ports/162577: lang/caml-light security update

Michael Grünewald michael.grunewald at laposte.net
Tue Nov 15 08:30:09 UTC 2011 

>Number:         162577
>Category:       ports
>Synopsis:       lang/caml-light security update
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Tue Nov 15 08:30:08 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator:     Michael Grunewald
>Release:        FreeBSD 8.2-STABLE amd64
>Organization:
>Environment:
System: FreeBSD llea.celt.neu 8.2-STABLE FreeBSD 8.2-STABLE #7: Tue Oct 
18 08:39:23 CEST 2011 
root at llea.celt.neu:/public/FreeBSD/obj/public/FreeBSD/src/sys/LLEA amd64


	
>Description:
	Parsers generated by the YACC tool in caml-light use insecure
	temporary files.  The build process also uses temporary files
	in a permissive way.  The attached patch is believed to fix
	these two issues.
	This PR and the attached patch are base on:
	  http://gnats.netbsd.org/45558

	I wish to warmly thank Eitan Adler who sent me
	this u seful reference.
>How-To-Repeat:
	
>Fix:

	

--- caml-light.patch begins here ---
diff --git a/Makefile b/Makefile
index 6be7802..4c19a62 100644
--- a/Makefile
+++ b/Makefile
@@ -7,7 +7,7 @@
   PORTNAME=	caml
  PORTVERSION=	0.75
-PORTREVISION=	3
+PORTREVISION=	4
  CATEGORIES=	lang elisp
  MASTER_SITES=	http://caml.inria.fr/pub/distrib/caml-light-0.75/ \
  	 
ftp://arcadia.informatik.uni-muenchen.de/pub/comp/programming/languages/functional/caml-light/
diff --git a/files/patch-src_launch_Makefile 
b/files/patch-src_launch_Makefile
index 38b39aa..afba4c5 100644
--- a/files/patch-src_launch_Makefile
+++ b/files/patch-src_launch_Makefile
@@ -1,13 +1,19 @@
---- src/launch/Makefile.orig	Wed Feb 22 15:03:26 1995
-+++ src/launch/Makefile	Sun Aug  6 11:58:56 2006
-@@ -17,16 +17,17 @@
- 	chmod a+x /tmp/testscr
- 	sh -c 'if sh -c /tmp/testscr 2>/dev/null; \
-                then echo "#!$(BINDIR)/camlrun" > $(LIBDIR)/header; \
+--- src/launch/Makefile.orig	1995-02-22 10:33:26.000000000 +0100
++++ src/launch/Makefile	2011-11-12 10:26:48.000000000 +0100
+@@ -11,22 +11,15 @@
+ # have write permission in the current directory if NFS-mounted...
+ + install:
+-	(echo "#!$(BINDIR)/camlrun"; \
+-	 echo "exit 2"; \
+-	 cat testprog) > /tmp/testscr
+-	chmod a+x /tmp/testscr
+-	sh -c 'if sh -c /tmp/testscr 2>/dev/null; \
+-               then echo "#!$(BINDIR)/camlrun" > $(LIBDIR)/header; \
  -               else cp camlexec $(LIBDIR)/header; \
-+               else ${BSD_INSTALL_SCRIPT} camlexec $(LIBDIR)/header; \
-                fi'
- 	rm -f /tmp/testscr
+-               fi'
+-	rm -f /tmp/testscr
++	echo "#!$(BINDIR)/camlrun" > $(LIBDIR)/header
   	for script in camlc camllight camlmktop; do \
  -	  cp $$script $(BINDIR)/$$script; \
  +	  ${BSD_INSTALL_SCRIPT} $$script $(BINDIR)/$$script; \
diff --git a/files/patch-src_yacc_main.c b/files/patch-src_yacc_main.c
new file mode 100644
index 0000000..78292de
--- /dev/null
+++ b/files/patch-src_yacc_main.c
@@ -0,0 +1,81 @@
+--- src/yacc/main.c.orig	1995-06-07 15:34:32.000000000 +0200
++++ src/yacc/main.c	2011-11-12 10:09:52.000000000 +0100
+@@ -1,4 +1,5 @@
+ #include <signal.h>
++#include <stdlib.h> /* for mkstemp(), getenv() */
+ #include "defs.h"
+ + char dflag;
+@@ -31,6 +32,11 @@
+ char *union_file_name;
+ char *verbose_file_name;
+ ++static int action_fd = -1;
++static int entry_fd = -1;
++static int text_fd = -1;
++static int union_fd = -1;
++
+ FILE *action_file;	/*  a temp file, used to save actions associated    */
+ 			/*  with rules until the parser is written	    */
+ FILE *entry_file;
+@@ -72,7 +78,6 @@
+ extern char *mktemp();
+ extern char *getenv();
+ +-
+ done(k)
+ int k;
+ {
+@@ -276,11 +281,20 @@
+     union_file_name[len + 5] = 'u';
+ + #ifndef NO_UNIX
+-    mktemp(action_file_name);
+-    mktemp(entry_file_name);
+-    mktemp(text_file_name);
+-    mktemp(union_file_name);
++    action_fd = mkstemp(action_file_name);
++    entry_fd = mkstemp(entry_file_name);
++    text_fd = mkstemp(text_file_name);
++    union_fd = mkstemp(union_file_name);
+ #endif
++    if (action_fd < 0)
++	open_error(action_file_name);
++    if (entry_fd < 0)
++	open_error(entry_file_name);
++    if (text_fd < 0)
++	open_error(text_file_name);
++    if (union_fd < 0)
++	open_error(union_file_name);
++
+ +     len = strlen(file_prefix);
+ +@@ -321,15 +335,15 @@
+ 	    open_error(input_file_name);
+     }
+ +-    action_file = fopen(action_file_name, "w");
++    action_file = fdopen(action_fd, "w");
+     if (action_file == 0)
+ 	open_error(action_file_name);
+ +-    entry_file = fopen(entry_file_name, "w");
++    entry_file = fdopen(entry_fd, "w");
+     if (entry_file == 0)
+ 	open_error(entry_file_name);
+ +-    text_file = fopen(text_file_name, "w");
++    text_file = fdopen(text_fd, "w");
+     if (text_file == 0)
+ 	open_error(text_file_name);
+ +@@ -345,7 +359,7 @@
+ 	defines_file = fopen(defines_file_name, "w");
+ 	if (defines_file == 0)
+ 	    open_error(defines_file_name);
+-	union_file = fopen(union_file_name, "w");
++	union_file = fdopen(union_fd, "w");
+ 	if (union_file ==  0)
+ 	    open_error(union_file_name);
+     }
--- caml-light.patch ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list