diff options
| author |   Mike Frysinger <vapier@gentoo.org> | 2005-09-29 08:51:10 +0000 |
|---|---|---|
| committer | Mike Frysinger <vapier@gentoo.org> | 2005-09-29 08:51:10 +0000 |
| commit | 005ec28ce4e11cc4acefa9cdbfb32ca3566b2fca (patch) | |
| tree | 2da9a6ea3b3aa4b1200ef460cae6718c61aa3280 /sys-apps | |
| parent | Version bumped. (diff) | |
| download | historical-005ec28ce4e11cc4acefa9cdbfb32ca3566b2fca.tar.gz historical-005ec28ce4e11cc4acefa9cdbfb32ca3566b2fca.tar.bz2 historical-005ec28ce4e11cc4acefa9cdbfb32ca3566b2fca.zip | |
Fix insecure tempfile usage #106105.
Package-Manager: portage-2.0.52-r1 http://www.bash.org/?136501
Diffstat (limited to 'sys-apps')
| -rw-r--r-- | sys-apps/texinfo/ChangeLog | 8 | ||||
| -rw-r--r-- | sys-apps/texinfo/Manifest | 19 | ||||
| -rw-r--r-- | sys-apps/texinfo/files/digest-texinfo-4.8-r1 | 1 | ||||
| -rw-r--r-- | sys-apps/texinfo/files/texinfo-4.8-tempfile.patch | 60 | ||||
| -rw-r--r-- | sys-apps/texinfo/texinfo-4.8-r1.ebuild | 69 |
5 files changed, 148 insertions, 9 deletions
diff --git a/sys-apps/texinfo/ChangeLog b/sys-apps/texinfo/ChangeLog index d5a68f8c227e..647fc1d8619a 100644 --- a/sys-apps/texinfo/ChangeLog +++ b/sys-apps/texinfo/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for sys-apps/texinfo # Copyright 1999-2005 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-apps/texinfo/ChangeLog,v 1.57 2005/09/17 00:34:47 ciaranm Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-apps/texinfo/ChangeLog,v 1.58 2005/09/29 08:51:10 vapier Exp $ + +*texinfo-4.8-r1 (29 Sep 2005) + + 29 Sep 2005; Mike Frysinger <vapier@gentoo.org> + +files/texinfo-4.8-tempfile.patch, +texinfo-4.8-r1.ebuild: + Fix insecure tempfile usage #106105. 17 Sep 2005; Ciaran McCreesh <ciaranm@gentoo.org> ChangeLog: Converted to UTF-8, fixed encoding screwups diff --git a/sys-apps/texinfo/Manifest b/sys-apps/texinfo/Manifest index 6d253ce16313..0bfd4beae226 100644 --- a/sys-apps/texinfo/Manifest +++ b/sys-apps/texinfo/Manifest @@ -1,19 +1,22 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 -MD5 51d0756296f7f75f5a8cf3ec558fe1aa texinfo-4.8.ebuild 1909 MD5 9a09f8d531c582e78977dbfd96edc1f2 metadata.xml 164 MD5 75c60847c4f9b9d75375567cd1a3ba81 texinfo-4.7-r1.ebuild 1979 -MD5 0e49c15bda489070d5411dc6a36863c7 ChangeLog 7314 -MD5 1c6181fd6a19db98315a1f737a5ae839 files/digest-texinfo-4.8 65 +MD5 aaac50ea8fce0b3174cbdad4d7584db4 texinfo-4.8-r1.ebuild 1975 +MD5 51d0756296f7f75f5a8cf3ec558fe1aa texinfo-4.8.ebuild 1909 +MD5 95df2fa8d9b77ac894f1910634508d34 ChangeLog 7495 MD5 7246b5d34e673e1eb937186e4f18f56d files/texinfo-4.8-freebsd.patch 3787 +MD5 6db903b811b98699388c8e765d2721c4 files/texinfo-4.8-tempfile.patch 1406 +MD5 1c6181fd6a19db98315a1f737a5ae839 files/digest-texinfo-4.8-r1 65 MD5 690fb86d0c0215155b1d18671099115a files/mkinfodir 7318 -MD5 a0df107ca9e3036e2ee2d501343cbf2b files/makeinfo.patch 790 MD5 a2c21c53079eb65c306a08d230d15b2b files/digest-texinfo-4.7-r1 65 +MD5 1c6181fd6a19db98315a1f737a5ae839 files/digest-texinfo-4.8 65 +MD5 a0df107ca9e3036e2ee2d501343cbf2b files/makeinfo.patch 790 -----BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.1 (GNU/Linux) +Version: GnuPG v1.4.2 (GNU/Linux) -iD8DBQFDK2TaLLFUmVNQ7rkRAnA+AKDCvKW7fCNDQ9RfV8vfLDnXAyJiqgCfRJAJ -JRIHsJdXuA86mmlsHlIo8us= -=I0cl +iD8DBQFDO6tEgIKl8Uu19MoRArruAJ9lYt1UKY538tkiwU/Z4ruUaCO55ACeNLU4 +/81QKHK5Iap1TT6wVQ90mTU= +=ICrI -----END PGP SIGNATURE----- diff --git a/sys-apps/texinfo/files/digest-texinfo-4.8-r1 b/sys-apps/texinfo/files/digest-texinfo-4.8-r1 new file mode 100644 index 000000000000..89aa6b29dbe2 --- /dev/null +++ b/sys-apps/texinfo/files/digest-texinfo-4.8-r1 @@ -0,0 +1 @@ +MD5 6ba369bbfe4afaa56122e65b3ee3a68c texinfo-4.8.tar.bz2 1521822 diff --git a/sys-apps/texinfo/files/texinfo-4.8-tempfile.patch b/sys-apps/texinfo/files/texinfo-4.8-tempfile.patch new file mode 100644 index 000000000000..c3c9e93d7a5e --- /dev/null +++ b/sys-apps/texinfo/files/texinfo-4.8-tempfile.patch @@ -0,0 +1,60 @@ +http://bugs.gentoo.org/106105 + +--- util/texindex.c ++++ util/texindex.c +@@ -99,6 +99,9 @@ long nlines; + /* Directory to use for temporary files. On Unix, it ends with a slash. */ + char *tempdir; + ++/* Basename for temp files inside of tempdir. */ ++char *tempbase; ++ + /* Number of last temporary file. */ + int tempcount; + +@@ -190,6 +193,11 @@ main (int argc, char **argv) + + decode_command (argc, argv); + ++ /* XXX mkstemp not appropriate, as we need to have somewhat predictable ++ * names. But race condition was fixed, see maketempname. ++ */ ++ tempbase = mktemp ("txidxXXXXXX"); ++ + /* Process input files completely, one by one. */ + + for (i = 0; i < num_infiles; i++) +@@ -392,21 +400,21 @@ For more information about these matters + static char * + maketempname (int count) + { +- static char *tempbase = NULL; + char tempsuffix[10]; +- +- if (!tempbase) +- { +- int fd; +- tempbase = concat (tempdir, "txidxXXXXXX"); +- +- fd = mkstemp (tempbase); +- if (fd == -1) +- pfatal_with_name (tempbase); +- } ++ char *name, *tmp_name; ++ int fd; + + sprintf (tempsuffix, ".%d", count); +- return concat (tempbase, tempsuffix); ++ tmp_name = concat (tempdir, tempbase); ++ name = concat (tmp_name, tempsuffix); ++ free(tmp_name); ++ ++ fd = open (name, O_CREAT|O_EXCL|O_WRONLY, 0600); ++ if (fd == -1) ++ pfatal_with_name (name); ++ ++ close(fd); ++ return name; + } + + diff --git a/sys-apps/texinfo/texinfo-4.8-r1.ebuild b/sys-apps/texinfo/texinfo-4.8-r1.ebuild new file mode 100644 index 000000000000..50b5f9b3c281 --- /dev/null +++ b/sys-apps/texinfo/texinfo-4.8-r1.ebuild @@ -0,0 +1,69 @@ +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-apps/texinfo/texinfo-4.8-r1.ebuild,v 1.1 2005/09/29 08:51:10 vapier Exp $ + +inherit flag-o-matic eutils + +DESCRIPTION="The GNU info program and utilities" +HOMEPAGE="http://www.gnu.org/software/texinfo/" +SRC_URI="mirror://gnu/${PN}/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc-macos ~ppc64 ~s390 ~sh ~sparc ~x86" +IUSE="nls build static" + +RDEPEND="!build? ( >=sys-libs/ncurses-5.2-r2 )" +DEPEND="${RDEPEND} + !build? ( nls? ( sys-devel/gettext ) )" + +src_unpack() { + unpack ${A} + cd "${S}" + epatch "${FILESDIR}"/${P}-freebsd.patch + epatch "${FILESDIR}"/${P}-tempfile.patch #106105 + + cd doc + # Get the texinfo info page to have a proper name of texinfo.info + sed -i 's:setfilename texinfo:setfilename texinfo.info:' texinfo.txi + sed -i \ + -e 's:INFO_DEPS = texinfo:INFO_DEPS = texinfo.info:' \ + -e 's:texinfo\::texinfo.info\::' \ + Makefile.in +} + +src_compile() { + local myconf= + if ! use nls || use build ; then + myconf="--disable-nls" + fi + use static && append-ldflags -static + + econf ${myconf} || die + + # work around broken dependency's in info/Makefile.am #85540 + emake -C lib || die "emake lib" + emake -C info makedoc || die "emake makedoc" + emake -C info doc.c || die "emake doc.c" + emake || die "emake" +} + +src_install() { + if use build ; then + newbin util/ginstall-info install-info + dobin makeinfo/makeinfo util/{texi2dvi,texindex} + else + make DESTDIR="${D}" install || die "install failed" + dosbin ${FILESDIR}/mkinfodir + # tetex installs this guy #76812 + has_version '<app-text/tetex-3' && rm -f "${D}"/usr/bin/texi2pdf + + if [[ ! -f ${D}/usr/share/info/texinfo.info ]] ; then + die "Could not install texinfo.info!!!" + fi + + dodoc AUTHORS ChangeLog INTRODUCTION NEWS README TODO + newdoc info/README README.info + newdoc makeinfo/README README.makeinfo + fi +} |