Address tmp file vulnerability noted at

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4983

Bump pkgrev.

5 files changed, 195 insertions, 3 deletions

diff --git a/math/scilab/Makefile b/math/scilab/Makefile
index eed6ab82a50..4d50a007425 100644
--- a/math/scilab/Makefile
+++ b/math/scilab/Makefile
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.75 2008/06/23 20:54:44 markd Exp $
+# $NetBSD: Makefile,v 1.76 2008/11/15 01:19:08 dmcmahill Exp $
 #
 
 DISTNAME=	${SCIBASE}-src
-PKGREVISION=	2
+PKGREVISION=	3
 PKGNAME=	${SCIBASE}
 CATEGORIES=	math
 MASTER_SITES=	http://www.scilab.org/download/4.1/
@@ -99,14 +99,18 @@ pre-install:
 # delete some .orig files that got created by patching
 # also fix the libtool link
 post-install:
+	${RM} -f ${PREFIX}/lib/${SCIBASE}/bin/scilink.orig
 	${RM} -f ${PREFIX}/lib/${SCIBASE}/config/Makeso.incl.in.orig
 	${RM} -f ${PREFIX}/lib/${SCIBASE}/macros/util/scipad.sci.orig
+	${RM} -f ${PREFIX}/lib/${SCIBASE}/util/scidem.orig
+	${RM} -f ${PREFIX}/lib/${SCIBASE}/util/scidoc.orig
 	${RM} -f ${PREFIX}/lib/${SCIBASE}/libtool
 	${LN} -s ${LOCALBASE}/bin/libtool ${PREFIX}/lib/${SCIBASE}/libtool
 	${RM} -f ${PREFIX}/lib/${SCIBASE}/bin/dold
 	${RM} -f ${PREFIX}/lib/${SCIBASE}/config/*.subst.sav
 	${RM} -f ${PREFIX}/lib/${SCIBASE}/config/config.guess
 	${RM} -f ${PREFIX}/lib/${SCIBASE}/config/config.sub
+
 .for __tmp__ in scilab.g scilab.g.in scilab-gtk.g scilab-gtk.g.in
 	${RM} -f ${PREFIX}/lib/${SCIBASE}/scripts/${__tmp__}
 .endfor
diff --git a/math/scilab/distinfo b/math/scilab/distinfo
index 30ea646c16e..11b58586f43 100644
--- a/math/scilab/distinfo
+++ b/math/scilab/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.25 2007/04/10 15:53:16 joerg Exp $
+$NetBSD: distinfo,v 1.26 2008/11/15 01:19:08 dmcmahill Exp $
 
 SHA1 (scilab-4.1-src.tar.gz) = 7a8381a9a69ce280ae718ee59f4c14001b61f4b7
 RMD160 (scilab-4.1-src.tar.gz) = 6ed27ce7dcfb9231b5f3042cb7b830015d102df7
@@ -23,3 +23,6 @@ SHA1 (patch-at) = a24eedcea09e3fc4530b305561b7a9298a2cb4a3
 SHA1 (patch-au) = 029d77b4358dbf87e9761f85840f93191294a894
 SHA1 (patch-av) = da0565e94302d79a494fb099b5b5d7c251937c94
 SHA1 (patch-aw) = 2ac72cf020562baa454c59182aae3dd1d25167df
+SHA1 (patch-ax) = b7e080f0037cc4532100fdf679844724f59d6ba6
+SHA1 (patch-ay) = e521844001d6ed4d560918fac6d026799f2c02a5
+SHA1 (patch-az) = 3b23b82750469e12ea3ee522dfb889c8935df993
diff --git a/math/scilab/patches/patch-ax b/math/scilab/patches/patch-ax
new file mode 100644
index 00000000000..ea406f92cb7
--- /dev/null
+++ b/math/scilab/patches/patch-ax
@@ -0,0 +1,66 @@
+$NetBSD: patch-ax,v 1.6 2008/11/15 01:19:08 dmcmahill Exp $
+
+Address tmp file vulnerability at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4983
+
+--- bin/scilink.orig	2001-04-26 07:43:33.000000000 +0000
++++ bin/scilink
+@@ -15,30 +15,45 @@ export SCI
+ shift
+ LOCALPOS=`pwd`
+ cd $SCI
+-make show | grep -v make > /tmp/SciLink$$1
+-sed -e "s+routines/default+\$SD+g"  -e "s+libs+\$SL+g" -e "s+./pvm3+\$SPVM+g" /tmp/SciLink$$1 > /tmp/SciLink$$2
++
++tmpd=/tmp/SciLink$$
++mkdir -m 0700 $tmpd
++rc=$?
++if test $rc -ne 0 ; then
++	cat << EOF
++
++ERROR:  $0 failed to create the directory 
++        $tmpd
++	securily.  It either already exists or you do not have sufficient permissions
++
++EOF
++	exit 1
++fi
++
++make show | grep -v make > ${tmpd}/SciLink1
++sed -e "s+routines/default+\$SD+g"  -e "s+libs+\$SL+g" -e "s+./pvm3+\$SPVM+g" ${tmpd}/SciLink1 > ${tmpd}/SciLink2
+ for i in $*
+ do
+   x=`basename $i`
+-  sed "s+\$SD/$x++g" /tmp/SciLink$$2 > /tmp/SciLink$$3
+-  rm -f /tmp/SciLink$$2
+-  mv /tmp/SciLink$$3 /tmp/SciLink$$2
++  sed "s+\$SD/$x++g" ${tmpd}/SciLink2 > ${tmpd}/SciLink3
++  rm -f ${tmpd}/SciLink2
++  mv ${tmpd}/SciLink3 ${tmpd}/SciLink2
+ done
+-echo "#!/bin/sh" > /tmp/SciLink$$3
+-echo  SCI=$SCI >>  /tmp/SciLink$$3
+-echo "SD=\$SCI/routines/default" >>  /tmp/SciLink$$3
+-echo "SPVM=\$SCI/pvm3" >>  /tmp/SciLink$$3
+-echo "SL=\$SCI/libs" >>  /tmp/SciLink$$3
+-echo "LOCAL=\"$*\"" >>  /tmp/SciLink$$3
+-sed -e "s+\$SL+ \$LOCAL \$SL+" -e "s+show+scilex+g" /tmp/SciLink$$2 >> /tmp/SciLink$$3
++echo "#!/bin/sh" > ${tmpd}/SciLink3
++echo  SCI=$SCI >>  ${tmpd}/SciLink3
++echo "SD=\$SCI/routines/default" >>  ${tmpd}/SciLink3
++echo "SPVM=\$SCI/pvm3" >>  ${tmpd}/SciLink3
++echo "SL=\$SCI/libs" >>  ${tmpd}/SciLink3
++echo "LOCAL=\"$*\"" >>  ${tmpd}/SciLink3
++sed -e "s+\$SL+ \$LOCAL \$SL+" -e "s+show+scilex+g" ${tmpd}/SciLink2 >> ${tmpd}/SciLink3
+ cd $LOCALPOS
+-mv /tmp/SciLink$$3 Script
++mv ${tmpd}/SciLink3 Script
+ chmod +x Script 
+ echo "Linking a new Scilab with " $*
+ ./Script 
+ echo "I've created : scilex and scilab which uses that scilex"
+ sed -e "s+\$SCI/bin/scilex+`pwd`/scilex+g" $SCI/bin/scilab > scilab 
+ chmod +x scilab 
+-#rm -f /tmp/SciLink*
++rm -fr ${tmpd}
+ 
+ 
diff --git a/math/scilab/patches/patch-ay b/math/scilab/patches/patch-ay
new file mode 100644
index 00000000000..ff49c1dfb7d
--- /dev/null
+++ b/math/scilab/patches/patch-ay
@@ -0,0 +1,65 @@
+$NetBSD: patch-ay,v 1.7 2008/11/15 01:19:08 dmcmahill Exp $
+
+Address tmp file vulnerability at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4983
+
+--- util/scidem.orig	2002-09-02 11:14:52.000000000 +0000
++++ util/scidem
+@@ -5,34 +5,49 @@
+ # Copyright INRIA
+ echo ------------------- File $2--------------------
+ SCI1=$1
++tmpd=/tmp/scidem.$$
++mkdir -m 0700 $tmpd
++rc=$?
++if test $rc -ne 0 ; then
++	cat << EOF
++
++ERROR:  $0 failed to create the directory 
++        $tmpd
++       securily.  It either already exists or you do not have sufficient permissions
++
++EOF
++	exit 1
++fi
++
+ if [ -f $3  ]; then rm $3;fi;
+-trap "rm -f /tmp/$2.$$ /tmp/$2.$$.res /tmp/$2.$$.err /tmp/$2.$$.diff\
++trap "rm -f ${tmpd}/$2.$$ ${tmpd}/$2.$$.res ${tmpd}/$2.$$.err ${tmpd}/$2.$$.diff\
+         ;exit 1"  1 2 13 15
+ echo "clear;lines(0);deff('[]=bugmes()','write(%io(2),''error on test'')');\
+-        diary('$3');driver('Pos');" >> /tmp/$2.$$ ;
++        diary('$3');driver('Pos');" >> ${tmpd}/$2.$$ ;
+ sed     -e "s/pause,end/bugmes();quit;end/" \
+         -e "s/halt()//" \
+-        $2 >> /tmp/$2.$$ ;
+-echo "diary(0);xend();exit;" >> /tmp/$2.$$ ;
+-($SCI1/bin/scilab -nwni < /tmp/$2.$$ > /tmp/$2.$$.res ) 2> /tmp/$2.$$.err ;
++        $2 >> ${tmpd}/$2.$$ ;
++echo "diary(0);xend();exit;" >> ${tmpd}/$2.$$ ;
++($SCI1/bin/scilab -nwni < ${tmpd}/$2.$$ > ${tmpd}/$2.$$.res ) 2> ${tmpd}/$2.$$.err ;
+ sed -e "s/ \./0\./g" -e "s/E+/D+/g" -e "s/E-/D-/g" -e "s/-\./-0\./g" -e "s/^-->//g" -e "s/^-1->//g" $3 > $3.n
+ grep -v "xinit(" $3.n | grep -v "diary(" | grep -v "exec("  > $3
+ rm -f $3.n
+-if ( grep " error" /tmp/$2.$$.res >  /dev/null ) ; then 
++if ( grep " error" ${tmpd}/$2.$$.res >  /dev/null ) ; then 
+         if [ $# != 4 ]; then 
+                 echo "Test failed ERROR DETECTED  while executing $2" ;
+-        else if (grep "$4" /tmp/$2.$$.res >  /dev/null ) ; 
++        else if (grep "$4" ${tmpd}/$2.$$.res >  /dev/null ) ; 
+              then  echo Test skipped ;
+              else echo "Test failed ERROR DETECTED  while executing $2" ;
+              fi;
+         fi;
+ else if [ -f $3.ref ];then 
+-        if ( diff -w $3 $3.ref > /tmp/$2.$$.diff ) ;
++        if ( diff -w $3 $3.ref > ${tmpd}/$2.$$.diff ) ;
+         then  echo Test passed ;
+         else  echo Test Failed SEE : diff -w  $3 $3.ref ;
+         fi;
+       fi;
+ fi;
+ echo ---------------------------------------------------------- 
+-#rm -f /tmp/$2.$$ /tmp/$2.$$.res /tmp/$2.$$.err /tmp/$2.$$.diff
++#rm -f ${tmpd}/$2.$$ ${tmpd}/$2.$$.res ${tmpd}/$2.$$.err ${tmpd}/$2.$$.diff
++rm -fr ${tmpd}
+ exit 0
diff --git a/math/scilab/patches/patch-az b/math/scilab/patches/patch-az
new file mode 100644
index 00000000000..c07cd67be8e
--- /dev/null
+++ b/math/scilab/patches/patch-az
@@ -0,0 +1,54 @@
+$NetBSD: patch-az,v 1.4 2008/11/15 01:19:08 dmcmahill Exp $
+
+Address tmp file vulnerability at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4983
+
+--- util/scidoc.orig	2006-01-04 14:40:34.000000000 +0000
++++ util/scidoc
+@@ -6,25 +6,40 @@
+ echo ------------------- File $2--------------------
+ SCI=$1
+ export SCI
++tmpd=/tmp/scidem.$$
++mkdir -m 0700 $tmpd
++rc=$?
++if test $rc -ne 0 ; then
++	cat << EOF
++
++ERROR:  $0 failed to create the directory 
++        $tmpd
++       securily.  It either already exists or you do not have sufficient permissions
++
++EOF
++	exit 1
++fi
++
++
+ if [ -f $3  ]; then rm $3;fi;
+-trap "rm -f /tmp/$2.$$ /tmp/$2.$$.res /tmp/$2.$$.err /tmp/$2.$$.diff\
++trap "rm -f ${tmpd}$2.$$ ${tmpd}$2.$$.res ${tmpd}$2.$$.err ${tmpd}$2.$$.diff\
+ 	;exit 1"  1 2 13 15
+ echo "clear;lines(0);deff('[]=bugmes()','write(%io(2),''error on test'')');\
+-	diary('$3');driver('Pos');" >> /tmp/$2.$$ ;
++	diary('$3');driver('Pos');" >> ${tmpd}$2.$$ ;
+ sed     -e "s/pause,end/bugmes();quit;end/" \
+ 	-e "s/halt()//" \
+-        $2 >> /tmp/$2.$$ ;
+-echo "diary(0);xend();quit;quit;quit;quit;quit;quit;" >> /tmp/$2.$$ ;
+-($SCI/bin/scilex -nw < /tmp/$2.$$ > /tmp/$2.$$.res ) 2> /tmp/$2.$$.err ;
++        $2 >> ${tmpd}$2.$$ ;
++echo "diary(0);xend();quit;quit;quit;quit;quit;quit;" >> ${tmpd}$2.$$ ;
++($SCI/bin/scilex -nw < ${tmpd}$2.$$ > ${tmpd}$2.$$.res ) 2> ${tmpd}$2.$$.err ;
+ sed -e "s/ \.[0-9]/0&/g" -e "s/0 \./0./g" -e "s/E+/D+/g" -e "s/E-/D-/g" -e "s/-\./-0\./g" $3 > $3.n
+ grep -v "xinit(" $3.n | grep -v "diary(" | grep -v "exec("  > $3
+ rm -f $3.n
+-if ( grep error /tmp/$2.$$.res >  /dev/null ) ; then 
++if ( grep error ${tmpd}$2.$$.res >  /dev/null ) ; then 
+ 	if [ $# != 4 ]; then 
+ 		echo "ERROR DETECTED  while executing $2" ;
+ 	fi;
+ fi;
+ echo ---------------------------------------------------------- 
+-rm -f /tmp/$2.$$ /tmp/$2.$$.res /tmp/$2.$$.err /tmp/$2.$$.diff
++rm -fr ${tmpd}
+ exit 0
+