summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorkris <kris@FreeBSD.org>2000-03-05 09:27:28 +0000
committerkris <kris@FreeBSD.org>2000-03-05 09:27:28 +0000
commit4642c7dccb539dff82acfe343a69087adb0cc4b0 (patch)
treebc50352469094f9f0cbfedfae74acb3a94cef109
parentffe67c920adb650ab1d480fa229761c385b6d232 (diff)
downloadFreeBSD-ports-4642c7dccb539dff82acfe343a69087adb0cc4b0.zip
FreeBSD-ports-4642c7dccb539dff82acfe343a69087adb0cc4b0.tar.gz
From OpenBSD: generate tempfiles securely with mkstemps()
Approved by: Maintainer
-rw-r--r--archivers/arc/files/patch-ab2
-rw-r--r--archivers/arc/files/patch-ac92
-rw-r--r--archivers/arc/files/patch-ad72
-rw-r--r--archivers/arc/files/patch-ae11
-rw-r--r--archivers/arc/files/patch-af47
-rw-r--r--archivers/arc/files/patch-ag11
-rw-r--r--archivers/arc/files/patch-ah11
-rw-r--r--archivers/arc/files/patch-ai20
-rw-r--r--archivers/arc/files/patch-aj24
-rw-r--r--archivers/arc/files/patch-ak11
-rw-r--r--archivers/arc/files/patch-al38
-rw-r--r--archivers/arc/files/patch-am20
12 files changed, 336 insertions, 23 deletions
diff --git a/archivers/arc/files/patch-ab b/archivers/arc/files/patch-ab
index b55cbaa..52bf11b 100644
--- a/archivers/arc/files/patch-ab
+++ b/archivers/arc/files/patch-ab
@@ -6,7 +6,7 @@
struct tm tm;
struct timeval tvp[2];
int utimes();
-+ #if !defined(__FreeSBD__) && !defined(__OpenBSD__)
++ #if !defined(__FreeBSD__) && !defined(__OpenBSD__)
long tmclock();
+ #endif
tm.tm_sec = (time & 31) * 2;
diff --git a/archivers/arc/files/patch-ac b/archivers/arc/files/patch-ac
index 42c9f08..87e6754 100644
--- a/archivers/arc/files/patch-ac
+++ b/archivers/arc/files/patch-ac
@@ -1,22 +1,70 @@
-*** marc.c.old Wed Apr 15 02:59:21 1992
---- marc.c Sat Dec 31 20:40:30 1994
-***************
-*** 35,40 ****
---- 35,41 ----
- #endif
- VOID arcdie();
- static VOID expandlst(), merge();
-+ char *makefnam(); /* filename fixup routine */
-
- FILE *src; /* source archive */
- char srcname[STRLEN]; /* source archive name */
-***************
-*** 47,53 ****
- int nargs; /* number of arguments */
- char *arg[]; /* pointers to arguments */
- {
-- char *makefnam(); /* filename fixup routine */
- char *envfind();
- #if !_MTS
- char *arctemp2, *mktemp(); /* temp file stuff */
---- 48,53 ----
+--- ./marc.c.orig Tue Apr 14 18:59:21 1992
++++ ./marc.c Wed Aug 11 10:22:31 1999
+@@ -28,12 +28,17 @@
+ #if UNIX
+ #include <sys/types.h>
+ #include <sys/stat.h>
++#include <errno.h>
++#include <unistd.h>
++#include <string.h>
++#include <err.h>
+ #endif
+
+ #ifndef __STDC__
+ char *calloc(), *malloc(), *realloc(); /* memory managers */
+ #endif
+ VOID arcdie();
++int move(),setstamp();
+ static VOID expandlst(), merge();
+
+ FILE *src; /* source archive */
+@@ -50,7 +55,7 @@
+ char *makefnam(); /* filename fixup routine */
+ char *envfind();
+ #if !_MTS
+- char *arctemp2, *mktemp(); /* temp file stuff */
++ char *arctemp2; /* temp file stuff */
+ #endif
+ #if GEMDOS
+ VOID exitpause();
+@@ -114,8 +119,18 @@
+ #endif
+ #if !MSDOS
+ {
+- static char tempname[] = "AXXXXXX";
+- strcat(arctemp, mktemp(tempname));
++ static char tempname[] = "AXXXXXX.arc";
++ int fd=-1;
++ strcat(arctemp, tempname);
++ if((fd = mkstemps(arctemp,4)) == -1 ||
++ (new = fdopen(fd, "w+")) == NULL) {
++ if (fd != -1) {
++ unlink(arctemp);
++ close(fd);
++ }
++ err(1, "can't create temp file %s", arctemp);
++ }
++
+ }
+ #else
+ strcat(arctemp, "$ARCTEMP");
+@@ -148,8 +163,10 @@
+ arc = fopen(arcname,OPEN_R); /* open the archives */
+ if(!(src=fopen(srcname,OPEN_R)))
+ arcdie("Cannot read source archive %s",srcname);
++#if !defined(__OpenBSD__) && !defined(__FreeBSD__) /* this is insecure, see mkstemp(3) */
+ if(!(new=fopen(newname,OPEN_W)))
+ arcdie("Cannot create new archive %s",newname);
++#endif
+
+ if(!arc)
+ printf("Creating new archive %s\n",arcname);
+@@ -283,7 +300,7 @@
+ else return 0; /* or fake end of archive */
+ }
+
+-copyfile(f,hdr,ver) /* copy a file from an archive */
++int copyfile(f,hdr,ver) /* copy a file from an archive */
+ FILE *f; /* archive to copy from */
+ struct heads *hdr; /* header data for file */
+ int ver; /* header version */
diff --git a/archivers/arc/files/patch-ad b/archivers/arc/files/patch-ad
new file mode 100644
index 0000000..36dc963
--- /dev/null
+++ b/archivers/arc/files/patch-ad
@@ -0,0 +1,72 @@
+--- ./arc.c.orig Tue Apr 14 18:58:59 1992
++++ ./arc.c Wed Aug 11 10:21:06 1999
+@@ -76,11 +76,14 @@
+ #if UNIX
+ #include <sys/types.h>
+ #include <sys/stat.h>
++#include <unistd.h>
+ #endif
+
+ #include <string.h>
+ #if BSD
+ #include <strings.h>
++#include <err.h>
++#include <errno.h>
+ #endif
+
+ #if !__STDC__
+@@ -101,6 +104,7 @@
+ static char **lst; /* files list */
+ static int lnum; /* length of files list */
+
++int
+ main(num, arg) /* system entry point */
+ int num; /* number of arguments */
+ char *arg[]; /* pointers to arguments */
+@@ -110,7 +114,7 @@
+ VOID upper();/* case conversion routine */
+ char *envfind(); /* environment searcher */
+ int n; /* index */
+- char *arctemp2, *mktemp();
++ char *arctemp2;
+ #if GEMDOS
+ VOID exitpause();
+ int append;
+@@ -219,8 +223,17 @@
+ #endif
+ #if !MSDOS
+ {
+- static char tempname[] = "AXXXXXX";
+- strcat(arctemp, mktemp(tempname));
++ static char tempname[] = "AXXXXXX.arc";
++ int fd=-1;
++ strcat(arctemp, tempname);
++ if((fd = mkstemps(arctemp,4)) == -1 ||
++ (new = fdopen(fd, "w+")) == NULL) {
++ if (fd != -1) {
++ unlink(arctemp);
++ close(fd);
++ }
++ err(1, "can't create temp file %s", arctemp);
++ }
+ }
+ #else
+ strcat(arctemp, "$ARCTEMP");
+@@ -276,7 +289,7 @@
+ keepbak = 1;
+
+ else if (*a == 'W') /* suppress warnings */
+- warn = 0;
++ arcwarn = 0;
+ #if !DOS
+ else if (*a == 'I') /* image mode, no ASCII/EBCDIC x-late */
+ image = !image;
+@@ -401,7 +414,7 @@
+ expandlst(n) /* expand an indirect reference */
+ int n; /* number of entry to expand */
+ {
+- FILE *lf, *fopen(); /* list file, opener */
++ FILE *lf; /* list file, opener */
+ char buf[100]; /* input buffer */
+ int x; /* index */
+ char *p = lst[n] + 1; /* filename pointer */
diff --git a/archivers/arc/files/patch-ae b/archivers/arc/files/patch-ae
new file mode 100644
index 0000000..a228e9d
--- /dev/null
+++ b/archivers/arc/files/patch-ae
@@ -0,0 +1,11 @@
+--- ./arc.h.orig Tue Aug 10 23:03:24 1999
++++ ./arc.h Tue Aug 10 23:01:55 1999
+@@ -106,7 +106,7 @@
+ #if GEMDOS
+ extern int hold; /* hold screen before exiting */
+ #endif
+-extern int warn; /* true to print warnings */
++extern int arcwarn; /* true to print warnings */
+ extern int note; /* true to print comments */
+ extern int bose; /* true to be verbose */
+ extern int nocomp; /* true to suppress compression */
diff --git a/archivers/arc/files/patch-af b/archivers/arc/files/patch-af
new file mode 100644
index 0000000..8a5597c
--- /dev/null
+++ b/archivers/arc/files/patch-af
@@ -0,0 +1,47 @@
+--- ./arcadd.c.orig Tue Aug 10 23:03:24 1999
++++ ./arcadd.c Tue Aug 10 23:01:55 1999
+@@ -119,7 +119,7 @@
+ }
+ #endif
+ }
+- if (notemp && warn)
++ if (notemp && arcwarn)
+ printf("No files match: %s\n", arg[n]);
+ }
+
+@@ -133,7 +133,7 @@
+ free(path);
+ free(name);
+ }
+- if (nowork && warn)
++ if (nowork && arcwarn)
+ printf("No files were added.\n");
+ }
+
+@@ -227,7 +227,7 @@
+ if (move) { /* if this was a move */
+ for (n = 0; n < nfiles; n++) { /* then delete each file
+ * added */
+- if (unlink(path[n]) && warn) {
++ if (unlink(path[n]) && arcwarn) {
+ printf("Cannot unsave %s\n", path[n]);
+ nerrs++;
+ }
+@@ -259,7 +259,7 @@
+ if (!f)
+ #endif
+ {
+- if (warn) {
++ if (arcwarn) {
+ printf("Cannot read file: %s\n", path);
+ nerrs++;
+ }
+@@ -267,7 +267,7 @@
+ }
+ #if !DOS
+ if (strlen(name) >= FNLEN) {
+- if (warn) {
++ if (arcwarn) {
+ char buf[STRLEN];
+ printf("WARNING: File %s name too long!\n", name);
+ name[FNLEN-1]='\0';
diff --git a/archivers/arc/files/patch-ag b/archivers/arc/files/patch-ag
new file mode 100644
index 0000000..1f49611
--- /dev/null
+++ b/archivers/arc/files/patch-ag
@@ -0,0 +1,11 @@
+--- ./arccvt.c.orig Tue Aug 10 23:03:24 1999
++++ ./arccvt.c Tue Aug 10 23:01:55 1999
+@@ -120,7 +120,7 @@
+ writehdr(hdr, new); /* write out real header */
+ fseek(new, hdr->size, 1); /* skip over data to next header */
+ fclose(tmp); /* all done with the file */
+- if (unlink(tempname) && warn) {
++ if (unlink(tempname) && arcwarn) {
+ printf("Cannot unsave %s\n", tempname);
+ nerrs++;
+ }
diff --git a/archivers/arc/files/patch-ah b/archivers/arc/files/patch-ah
new file mode 100644
index 0000000..f9e7a90
--- /dev/null
+++ b/archivers/arc/files/patch-ah
@@ -0,0 +1,11 @@
+--- ./arcdata.c.orig Tue Aug 10 23:03:24 1999
++++ ./arcdata.c Tue Aug 10 23:01:56 1999
+@@ -35,7 +35,7 @@
+ #if GEMDOS
+ int hold = 0; /* true to pause before exit */
+ #endif
+-int warn = 1; /* true to print warnings */
++int arcwarn = 1; /* true to print warnings */
+ int note = 1; /* true to print comments */
+ int bose = 0; /* true to be verbose */
+ int nocomp = 0; /* true to suppress compression */
diff --git a/archivers/arc/files/patch-ai b/archivers/arc/files/patch-ai
new file mode 100644
index 0000000..c13db4a
--- /dev/null
+++ b/archivers/arc/files/patch-ai
@@ -0,0 +1,20 @@
+--- ./arcext.c.orig Tue Aug 10 23:03:25 1999
++++ ./arcext.c Tue Aug 10 23:01:56 1999
+@@ -143,7 +143,7 @@
+ if (note)
+ printf("Extracting file: %s\n", fix);
+
+- if (warn && !overlay) {
++ if (arcwarn && !overlay) {
+ if (f = fopen(fix, "r")) { /* see if it exists */
+ fclose(f);
+ printf("WARNING: File %s already exists!", fix);
+@@ -190,7 +190,7 @@
+ if (!f)
+ #endif
+ {
+- if (warn) {
++ if (arcwarn) {
+ printf("Cannot create %s\n", fix);
+ nerrs++;
+ }
diff --git a/archivers/arc/files/patch-aj b/archivers/arc/files/patch-aj
new file mode 100644
index 0000000..f7dc13a
--- /dev/null
+++ b/archivers/arc/files/patch-aj
@@ -0,0 +1,24 @@
+--- ./arcio.c.orig Tue Aug 10 23:03:25 1999
++++ ./arcio.c Tue Aug 10 23:01:56 1999
+@@ -46,7 +46,7 @@
+ return 0; /* then signal end of archive */
+
+ if (hdrver != ARCMARK) { /* check archive validity */
+- if (warn) {
++ if (arcwarn) {
+ printf("An entry in %s has a bad header.\n", arcname);
+ nerrs++;
+ }
+@@ -63,10 +63,10 @@
+ if (feof(f) && first)
+ arcdie("%s is not an archive", arcname);
+
+- if (changing && warn)
++ if (changing && arcwarn)
+ arcdie("%s is corrupted -- changes disallowed", arcname);
+
+- if (warn)
++ if (arcwarn)
+ printf(" %d bytes skipped.\n", try);
+
+ if (feof(f))
diff --git a/archivers/arc/files/patch-ak b/archivers/arc/files/patch-ak
new file mode 100644
index 0000000..7933c26
--- /dev/null
+++ b/archivers/arc/files/patch-ak
@@ -0,0 +1,11 @@
+--- ./arclzw.c.orig Tue Aug 10 23:03:25 1999
++++ ./arclzw.c Tue Aug 10 23:01:57 1999
+@@ -546,7 +546,7 @@
+ */
+ if (code >= free_ent) {
+ if (code > free_ent) {
+- if (warn) {
++ if (arcwarn) {
+ printf("Corrupted compressed file.\n");
+ printf("Invalid code %d when max is %d.\n",
+ code, free_ent);
diff --git a/archivers/arc/files/patch-al b/archivers/arc/files/patch-al
new file mode 100644
index 0000000..734b15f
--- /dev/null
+++ b/archivers/arc/files/patch-al
@@ -0,0 +1,38 @@
+--- ./arcrun.c.orig Tue Aug 10 23:03:25 1999
++++ ./arcrun.c Tue Aug 10 23:01:57 1999
+@@ -94,7 +94,7 @@
+ strcpy(sys, buf);
+
+ else {
+- if (warn) {
++ if (arcwarn) {
+ printf("File %s is not a .BAS, .BAT, .COM, or .EXE\n",
+ hdr->name);
+ nerrs++;
+@@ -108,7 +108,7 @@
+ && strcmp(i, ".TTP")
+ && strcmp(i, ".TOS"))
+ {
+- if (warn) {
++ if (arcwarn) {
+ printf("File %s is not a .PRG, .TOS, or .TTP\n",
+ hdr->name);
+ nerrs++;
+@@ -118,7 +118,7 @@
+ }
+ #endif
+
+- if (warn)
++ if (arcwarn)
+ if (tmp = fopen(buf, "r"))
+ arcdie("Temporary file %s already exists", buf);
+ if (!(tmp = fopen(buf, OPEN_W)))
+@@ -142,7 +142,7 @@
+ #endif
+ chdir(dir);
+ free(dir); /* return to whence we started */
+- if (unlink(buf) && warn) {
++ if (unlink(buf) && arcwarn) {
+ printf("Cannot unsave temporary file %s\n", buf);
+ nerrs++;
+ }
diff --git a/archivers/arc/files/patch-am b/archivers/arc/files/patch-am
new file mode 100644
index 0000000..08e091f
--- /dev/null
+++ b/archivers/arc/files/patch-am
@@ -0,0 +1,20 @@
+--- ./arcunp.c.orig Tue Aug 10 23:03:25 1999
++++ ./arcunp.c Tue Aug 10 23:01:57 1999
+@@ -123,7 +123,7 @@
+ break;
+
+ default: /* unknown method */
+- if (warn) {
++ if (arcwarn) {
+ printf("I don't know how to unpack file %s\n", hdr->name);
+ printf("I think you need a newer version of ARC\n");
+ nerrs++;
+@@ -135,7 +135,7 @@
+ /* cleanups common to all methods */
+
+ if (crcval != hdr->crc) {
+- if (warn || kludge) {
++ if (arcwarn || kludge) {
+ printf("WARNING: File %s fails CRC check\n", hdr->name);
+ nerrs++;
+ }
OpenPOWER on IntegriCloud