From 11bc200aaa003f540553c56ef95654d2464ed3e9 Mon Sep 17 00:00:00 2001 From: salo Date: Wed, 24 May 2006 00:05:17 +0000 Subject: Pullup ticket 1665 - requested by joerg security fix for noweb Revisions pulled up: - pkgsrc/devel/noweb/Makefile 1.33 - pkgsrc/devel/noweb/distinfo 1.4 - pkgsrc/devel/noweb/patches/patch-ab 1.1 - pkgsrc/devel/noweb/patches/patch-ac 1.1 - pkgsrc/devel/noweb/patches/patch-ad 1.1 - pkgsrc/devel/noweb/patches/patch-ae 1.1 - pkgsrc/devel/noweb/patches/patch-af 1.1 - pkgsrc/devel/noweb/patches/patch-ag 1.1 - pkgsrc/devel/noweb/patches/patch-ah 1.1 - pkgsrc/devel/noweb/patches/patch-ai 1.1 - pkgsrc/devel/noweb/patches/patch-aj 1.1 - pkgsrc/devel/noweb/patches/patch-ak 1.1 - pkgsrc/devel/noweb/patches/patch-al 1.1 - pkgsrc/devel/noweb/patches/patch-am 1.1 - pkgsrc/devel/noweb/patches/patch-an 1.1 Module Name: pkgsrc Committed By: joerg Date: Tue May 23 16:07:04 UTC 2006 Modified Files: pkgsrc/devel/noweb: Makefile distinfo Added Files: pkgsrc/devel/noweb/patches: patch-ab patch-ac patch-ad patch-ae patch-af patch-ag patch-ah patch-ai patch-aj patch-ak patch-al patch-am patch-an Log Message: Fix insecure temporary file generation. Based on Debian patchset, but handles more cases. Bump revision. --- devel/noweb/Makefile | 15 +++++++++++++-- devel/noweb/distinfo | 15 ++++++++++++++- devel/noweb/patches/patch-ab | 13 +++++++++++++ devel/noweb/patches/patch-ac | 13 +++++++++++++ devel/noweb/patches/patch-ad | 13 +++++++++++++ devel/noweb/patches/patch-ae | 13 +++++++++++++ devel/noweb/patches/patch-af | 27 +++++++++++++++++++++++++++ devel/noweb/patches/patch-ag | 13 +++++++++++++ devel/noweb/patches/patch-ah | 17 +++++++++++++++++ devel/noweb/patches/patch-ai | 13 +++++++++++++ devel/noweb/patches/patch-aj | 24 ++++++++++++++++++++++++ devel/noweb/patches/patch-ak | 19 +++++++++++++++++++ devel/noweb/patches/patch-al | 11 +++++++++++ devel/noweb/patches/patch-am | 32 ++++++++++++++++++++++++++++++++ devel/noweb/patches/patch-an | 29 +++++++++++++++++++++++++++++ 15 files changed, 264 insertions(+), 3 deletions(-) create mode 100644 devel/noweb/patches/patch-ab create mode 100644 devel/noweb/patches/patch-ac create mode 100644 devel/noweb/patches/patch-ad create mode 100644 devel/noweb/patches/patch-ae create mode 100644 devel/noweb/patches/patch-af create mode 100644 devel/noweb/patches/patch-ag create mode 100644 devel/noweb/patches/patch-ah create mode 100644 devel/noweb/patches/patch-ai create mode 100644 devel/noweb/patches/patch-aj create mode 100644 devel/noweb/patches/patch-ak create mode 100644 devel/noweb/patches/patch-al create mode 100644 devel/noweb/patches/patch-am create mode 100644 devel/noweb/patches/patch-an diff --git a/devel/noweb/Makefile b/devel/noweb/Makefile index 0d8c7098b31..ffc178cfd54 100644 --- a/devel/noweb/Makefile +++ b/devel/noweb/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.32 2006/03/04 21:29:18 jlam Exp $ +# $NetBSD: Makefile,v 1.32.2.1 2006/05/24 00:05:17 salo Exp $ DISTNAME= noweb-2.9a -PKGREVISION= 2 +PKGREVISION= 3 CATEGORIES= devel MASTER_SITES= ftp://ftp.cs.virginia.edu/pub/nr/ EXTRACT_SUFX= .tgz @@ -16,6 +16,17 @@ WRKSRC= ${WRKDIR}/src .include "../../mk/bsd.prefs.mk" +USE_TOOLS+= mktemp:run + +SUBST_CLASSES+= mktemp +SUBST_FILES.mktemp+= awk/totex.nw lib/toascii shell/toroff shell/noroff +SUBST_FILES.mktemp+= shell/nonu shell/cpif awkname shell/roff.nw +SUBST_FILES.mktemp+= shell/roff.mm ../contrib/conrado/d2tex +SUBST_FILES.mktemp+= ../contrib/jobling/correct-refs.nw +SUBST_FILES.mktemp+= ../contrib/norman/htmlgif/pstopbm +SUBST_SED.mktemp+= -e 's,@MKTEMP@,${TOOLS_PATH.mktemp},g' +SUBST_STAGE.mktemp= post-patch + .if ${OPSYS} != "SunOS" do-configure: (cd ${WRKSRC} ; ./awkname awk) diff --git a/devel/noweb/distinfo b/devel/noweb/distinfo index 35e69b26ab1..44c232c1b93 100644 --- a/devel/noweb/distinfo +++ b/devel/noweb/distinfo @@ -1,6 +1,19 @@ -$NetBSD: distinfo,v 1.3 2005/02/23 22:24:22 agc Exp $ +$NetBSD: distinfo,v 1.3.10.1 2006/05/24 00:05:17 salo Exp $ SHA1 (noweb-2.9a.tgz) = 0ee5f97c56fa7898be9815ad817036f8aee0193b RMD160 (noweb-2.9a.tgz) = ee61f44091d2634550d33528b426af508ffad729 Size (noweb-2.9a.tgz) = 728608 bytes SHA1 (patch-aa) = 0c0c446173c1ee13eeb0b80041cb8cf98e3c7325 +SHA1 (patch-ab) = 99200991f1dab7aaef349611c11a881483f40888 +SHA1 (patch-ac) = 364d7eb43abac9c33807b7b7d20ff9368f7568d2 +SHA1 (patch-ad) = 6102295ab1c37bb16c92cae3c77a97349794cde4 +SHA1 (patch-ae) = 0079598edc015f0ce387cb1058d06581e05f07c6 +SHA1 (patch-af) = 1af1d268381546ff214450caa7914f30106ff131 +SHA1 (patch-ag) = 5e3e8f271f5a80dda593e908fdbff2a7d5cb6dc6 +SHA1 (patch-ah) = 3038e41f2362de61cd3ad0882c7d39cb3b7e952d +SHA1 (patch-ai) = a9c82e80ac288f7a3316cf3fb671d5a680012054 +SHA1 (patch-aj) = 800210a1143b37e6cb14bc0fdda7ada3b36692e1 +SHA1 (patch-ak) = 8cc2ee6177c633b2e1913790ab63016c19cf5eef +SHA1 (patch-al) = d9fd8a2b59ef6b4a8cae57815ff339de6df8567d +SHA1 (patch-am) = 89803aa4d0db6a9dcbb95832193ce19e25d7ff29 +SHA1 (patch-an) = c706aeeadb59d4b21053518d1c5dcb970be7aaae diff --git a/devel/noweb/patches/patch-ab b/devel/noweb/patches/patch-ab new file mode 100644 index 00000000000..db8d1957014 --- /dev/null +++ b/devel/noweb/patches/patch-ab @@ -0,0 +1,13 @@ +$NetBSD: patch-ab,v 1.1.2.2 2006/05/24 00:05:17 salo Exp $ + +--- elisp/noweb-mode.el.orig 1999-02-16 22:12:21.000000000 +0100 ++++ elisp/noweb-mode.el +@@ -213,7 +213,7 @@ Misc: + (add-hook 'isearch-mode-hook 'noweb-note-isearch-mode) + (add-hook 'isearch-mode-end-hook 'noweb-note-isearch-mode-end) + (run-hooks 'noweb-mode-hook) +- (message "nobweb mode: use `M-x noweb-describe-mode' for further information")) ++ (message "noweb mode: use `M-x noweb-describe-mode' for further information")) + + (defun noweb-setup-keymap () + "Setup the noweb-mode keymap. This function is rerun every time the diff --git a/devel/noweb/patches/patch-ac b/devel/noweb/patches/patch-ac new file mode 100644 index 00000000000..90e5a26849f --- /dev/null +++ b/devel/noweb/patches/patch-ac @@ -0,0 +1,13 @@ +$NetBSD: patch-ac,v 1.1.2.2 2006/05/24 00:05:17 salo Exp $ + +--- awkname.orig 1995-05-26 02:49:07.000000000 +0200 ++++ awkname +@@ -5,7 +5,7 @@ case $# in + esac + + rc=0 +-new=/tmp/$$.new; old=/tmp/$$.old ++new=$(@MKTEMP@ -t noweb_new) || exit 1; old=$(@MKTEMP@ -t noweb_old) || exit 1 + + for file in lib/emptydefn lib/unmarkup lib/toascii \ + awk/noidx awk/totex awk/tohtml awk/noindex \ diff --git a/devel/noweb/patches/patch-ad b/devel/noweb/patches/patch-ad new file mode 100644 index 00000000000..39e55bd2ed9 --- /dev/null +++ b/devel/noweb/patches/patch-ad @@ -0,0 +1,13 @@ +$NetBSD: patch-ad,v 1.1.2.2 2006/05/24 00:05:17 salo Exp $ + +--- shell/cpif.orig 1993-03-01 23:22:02.000000000 +0100 ++++ shell/cpif +@@ -17,7 +17,7 @@ case $# in + 0) echo 'Usage: '`basename $0`' [ -eq -ne ] file...' 1>&2; exit 2 + esac + +-new=/tmp/$$ ++new=$(@MKTEMP@ noweb) || exit 1 + trap 'rm -f $new; exit 1' 1 2 15 # clean up files + + cat >$new diff --git a/devel/noweb/patches/patch-ae b/devel/noweb/patches/patch-ae new file mode 100644 index 00000000000..bb1b36e1836 --- /dev/null +++ b/devel/noweb/patches/patch-ae @@ -0,0 +1,13 @@ +$NetBSD: patch-ae,v 1.1.2.2 2006/05/24 00:05:17 salo Exp $ + +--- shell/nonu.orig 1993-08-19 20:46:04.000000000 +0200 ++++ shell/nonu +@@ -2,7 +2,7 @@ + LIB=/usr/public/pkg/noweb/lib + # attempt to convert nuweb to noweb using sam + +-tmp=/tmp/nonu$$ ++tmp=$(@MKTEMP@ -t nonu) || exit 1 + trap '/bin/rm -f $tmp; exit 1' 1 2 15 # clean up files + cp $1 $tmp || exit 1 + diff --git a/devel/noweb/patches/patch-af b/devel/noweb/patches/patch-af new file mode 100644 index 00000000000..a1ab836176f --- /dev/null +++ b/devel/noweb/patches/patch-af @@ -0,0 +1,27 @@ +$NetBSD: patch-af,v 1.1.2.2 2006/05/24 00:05:17 salo Exp $ + +--- shell/noroff.orig 1999-02-16 22:58:52.000000000 +0100 ++++ shell/noroff +@@ -35,9 +35,10 @@ fi + + base="`basename $1 | sed '/\./s/\.[^.]*$//'`" + tagsfile="$base.nwt" ++tmpfile=$(@MKTEMP@ tags) || exit 1 + (echo ".so $macrodir/tmac.w" + if [ -r "$tagsfile" ]; then +- cp $tagsfile /tmp/tags.$$ ++ cp $tagsfile $tmpfile + $AWK '{ + if (sub(/^###TAG### / , "")) tags[$1] = $2 + else if (sub(/^###BEGINCHUNKS###/, "")) printf ".de CLIST\n.CLISTBEGIN\n" +@@ -88,8 +89,8 @@ if [ -r "$tagsfile" ]; then + # print str3 + # print convquote(str3) + # } +- function tag(s) { if (s in tags) return tags[s]; else return "???" }' /tmp/tags.$$ +- rm -f /tmp/tags.$$ ++ function tag(s) { if (s in tags) return tags[s]; else return "???" }' $tmpfile ++ rm -f $tmpfile + fi + cat "$@") | + ($ROFF $opts 2>$tagsfile) diff --git a/devel/noweb/patches/patch-ag b/devel/noweb/patches/patch-ag new file mode 100644 index 00000000000..78438d42602 --- /dev/null +++ b/devel/noweb/patches/patch-ag @@ -0,0 +1,13 @@ +$NetBSD: patch-ag,v 1.1.2.2 2006/05/24 00:05:17 salo Exp $ + +--- shell/toroff.orig 1999-02-16 22:58:52.000000000 +0100 ++++ shell/toroff +@@ -9,7 +9,7 @@ for i do + exit 1;; + esac + done +-awkfile="/tmp/noweb$$.awk" ++awkfile=$(@MKTEMP@ -t noweb) || exit 1 + trap 'rm -f $awkfile' 0 1 2 10 14 15 + cat > $awkfile << 'EOF' + /^@begin docs 0$/ { if (delay) next } diff --git a/devel/noweb/patches/patch-ah b/devel/noweb/patches/patch-ah new file mode 100644 index 00000000000..378e71d01a4 --- /dev/null +++ b/devel/noweb/patches/patch-ah @@ -0,0 +1,17 @@ +$NetBSD: patch-ah,v 1.1.2.2 2006/05/24 00:05:17 salo Exp $ + +--- lib/toascii.orig 1999-02-16 22:58:52.000000000 +0100 ++++ lib/toascii +@@ -7,9 +7,9 @@ for i do + *) echo "This can't happen -- $i passed to toascii" 1>&2 ; exit 1 ;; + esac + done +-awkfile="tmp/awk$$.tmp" +-textfile="/tmp/text$$.tmp" +-tagsfile="/tmp/tags$$.tmp" ++awkfile=$(@MKTEMP@ -t awk -s) || exit 1 ++textfile=$(@MKTEMP@ -t text -s) || exit 1 ++tagsfile=$(@MKTEMP@ -t tags -s) || exit 1 + export awkfile textfile tagsfile + trap 'rm -f $awkfile $textfile $tagsfile' 0 1 2 10 14 15 + nawk 'BEGIN { textfile=ENVIRON["textfile"] diff --git a/devel/noweb/patches/patch-ai b/devel/noweb/patches/patch-ai new file mode 100644 index 00000000000..cf2d628fd18 --- /dev/null +++ b/devel/noweb/patches/patch-ai @@ -0,0 +1,13 @@ +$NetBSD: patch-ai,v 1.1.2.2 2006/05/24 00:05:17 salo Exp $ + +--- awk/totex.nw.orig 1996-05-31 21:04:15.000000000 +0200 ++++ awk/totex.nw +@@ -24,7 +24,7 @@ nawk '<>= +-awkfile=/tmp/totex$$.awk ++awkfile=$(@MKTEMP@ -t totex) || exit 1 + trap 'rm -f $awkfile; exit 1' 0 1 2 15 # clean up files + cat > $awkfile << 'EOF' + <> diff --git a/devel/noweb/patches/patch-aj b/devel/noweb/patches/patch-aj new file mode 100644 index 00000000000..552bc6204a8 --- /dev/null +++ b/devel/noweb/patches/patch-aj @@ -0,0 +1,24 @@ +$NetBSD: patch-aj,v 1.1.2.2 2006/05/24 00:05:17 salo Exp $ + +--- ../contrib/norman/htmlgif/pstopbm.orig 1998-08-07 20:29:32.000000000 +0200 ++++ ../contrib/norman/htmlgif/pstopbm +@@ -36,8 +36,8 @@ while [ $# -gt 0 ]; do + shift + done + +-tmp=/tmp/pstopbm$$ +-tmpa=$tmp.a ++tmp=$(@MKTEMP@ -t pstopbm) || exit 1 ++tmpa=$(@MKTEMP@ -t pstopbm_a -s) || exit 1 + if [ $# -eq 0 ]; then cat > $tmp; else cat "$@" > $tmp; fi + + if echo "$@" | fgrep .eps > /dev/null; then +@@ -76,7 +76,7 @@ exit 0 + + + if [ $# -eq 0 ]; then +- tmp=/tmp/pstopbm$$ ++ tmp=$(@MKTEMP@ -t pstopbm) || exit 1 + cat > $tmp + gs -q -sDEVICE=$device -sOutputFile=- -dNOPAUSE -dMAGSTEP=1.0 $tmp + else diff --git a/devel/noweb/patches/patch-ak b/devel/noweb/patches/patch-ak new file mode 100644 index 00000000000..22c8a675f4b --- /dev/null +++ b/devel/noweb/patches/patch-ak @@ -0,0 +1,19 @@ +$NetBSD: patch-ak,v 1.1.2.2 2006/05/24 00:05:17 salo Exp $ + +--- ../contrib/jobling/correct-refs.nw.orig 1995-05-24 20:12:48.000000000 +0200 ++++ ../contrib/jobling/correct-refs.nw +@@ -332,11 +332,12 @@ gawk -f $LIB/awk-scripts.awk anchor-list + echo Processing HTML nodes + foreach f (*.awk) + set root=$f:r ++ set tmpfile=`@MKTEMP@ -t noweb` || exit 1 + echo -n Processing $root.html +- gawk -f $f < $root.html >! /tmp/$root.html ++ gawk -f $f < $root.html >! $tmpfile + echo "..." Done + cp $root.html $root.html.bak +- cp /tmp/$root.html $root.html ++ cp $tmpfile $root.html + end + + @ diff --git a/devel/noweb/patches/patch-al b/devel/noweb/patches/patch-al new file mode 100644 index 00000000000..36604c1c171 --- /dev/null +++ b/devel/noweb/patches/patch-al @@ -0,0 +1,11 @@ +$NetBSD: patch-al,v 1.1.2.2 2006/05/24 00:05:17 salo Exp $ + +--- ../contrib/conrado/d2tex.orig 1993-10-27 18:37:11.000000000 +0100 ++++ ../contrib/conrado/d2tex +@@ -1,5 +1,5 @@ + #! /bin/sh +-KEYGEN=/tmp/d2tex$$ ++KEYGEN=$(@MKTEMP@ -t d2tex) || exit 1 + trap "rm -f $KEYGEN; exit 1" 1 2 3 15 + cat > $KEYGEN <&2; exit 1; } + trap 'rm -f $awkfile' 0 1 2 10 14 15 + cat > $awkfile \&<< 'EOF' + \c +@@ -1628,14 +1628,15 @@ base="`basename $1 | sed '/\./s/\.[^.]*$ + tagsfile="$base.nwt" + (echo ".so $macrodir/tmac.w" + if [ -r "$tagsfile" ]; then +- cp $tagsfile /tmp/tags.$$ ++ tagstemp=$(@MKTEMP@ -t tags) || { echo "$0: Cannot create temporary file" >&2; exit 1; } ++ cp $tagsfile $tagstemp + $AWK '\c + .USE "action for \*[BEGINCONVQUOTE]tags\*[ENDCONVQUOTE] line" 11c + \& + \c + .USE "functions" 8a +-\&' /tmp/tags.$$ +- rm -f /tmp/tags.$$ ++\&' $tagstemp ++ rm -f $tagstemp + fi + cat "$@") | + ($ROFF $opts 2>$tagsfile) diff --git a/devel/noweb/patches/patch-an b/devel/noweb/patches/patch-an new file mode 100644 index 00000000000..04ba5f56021 --- /dev/null +++ b/devel/noweb/patches/patch-an @@ -0,0 +1,29 @@ +$NetBSD: patch-an,v 1.1.2.2 2006/05/24 00:05:17 salo Exp $ + +--- shell/roff.nw.orig 1998-08-17 02:27:09.000000000 +0200 ++++ shell/roff.nw +@@ -80,7 +80,8 @@ single quotes and double quotes, so neit + other, and quoting each quote is ugly. The pragmatic solution is to + copy the awk program into a temporary file, using a shell here-document. + <>= +-awkfile="/tmp/noweb$$.awk" ++awkfile=$(@MKTEMP@ -t noweb) || { echo "$0: Cannot create temporary file" >&2; exit 1; } ++ + trap 'rm -f $awkfile' 0 1 2 10 14 15 + cat > $awkfile << 'EOF' + <> +@@ -664,10 +665,11 @@ base="`basename $1 | sed '/\./s/\.[^.]*$ + tagsfile="$base.nwt" + (echo ".so $macrodir/tmac.w" + if [ -r "$tagsfile" ]; then +- cp $tagsfile /tmp/tags.$$ ++ tagstemp=$(@MKTEMP@ -t tags) || { echo "$0: Cannot create temporary file" >&2; exit 1; } ++ cp $tagsfile $tagstemp + $AWK '<> +- <>' /tmp/tags.$$ +- rm -f /tmp/tags.$$ ++ <>' $tagstemp ++ rm -f $tagstemp + fi + cat "$@") | + ($ROFF $opts 2>$tagsfile) -- cgit v1.2.3