insertions(+), 3 deletions(-)
diffs (246 lines):
diff -r 787dca35124e -r 9ca6e7c81029 math/scilab/Makefile
--- a/math/scilab/Makefile Sat Nov 15 01:17:27 2008 +0000
+++ b/math/scilab/Makefile Sat Nov 15 01:19:08 2008 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.75 2008/06/23 20:54:44 markd Exp $
+# $NetBSD: Makefile,v 1.76 2008/11/15 01:19:08 dmcmahill Exp $
#
DISTNAME= ${SCIBASE}-src
-PKGREVISION= 2
+PKGREVISION= 3
PKGNAME= ${SCIBASE}
CATEGORIES= math
MASTER_SITES= http://www.scilab.org/download/4.1/
@@ -99,14 +99,18 @@
# delete some .orig files that got created by patching
# also fix the libtool link
post-install:
+ ${RM} -f ${PREFIX}/lib/${SCIBASE}/bin/scilink.orig
${RM} -f ${PREFIX}/lib/${SCIBASE}/config/Makeso.incl.in.orig
${RM} -f ${PREFIX}/lib/${SCIBASE}/macros/util/scipad.sci.orig
+ ${RM} -f ${PREFIX}/lib/${SCIBASE}/util/scidem.orig
+ ${RM} -f ${PREFIX}/lib/${SCIBASE}/util/scidoc.orig
${RM} -f ${PREFIX}/lib/${SCIBASE}/libtool
${LN} -s ${LOCALBASE}/bin/libtool ${PREFIX}/lib/${SCIBASE}/libtool
${RM} -f ${PREFIX}/lib/${SCIBASE}/bin/dold
${RM} -f ${PREFIX}/lib/${SCIBASE}/config/*.subst.sav
${RM} -f ${PREFIX}/lib/${SCIBASE}/config/config.guess
${RM} -f ${PREFIX}/lib/${SCIBASE}/config/config.sub
+
.for __tmp__ in scilab.g scilab.g.in scilab-gtk.g scilab-gtk.g.in
${RM} -f ${PREFIX}/lib/${SCIBASE}/scripts/${__tmp__}
.endfor
diff -r 787dca35124e -r 9ca6e7c81029 math/scilab/distinfo
--- a/math/scilab/distinfo Sat Nov 15 01:17:27 2008 +0000
+++ b/math/scilab/distinfo Sat Nov 15 01:19:08 2008 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.25 2007/04/10 15:53:16 joerg Exp $
+$NetBSD: distinfo,v 1.26 2008/11/15 01:19:08 dmcmahill Exp $
SHA1 (scilab-4.1-src.tar.gz) = 7a8381a9a69ce280ae718ee59f4c14001b61f4b7
RMD160 (scilab-4.1-src.tar.gz) = 6ed27ce7dcfb9231b5f3042cb7b830015d102df7
@@ -23,3 +23,6 @@
SHA1 (patch-au) = 029d77b4358dbf87e9761f85840f93191294a894
SHA1 (patch-av) = da0565e94302d79a494fb099b5b5d7c251937c94
SHA1 (patch-aw) = 2ac72cf020562baa454c59182aae3dd1d25167df
+SHA1 (patch-ax) = b7e080f0037cc4532100fdf679844724f59d6ba6
+SHA1 (patch-ay) = e521844001d6ed4d560918fac6d026799f2c02a5
+SHA1 (patch-az) = 3b23b82750469e12ea3ee522dfb889c8935df993
diff -r 787dca35124e -r 9ca6e7c81029 math/scilab/patches/patch-ax
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/math/scilab/patches/patch-ax Sat Nov 15 01:19:08 2008 +0000
@@ -0,0 +1,66 @@
+$NetBSD: patch-ax,v 1.6 2008/11/15 01:19:08 dmcmahill Exp $
+
+Address tmp file vulnerability at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4983
+
+--- bin/scilink.orig 2001-04-26 07:43:33.000000000 +0000
++++ bin/scilink
+@@ -15,30 +15,45 @@ export SCI
+ shift
+ LOCALPOS=`pwd`
+ cd $SCI
+-make show | grep -v make > /tmp/SciLink$$1
+-sed -e "s+routines/default+\$SD+g" -e "s+libs+\$SL+g" -e "s+./pvm3+\$SPVM+g" /tmp/SciLink$$1 > /tmp/SciLink$$2
++
++tmpd=/tmp/SciLink$$
++mkdir -m 0700 $tmpd
++rc=$?
++if test $rc -ne 0 ; then
++ cat << EOF
++
++ERROR: $0 failed to create the directory
++ $tmpd
++ securily. It either already exists or you do not have sufficient permissions
++
++EOF
++ exit 1
++fi
++
++make show | grep -v make > ${tmpd}/SciLink1
++sed -e "s+routines/default+\$SD+g" -e "s+libs+\$SL+g" -e "s+./pvm3+\$SPVM+g" ${tmpd}/SciLink1 > ${tmpd}/SciLink2
+ for i in $*
+ do
+ x=`basename $i`
+- sed "s+\$SD/$x++g" /tmp/SciLink$$2 > /tmp/SciLink$$3
+- rm -f /tmp/SciLink$$2
+- mv /tmp/SciLink$$3 /tmp/SciLink$$2
++ sed "s+\$SD/$x++g" ${tmpd}/SciLink2 > ${tmpd}/SciLink3
++ rm -f ${tmpd}/SciLink2
++ mv ${tmpd}/SciLink3 ${tmpd}/SciLink2
+ done
+-echo "#!/bin/sh" > /tmp/SciLink$$3
+-echo SCI=$SCI >> /tmp/SciLink$$3
+-echo "SD=\$SCI/routines/default" >> /tmp/SciLink$$3
+-echo "SPVM=\$SCI/pvm3" >> /tmp/SciLink$$3
+-echo "SL=\$SCI/libs" >> /tmp/SciLink$$3
+-echo "LOCAL=\"$*\"" >> /tmp/SciLink$$3
+-sed -e "s+\$SL+ \$LOCAL \$SL+" -e "s+show+scilex+g" /tmp/SciLink$$2 >> /tmp/SciLink$$3
++echo "#!/bin/sh" > ${tmpd}/SciLink3
++echo SCI=$SCI >> ${tmpd}/SciLink3
++echo "SD=\$SCI/routines/default" >> ${tmpd}/SciLink3
++echo "SPVM=\$SCI/pvm3" >> ${tmpd}/SciLink3
++echo "SL=\$SCI/libs" >> ${tmpd}/SciLink3
++echo "LOCAL=\"$*\"" >> ${tmpd}/SciLink3
++sed -e "s+\$SL+ \$LOCAL \$SL+" -e "s+show+scilex+g" ${tmpd}/SciLink2 >> ${tmpd}/SciLink3
+ cd $LOCALPOS
+-mv /tmp/SciLink$$3 Script
++mv ${tmpd}/SciLink3 Script
+ chmod +x Script
+ echo "Linking a new Scilab with " $*
+ ./Script
+ echo "I've created : scilex and scilab which uses that scilex"
+ sed -e "s+\$SCI/bin/scilex+`pwd`/scilex+g" $SCI/bin/scilab > scilab
+ chmod +x scilab
+-#rm -f /tmp/SciLink*
++rm -fr ${tmpd}
+
+
diff -r 787dca35124e -r 9ca6e7c81029 math/scilab/patches/patch-ay
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/math/scilab/patches/patch-ay Sat Nov 15 01:19:08 2008 +0000
@@ -0,0 +1,65 @@
+$NetBSD: patch-ay,v 1.7 2008/11/15 01:19:08 dmcmahill Exp $
+
+Address tmp file vulnerability at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4983
+
+--- util/scidem.orig 2002-09-02 11:14:52.000000000 +0000
++++ util/scidem
+@@ -5,34 +5,49 @@
+ # Copyright INRIA
+ echo ------------------- File $2--------------------
+ SCI1=$1
++tmpd=/tmp/scidem.$$
++mkdir -m 0700 $tmpd
++rc=$?
++if test $rc -ne 0 ; then
++ cat << EOF
++
++ERROR: $0 failed to create the directory
++ $tmpd
++ securily. It either already exists or you do not have sufficient permissions
++
++EOF
++ exit 1
++fi
++
+ if [ -f $3 ]; then rm $3;fi;
+-trap "rm -f /tmp/$2.$$ /tmp/$2.$$.res /tmp/$2.$$.err /tmp/$2.$$.diff\
++trap "rm -f ${tmpd}/$2.$$ ${tmpd}/$2.$$.res ${tmpd}/$2.$$.err ${tmpd}/$2.$$.diff\
+ ;exit 1" 1 2 13 15
+ echo "clear;lines(0);deff('[]=bugmes()','write(%io(2),''error on test'')');\
+- diary('$3');driver('Pos');" >> /tmp/$2.$$ ;
++ diary('$3');driver('Pos');" >> ${tmpd}/$2.$$ ;
+ sed -e "s/pause,end/bugmes();quit;end/" \
+ -e "s/halt()//" \
+- $2 >> /tmp/$2.$$ ;
+-echo "diary(0);xend();exit;" >> /tmp/$2.$$ ;
+-($SCI1/bin/scilab -nwni < /tmp/$2.$$ > /tmp/$2.$$.res ) 2> /tmp/$2.$$.err ;
++ $2 >> ${tmpd}/$2.$$ ;
++echo "diary(0);xend();exit;" >> ${tmpd}/$2.$$ ;
++($SCI1/bin/scilab -nwni < ${tmpd}/$2.$$ > ${tmpd}/$2.$$.res ) 2> ${tmpd}/$2.$$.err ;
+ sed -e "s/ \./0\./g" -e "s/E+/D+/g" -e "s/E-/D-/g" -e "s/-\./-0\./g" -e "s/^-->//g" -e "s/^-1->//g" $3 > $3.n
+ grep -v "xinit(" $3.n | grep -v "diary(" | grep -v "exec(" > $3
+ rm -f $3.n
+-if ( grep " error" /tmp/$2.$$.res > /dev/null ) ; then
++if ( grep " error" ${tmpd}/$2.$$.res > /dev/null ) ; then
+ if [ $# != 4 ]; then
+ echo "Test failed ERROR DETECTED while executing $2" ;
+- else if (grep "$4" /tmp/$2.$$.res > /dev/null ) ;
++ else if (grep "$4" ${tmpd}/$2.$$.res > /dev/null ) ;
+ then echo Test skipped ;
+ else echo "Test failed ERROR DETECTED while executing $2" ;
+ fi;
+ fi;
+ else if [ -f $3.ref ];then
+- if ( diff -w $3 $3.ref > /tmp/$2.$$.diff ) ;
++ if ( diff -w $3 $3.ref > ${tmpd}/$2.$$.diff ) ;
+ then echo Test passed ;
+ else echo Test Failed SEE : diff -w $3 $3.ref ;
+ fi;
+ fi;
+ fi;
+ echo ----------------------------------------------------------
+-#rm -f /tmp/$2.$$ /tmp/$2.$$.res /tmp/$2.$$.err /tmp/$2.$$.diff
++#rm -f ${tmpd}/$2.$$ ${tmpd}/$2.$$.res ${tmpd}/$2.$$.err ${tmpd}/$2.$$.diff
++rm -fr ${tmpd}
+ exit 0
diff -r 787dca35124e -r 9ca6e7c81029 math/scilab/patches/patch-az
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/math/scilab/patches/patch-az Sat Nov 15 01:19:08 2008 +0000
@@ -0,0 +1,54 @@
+$NetBSD: patch-az,v 1.4 2008/11/15 01:19:08 dmcmahill Exp $
+
+Address tmp file vulnerability at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4983
+
+--- util/scidoc.orig 2006-01-04 14:40:34.000000000 +0000
++++ util/scidoc
+@@ -6,25 +6,40 @@
+ echo ------------------- File $2--------------------
+ SCI=$1
+ export SCI
++tmpd=/tmp/scidem.$$
++mkdir -m 0700 $tmpd
++rc=$?
++if test $rc -ne 0 ; then
++ cat << EOF
++
++ERROR: $0 failed to create the directory
++ $tmpd
++ securily. It either already exists or you do not have sufficient permissions
++
++EOF
++ exit 1
++fi
++
++
+ if [ -f $3 ]; then rm $3;fi;
+-trap "rm -f /tmp/$2.$$ /tmp/$2.$$.res /tmp/$2.$$.err /tmp/$2.$$.diff\
++trap "rm -f ${tmpd}$2.$$ ${tmpd}$2.$$.res ${tmpd}$2.$$.err ${tmpd}$2.$$.diff\
+ ;exit 1" 1 2 13 15
+ echo "clear;lines(0);deff('[]=bugmes()','write(%io(2),''error on test'')');\
+- diary('$3');driver('Pos');" >> /tmp/$2.$$ ;
++ diary('$3');driver('Pos');" >> ${tmpd}$2.$$ ;
+ sed -e "s/pause,end/bugmes();quit;end/" \
+ -e "s/halt()//" \
+- $2 >> /tmp/$2.$$ ;
+-echo "diary(0);xend();quit;quit;quit;quit;quit;quit;" >> /tmp/$2.$$ ;
+-($SCI/bin/scilex -nw < /tmp/$2.$$ > /tmp/$2.$$.res ) 2> /tmp/$2.$$.err ;
++ $2 >> ${tmpd}$2.$$ ;
++echo "diary(0);xend();quit;quit;quit;quit;quit;quit;" >> ${tmpd}$2.$$ ;
++($SCI/bin/scilex -nw < ${tmpd}$2.$$ > ${tmpd}$2.$$.res ) 2> ${tmpd}$2.$$.err ;
+ sed -e "s/ \.[0-9]/0&/g" -e "s/0 \./0./g" -e "s/E+/D+/g" -e "s/E-/D-/g" -e "s/-\./-0\./g" $3 > $3.n
+ grep -v "xinit(" $3.n | grep -v "diary(" | grep -v "exec(" > $3
+ rm -f $3.n
+-if ( grep error /tmp/$2.$$.res > /dev/null ) ; then
++if ( grep error ${tmpd}$2.$$.res > /dev/null ) ; then
+ if [ $# != 4 ]; then
+ echo "ERROR DETECTED while executing $2" ;
+ fi;
+ fi;
+ echo ----------------------------------------------------------
+-rm -f /tmp/$2.$$ /tmp/$2.$$.res /tmp/$2.$$.err /tmp/$2.$$.diff
++rm -fr ${tmpd}
+ exit 0
+
Home |
Main Index |
Thread Index |
Old Index