Skip site navigation (1)Skip section navigation (2) 
Date:      Fri,  3 Jul 2009 17:21:16 +0200 (CEST)
From:      Klaus T Aehlig <aehlig@linta.de>
To:        FreeBSD-gnats-submit@FreeBSD.org
Subject:   ports/136287: devel/cvsadmin [patch] configure cvsadmin to use mkdtemp(3) instead of insecure work-around
Message-ID:  <20090703152116.A18CA1CFEE@kleene.linta.de>
Resent-Message-ID: <200907031530.n63FU8aE036378@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         136287
>Category:       ports
>Synopsis:       devel/cvsadmin [patch] configure cvsadmin to use mkdtemp(3) instead of insecure work-around
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Jul 03 15:30:08 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator:     Klaus T Aehlig
>Release:        FreeBSD 7.2-RELEASE-p2 i386
>Organization:
>Environment:
System: FreeBSD kleene.linta.de 7.2-RELEASE-p2 FreeBSD 7.2-RELEASE-p2 #3: Thu Jun 25 11:33:53 CEST 2009 aehlig@kleene.linta.de:/usr/obj/usr/src/sys/KLEENE i386

>Description:

The configure script provided with cvsadmin-1.0.3 does not recognise
that the host system provides mkdtemp(3); in fact, it does not even 
test for it. Therefore ${WRKSRC}/src/util.c uses an insecure (as 
admitted in the source code) work around to generate a temporary
directory instead of using mkdtemp(3).

>How-To-Repeat:

cd /usr/ports/devel/cvsadmin && make configure
and inspect ${WRKSRC}/config.h, reading ${WRKSRC}/src/util.c

alternatively,
cd /usr/ports/devel/cvsadmin && make build
and inspect ${WRKSRC}/src/util.o

>Fix:

Since all supported versions of FreeBSD (even all versions since 3.2) provide
mkdtemp(3), simply set HAVE_MKDTEMP manually in the post-configure phase. This
can be achieved by applying the following patch to the port.

--- patch-cvsadmin-mkdtemp begins here ---
diff -rNu cvsadmin/Makefile cvsadmin.new/Makefile
--- cvsadmin/Makefile	2009-07-01 01:11:10.000000000 +0200
+++ cvsadmin.new/Makefile	2009-07-03 16:50:25.000000000 +0200
@@ -8,7 +8,7 @@
 
 PORTNAME=	cvsadmin
 PORTVERSION=	1.0.3
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	devel
 MASTER_SITES=	${MASTER_SITE_LOCAL}
 MASTER_SITE_SUBDIR=	gabor
@@ -21,6 +21,9 @@
 MAN1=		cvsadmin.1
 PLIST_FILES=	bin/cvsadmin
 
+post-configure:
+	${ECHO_CMD} "#define HAVE_MKDTEMP 1" >> ${WRKSRC}/config.h
+
 post-install:
 	${INSTALL_MAN} ${WRKSRC}/man/cvsadmin.1 ${MANPREFIX}/man/man1
 
--- patch-cvsadmin-mkdtemp ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090703152116.A18CA1CFEE>