Fix PR 45558 (aka CVE-2011-4119) which also turns out to affect Moscow ML.

Credit to Florian Weimer for noticing this.

3 files changed, 96 insertions, 2 deletions

diff --git a/lang/moscow_ml/Makefile b/lang/moscow_ml/Makefile
index 1c12357bfa6..a631bd4c9ce 100644
--- a/lang/moscow_ml/Makefile
+++ b/lang/moscow_ml/Makefile
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.28 2008/04/28 10:16:57 tnn Exp $
+# $NetBSD: Makefile,v 1.29 2011/11/08 12:41:30 dholland Exp $
 
 DISTNAME=	mos201src
 PKGNAME=	moscow_ml-2.01
+PKGREVISION=	1
 CATEGORIES=	lang
 MASTER_SITES=	http://www.itu.dk/people/sestoft/mosml/
 
diff --git a/lang/moscow_ml/distinfo b/lang/moscow_ml/distinfo
index edd04631e64..2ed0e48eeda 100644
--- a/lang/moscow_ml/distinfo
+++ b/lang/moscow_ml/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.5 2008/04/28 10:16:57 tnn Exp $
+$NetBSD: distinfo,v 1.6 2011/11/08 12:41:30 dholland Exp $
 
 SHA1 (mos201src.tar.gz) = eba58486b10f0359fafba488fa1bf366b2aabf8a
 RMD160 (mos201src.tar.gz) = b2a9582d8c0bfdad2b8a74740e54ab33d3856637
@@ -16,3 +16,4 @@ SHA1 (patch-be) = 4742e5391e5ac9d7c5339c69b6d47d237659feed
 SHA1 (patch-bf) = 3bafc00ea7b2fd8c7992f0dc36cb4467e6815de6
 SHA1 (patch-bg) = 6ca89fb870ef066a2929b9cd7e38257c9380cd11
 SHA1 (patch-bh) = e9a12cf9804e46379c9e97c567eef974a2f7ca62
+SHA1 (patch-mosmlyac_main_c) = d9d6a624c33f96a25e866c64944d0f20cedea526
diff --git a/lang/moscow_ml/patches/patch-mosmlyac_main_c b/lang/moscow_ml/patches/patch-mosmlyac_main_c
new file mode 100644
index 00000000000..1c830e34ca2
--- /dev/null
+++ b/lang/moscow_ml/patches/patch-mosmlyac_main_c
@@ -0,0 +1,92 @@
+$NetBSD: patch-mosmlyac_main_c,v 1.1 2011/11/08 12:41:30 dholland Exp $
+
+Avoid insecure use of mktemp().
+
+--- mosmlyac/main.c.orig	2000-04-28 09:38:45.000000000 +0000
++++ mosmlyac/main.c
+@@ -1,6 +1,9 @@
+ #include <signal.h>
+ #ifdef ANSI
+ #include <string.h>
++#include <stdlib.h>
++#else
++extern char *getenv();
+ #endif
+ #include "defs.h"
+ 
+@@ -33,6 +36,11 @@ char *text_file_name;
+ char *union_file_name;
+ char *verbose_file_name;
+ 
++static int action_fd = -1;
++static int entry_fd = -1;
++static int text_fd = -1;
++static int union_fd = -1;
++
+ FILE *action_file;	/*  a temp file, used to save actions associated    */
+ 			/*  with rules until the parser is written	    */
+ FILE *entry_file;
+@@ -71,9 +79,6 @@ char  *rassoc;
+ short **derives;
+ char *nullable;
+ 
+-extern char *mktemp();
+-extern char *getenv();
+-
+ 
+ void done(int k)
+ {
+@@ -276,12 +281,21 @@ void create_file_names(void)
+     union_file_name[len + 5] = 'u';
+ 
+ #ifndef NO_UNIX
+-    mktemp(action_file_name);
+-    mktemp(entry_file_name);
+-    mktemp(text_file_name);
+-    mktemp(union_file_name);
++    action_fd = mkstemp(action_file_name);
++    entry_fd = mkstemp(entry_file_name);
++    text_fd = mkstemp(text_file_name);
++    union_fd = mkstemp(union_file_name);
+ #endif
+ 
++    if (action_fd < 0)
++	open_error(action_file_name);
++    if (entry_fd < 0)
++	open_error(entry_file_name);
++    if (text_fd < 0)
++	open_error(text_file_name);
++    if (union_fd < 0)
++	open_error(union_file_name);
++
+     len = strlen(file_prefix);
+ 
+     output_file_name = MALLOC(len + 7);
+@@ -321,15 +335,15 @@ void open_files(void)
+ 	    open_error(input_file_name);
+     }
+ 
+-    action_file = fopen(action_file_name, "w");
++    action_file = fdopen(action_fd, "w");
+     if (action_file == 0)
+ 	open_error(action_file_name);
+ 
+-    entry_file = fopen(entry_file_name, "w");
++    entry_file = fdopen(entry_fd, "w");
+     if (entry_file == 0)
+ 	open_error(entry_file_name);
+ 
+-    text_file = fopen(text_file_name, "w");
++    text_file = fdopen(text_fd, "w");
+     if (text_file == 0)
+ 	open_error(text_file_name);
+ 
+@@ -345,7 +359,7 @@ void open_files(void)
+ 	defines_file = fopen(defines_file_name, "w");
+ 	if (defines_file == 0)
+ 	    open_error(defines_file_name);
+-	union_file = fopen(union_file_name, "w");
++	union_file = fdopen(union_fd, "w");
+ 	if (union_file ==  0)
+ 	    open_error(union_file_name);
+     }