pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/sysutils/gentoo Undo the removal of patch-ae in the pr...
details: https://anonhg.NetBSD.org/pkgsrc/rev/ecfd909d915e
branches: trunk
changeset: 553596:ecfd909d915e
user: dholland <dholland%pkgsrc.org@localhost>
date: Mon Jan 26 04:54:50 2009 +0000
description:
Undo the removal of patch-ae in the previous commit, to avoid the
insecure-temporary-files problem patch-ae was supposed to fix.
Provide a new patch-ae that does something more like the right thing.
(The old one tried to open and write to a directory created with
mkdtemp(), so even if this code doesn't fully work it's still an
improvement.)
XXX: compile-tested only, don't have time to do it properly right now...
PKGREVISION++.
diffstat:
sysutils/gentoo/Makefile | 4 +-
sysutils/gentoo/distinfo | 3 +-
sysutils/gentoo/patches/patch-ae | 111 +++++++++++++++++++++++++++++++++++++++
3 files changed, 115 insertions(+), 3 deletions(-)
diffs (145 lines):
diff -r 7c56609accb0 -r ecfd909d915e sysutils/gentoo/Makefile
--- a/sysutils/gentoo/Makefile Mon Jan 26 04:03:39 2009 +0000
+++ b/sysutils/gentoo/Makefile Mon Jan 26 04:54:50 2009 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.31 2009/01/25 13:12:44 obache Exp $
+# $NetBSD: Makefile,v 1.32 2009/01/26 04:54:50 dholland Exp $
DISTNAME= gentoo-0.11.57
-PKGREVISION= 1
+PKGREVISION= 2
CATEGORIES= sysutils
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=gentoo/}
diff -r 7c56609accb0 -r ecfd909d915e sysutils/gentoo/distinfo
--- a/sysutils/gentoo/distinfo Mon Jan 26 04:03:39 2009 +0000
+++ b/sysutils/gentoo/distinfo Mon Jan 26 04:54:50 2009 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.24 2009/01/25 13:12:44 obache Exp $
+$NetBSD: distinfo,v 1.25 2009/01/26 04:54:50 dholland Exp $
SHA1 (gentoo-0.11.57.tar.gz) = ac5859b489a6b88161d5b0f2ddd06490ce9915eb
RMD160 (gentoo-0.11.57.tar.gz) = 675333aa740f297a0d41d5795689b8e4280d2bdf
@@ -7,6 +7,7 @@
SHA1 (patch-ab) = e84931dbc57434881f8071e389ebe8df061ee0b6
SHA1 (patch-ac) = 4e5d52849887b816eb4388fb2c75aefb3443f5c8
SHA1 (patch-ad) = 7e41b435aff7af5e57bfb82902a6bb88af37ad97
+SHA1 (patch-ae) = 92ddda6d990f7670e0b79cc642981948fdcce348
SHA1 (patch-af) = 2b80f24bd545177b0d089696e7b3ed7f0d72a3b0
SHA1 (patch-ag) = 3045a4eb72f8c50d147fe09256ec791359053418
SHA1 (patch-ah) = c14c80a7c821f69b98cb23156ec5b30ac40ed2ec
diff -r 7c56609accb0 -r ecfd909d915e sysutils/gentoo/patches/patch-ae
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/sysutils/gentoo/patches/patch-ae Mon Jan 26 04:54:50 2009 +0000
@@ -0,0 +1,111 @@
+$NetBSD: patch-ae,v 1.5 2009/01/26 04:54:50 dholland Exp $
+
+Fix insecure-temp-files. Replaces older nonworking patch with similar
+intent. XXX inadequately tested, lack of time.
+
+Upstream: not sent upstream; inadequately tested, lack of time.
+
+--- src/types.c.orig 2008-07-09 15:51:26.000000000 -0400
++++ src/types.c 2009-01-25 23:36:47.000000000 -0500
+@@ -27,6 +27,7 @@
+ #include <signal.h>
+ #include <sys/wait.h>
+ #include <unistd.h>
++#include <paths.h>
+
+ #include <stddef.h>
+
+@@ -345,14 +346,18 @@ static FType * match_file(GList *list, D
+ void typ_identify_end(MainInfo *min, const gchar *path)
+ {
+ const GList *here;
+- gchar buf[MAXNAMLEN + 2], *temp_name;
++ gchar buf[MAXNAMLEN + 2];
+ gint fd[2], len, status;
+ pid_t file_pid;
+ FType *type;
++ char tempnamebuf[64];
++ int tempfd;
+
+ if(file_list == NULL)
+ return;
+- if((temp_name = tmpnam(NULL)) == NULL)
++ strcpy(tempnamebuf, _PATH_TMP "gentoo.XXXXXX");
++ tempfd = mkstemp(tempnamebuf);
++ if (tempfd < 0)
+ return;
+ if(pipe(fd) != 0)
+ return;
+@@ -360,20 +365,16 @@ void typ_identify_end(MainInfo *min, con
+ file_pid = fork();
+ if(file_pid == 0)
+ {
+- guint bits = 0U;
+-
+- if(close(STDIN_FILENO) == 0)
+- {
+- if(dup(fd[STDIN_FILENO]) == STDIN_FILENO)
+- bits |= (close(fd[STDIN_FILENO]) == 0);
+- }
+- if(close(STDOUT_FILENO) == 0)
+- {
+- if(open(temp_name, O_CREAT | O_RDWR, S_IRWXU) == STDOUT_FILENO)
+- bits |= (close(fd[STDOUT_FILENO]) == 0) << 1;
+- }
+- if(bits == 3U && chdir(path) == 0)
+- execlp("file", "file", "-f", "-", NULL);
++ if (dup2(fd[0], STDIN_FILENO) < 0)
++ _exit(EXIT_FAILURE);
++ if (dup2(tempfd, STDOUT_FILENO) < 0)
++ _exit(EXIT_FAILURE);
++ close(fd[0]);
++ close(fd[1]);
++ close(tempfd);
++ if (chdir(path) < 0)
++ _exit(EXIT_FAILURE);
++ execlp("file", "file", "-f", "-", NULL);
+ _exit(EXIT_FAILURE);
+ }
+ else if(file_pid < 0)
+@@ -382,21 +381,21 @@ void typ_identify_end(MainInfo *min, con
+ return;
+ }
+ /* We don't need the input part of the pipe, so close it. */
+- close(fd[STDIN_FILENO]);
++ close(fd[0]);
+ /* Now, we have file listening on pipe, so write all filenames to it. */
+ for(here = file_list; here != NULL; here = g_list_next(here))
+ {
+ len = g_snprintf(buf, sizeof buf, "%s\n", DP_SEL_NAME(here));
+- write(fd[STDOUT_FILENO], buf, len);
++ write(fd[1], buf, len);
+ }
+- close(fd[STDOUT_FILENO]);
++ close(fd[1]);
+ waitpid(file_pid, &status, 0);
+
+ if(WIFEXITED(status))
+ {
+ FILE *in;
+
+- if((in = fopen(temp_name, "rt")) != NULL)
++ if((in = fdopen(tempfd, "rt")) != NULL)
+ {
+ const gchar *fout;
+ gchar line[MAXNAMLEN + 256];
+@@ -412,10 +411,14 @@ void typ_identify_end(MainInfo *min, con
+ }
+ fclose(in);
+ }
++ else
++ close(tempfd);
+ }
++ else
++ close(tempfd);
+ g_list_free(file_list);
+ file_list = NULL;
+- remove(temp_name);
++ remove(tempnamebuf);
+ }
+
+ /* ----------------------------------------------------------------------------------------- */
Home |
Main Index |
Thread Index |
Old Index