Fix insecure-temp-files, PR 45558

3 files changed, 92 insertions, 3 deletions

diff --git a/lang/caml-light/Makefile b/lang/caml-light/Makefile
index 07c695748c8..1ae5551215d 100644
--- a/lang/caml-light/Makefile
+++ b/lang/caml-light/Makefile
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.12 2011/11/01 11:39:59 bsiegert Exp $
+# $NetBSD: Makefile,v 1.13 2011/11/06 19:32:07 dholland Exp $
 #
 
 DISTNAME=		cl74unix
 PKGNAME=		caml-light-0.74
-PKGREVISION=		1
+PKGREVISION=		2
 CATEGORIES=		lang
 MASTER_SITES=		ftp://ftp.inria.fr/lang/caml-light/
 
diff --git a/lang/caml-light/distinfo b/lang/caml-light/distinfo
index 64429bf4b39..ca6d21d95e3 100644
--- a/lang/caml-light/distinfo
+++ b/lang/caml-light/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.8 2011/11/02 15:04:17 dholland Exp $
+$NetBSD: distinfo,v 1.9 2011/11/06 19:32:07 dholland Exp $
 
 SHA1 (cl74unix.tar.gz) = feae4a53af78b6c500a03c618dc11444e8b5dc47
 RMD160 (cl74unix.tar.gz) = a00a8de15e042080041076fcf3ad2592d9deb469
@@ -24,3 +24,4 @@ SHA1 (patch-ar) = aba9a829916af887d1115b51a57b449aced8535f
 SHA1 (patch-as) = 5d462ae1a1bf72ae1a0f19ff73d4b1b4226dbb32
 SHA1 (patch-at) = 83c69c1635a0c8f038bcd23d00acc4dc406c0684
 SHA1 (patch-au) = 4fe5ac20d7526e782143874b0ce9c7367716dbce
+SHA1 (patch-yacc_main_c) = 37171cb256ffc85faf4505525ec950d3e31e002c
diff --git a/lang/caml-light/patches/patch-yacc_main_c b/lang/caml-light/patches/patch-yacc_main_c
new file mode 100644
index 00000000000..70eb15352af
--- /dev/null
+++ b/lang/caml-light/patches/patch-yacc_main_c
@@ -0,0 +1,88 @@
+$NetBSD: patch-yacc_main_c,v 1.1 2011/11/06 19:32:07 dholland Exp $
+
+Avoid insecure use of mktemp().
+
+--- yacc/main.c~	1995-06-07 09:34:32.000000000 -0400
++++ yacc/main.c	2008-09-04 22:15:26.000000000 -0400
+@@ -1,4 +1,5 @@
+ #include <signal.h>
++#include <stdlib.h> /* for mkstemp(), getenv() */
+ #include "defs.h"
+ 
+ char dflag;
+@@ -31,6 +32,11 @@ char *text_file_name;
+ char *union_file_name;
+ char *verbose_file_name;
+ 
++static int action_fd = -1;
++static int entry_fd = -1;
++static int text_fd = -1;
++static int union_fd = -1;
++
+ FILE *action_file;	/*  a temp file, used to save actions associated    */
+ 			/*  with rules until the parser is written	    */
+ FILE *entry_file;
+@@ -69,9 +75,6 @@ char  *rassoc;
+ short **derives;
+ char *nullable;
+ 
+-extern char *mktemp();
+-extern char *getenv();
+-
+ 
+ done(k)
+ int k;
+@@ -276,12 +279,21 @@ create_file_names()
+     union_file_name[len + 5] = 'u';
+ 
+ #ifndef NO_UNIX
+-    mktemp(action_file_name);
+-    mktemp(entry_file_name);
+-    mktemp(text_file_name);
+-    mktemp(union_file_name);
++    action_fd = mkstemp(action_file_name);
++    entry_fd = mkstemp(entry_file_name);
++    text_fd = mkstemp(text_file_name);
++    union_fd = mkstemp(union_file_name);
+ #endif
+ 
++    if (action_fd < 0)
++	open_error(action_file_name);
++    if (entry_fd < 0)
++	open_error(entry_file_name);
++    if (text_fd < 0)
++	open_error(text_file_name);
++    if (union_fd < 0)
++	open_error(union_file_name);
++
+     len = strlen(file_prefix);
+ 
+     output_file_name = MALLOC(len + 7);
+@@ -321,15 +333,15 @@ open_files()
+ 	    open_error(input_file_name);
+     }
+ 
+-    action_file = fopen(action_file_name, "w");
++    action_file = fdopen(action_fd, "w");
+     if (action_file == 0)
+ 	open_error(action_file_name);
+ 
+-    entry_file = fopen(entry_file_name, "w");
++    entry_file = fdopen(entry_fd, "w");
+     if (entry_file == 0)
+ 	open_error(entry_file_name);
+ 
+-    text_file = fopen(text_file_name, "w");
++    text_file = fdopen(text_fd, "w");
+     if (text_file == 0)
+ 	open_error(text_file_name);
+ 
+@@ -345,7 +357,7 @@ open_files()
+ 	defines_file = fopen(defines_file_name, "w");
+ 	if (defines_file == 0)
+ 	    open_error(defines_file_name);
+-	union_file = fopen(union_file_name, "w");
++	union_file = fdopen(union_fd, "w");
+ 	if (union_file ==  0)
+ 	    open_error(union_file_name);
+     }