ports/136287: devel/cvsadmin [patch] configure cvsadmin to use mkdtemp(3) instead of insecure work-around
Klaus T Aehlig
aehlig at linta.de
Fri Jul 3 15:30:09 UTC 2009
>Number: 136287
>Category: ports
>Synopsis: devel/cvsadmin [patch] configure cvsadmin to use mkdtemp(3) instead of insecure work-around
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri Jul 03 15:30:08 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator: Klaus T Aehlig
>Release: FreeBSD 7.2-RELEASE-p2 i386
>Organization:
>Environment:
System: FreeBSD kleene.linta.de 7.2-RELEASE-p2 FreeBSD 7.2-RELEASE-p2 #3: Thu Jun 25 11:33:53 CEST 2009 aehlig at kleene.linta.de:/usr/obj/usr/src/sys/KLEENE i386
>Description:
The configure script provided with cvsadmin-1.0.3 does not recognise
that the host system provides mkdtemp(3); in fact, it does not even
test for it. Therefore ${WRKSRC}/src/util.c uses an insecure (as
admitted in the source code) work around to generate a temporary
directory instead of using mkdtemp(3).
>How-To-Repeat:
cd /usr/ports/devel/cvsadmin && make configure
and inspect ${WRKSRC}/config.h, reading ${WRKSRC}/src/util.c
alternatively,
cd /usr/ports/devel/cvsadmin && make build
and inspect ${WRKSRC}/src/util.o
>Fix:
Since all supported versions of FreeBSD (even all versions since 3.2) provide
mkdtemp(3), simply set HAVE_MKDTEMP manually in the post-configure phase. This
can be achieved by applying the following patch to the port.
--- patch-cvsadmin-mkdtemp begins here ---
diff -rNu cvsadmin/Makefile cvsadmin.new/Makefile
--- cvsadmin/Makefile 2009-07-01 01:11:10.000000000 +0200
+++ cvsadmin.new/Makefile 2009-07-03 16:50:25.000000000 +0200
@@ -8,7 +8,7 @@
PORTNAME= cvsadmin
PORTVERSION= 1.0.3
-PORTREVISION= 1
+PORTREVISION= 2
CATEGORIES= devel
MASTER_SITES= ${MASTER_SITE_LOCAL}
MASTER_SITE_SUBDIR= gabor
@@ -21,6 +21,9 @@
MAN1= cvsadmin.1
PLIST_FILES= bin/cvsadmin
+post-configure:
+ ${ECHO_CMD} "#define HAVE_MKDTEMP 1" >> ${WRKSRC}/config.h
+
post-install:
${INSTALL_MAN} ${WRKSRC}/man/cvsadmin.1 ${MANPREFIX}/man/man1
--- patch-cvsadmin-mkdtemp ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list