diff options
author | Simon L. B. Nielsen <simon@FreeBSD.org> | 2005-04-12 08:24:48 +0000 |
---|---|---|
committer | Simon L. B. Nielsen <simon@FreeBSD.org> | 2005-04-12 08:24:48 +0000 |
commit | 2a6230f941145a41b174c031e2e9c8184eaf5903 (patch) | |
tree | e03b739133edfaa26c5753c065ce6ffd73e74421 /ports-mgmt | |
parent | upgrade to 0.74 (diff) |
Fix and document insecure temporary file handling in portupgrade.
Security: CAN-2005-0610
Security: http://vuxml.FreeBSD.org/22f00553-a09d-11d9-a788-0001020eed82.html
Approved by: erwin (mentor), maintainer timeout
OK'ed by: portmgr
Reviewed by: nectar
Notes
Notes:
svn path=/head/; revision=133127
Diffstat (limited to 'ports-mgmt')
-rw-r--r-- | ports-mgmt/portupgrade-devel/Makefile | 2 | ||||
-rw-r--r-- | ports-mgmt/portupgrade-devel/files/patch-CAN-2005-0610 | 68 | ||||
-rw-r--r-- | ports-mgmt/portupgrade/Makefile | 2 | ||||
-rw-r--r-- | ports-mgmt/portupgrade/files/patch-CAN-2005-0610 | 68 |
4 files changed, 138 insertions, 2 deletions
diff --git a/ports-mgmt/portupgrade-devel/Makefile b/ports-mgmt/portupgrade-devel/Makefile index 75fe60b2e425..999d63e9e490 100644 --- a/ports-mgmt/portupgrade-devel/Makefile +++ b/ports-mgmt/portupgrade-devel/Makefile @@ -7,7 +7,7 @@ PORTNAME= portupgrade PORTVERSION= 20041226 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= sysutils MASTER_SITES= ftp://ftp.iDaemons.org/pub/distfiles/ \ ${MASTER_SITE_LOCAL} diff --git a/ports-mgmt/portupgrade-devel/files/patch-CAN-2005-0610 b/ports-mgmt/portupgrade-devel/files/patch-CAN-2005-0610 new file mode 100644 index 000000000000..9e5a01a0b2a3 --- /dev/null +++ b/ports-mgmt/portupgrade-devel/files/patch-CAN-2005-0610 @@ -0,0 +1,68 @@ +diff -ru ../orig.pkgtools-20041224/lib/pkgdb.rb ./lib/pkgdb.rb +--- ../orig.pkgtools-20041224/lib/pkgdb.rb Wed Mar 23 21:37:47 2005 ++++ ./lib/pkgdb.rb Tue Mar 29 00:27:02 2005 +@@ -97,7 +97,7 @@ + + @db_file = File.join(@db_dir, 'pkgdb.db') + @tmp_dir = ENV['PKG_TMPDIR'] || ENV['TMPDIR'] || '/var/tmp' +- @fixme_file = File.join(@tmp_dir, 'pkgdb.fixme') ++ @fixme_file = File.join(@db_dir, 'pkgdb.fixme') + @db_filebase = @db_file.sub(/\.db$/, '') + close_db + +diff -ru ../orig.pkgtools-20041224/lib/pkgsqldb.rb ./lib/pkgsqldb.rb +--- ../orig.pkgtools-20041224/lib/pkgsqldb.rb Wed Mar 23 21:37:47 2005 ++++ ./lib/pkgsqldb.rb Tue Mar 29 00:29:51 2005 +@@ -74,7 +74,7 @@ + + @db_file = File.join(@db_dir, 'pkgdb.sqldb') + @tmp_dir = ENV['PKG_TMPDIR'] || ENV['TMPDIR'] || '/var/tmp' +- @fixme_file = File.join(@tmp_dir, 'pkgdb.fixme') ++ @fixme_file = File.join(@db_dir, 'pkgdb.fixme') + close_db + + @db_dir +diff -ru ../orig.pkgtools-20041224/lib/pkgtools.rb ./lib/pkgtools.rb +--- ../orig.pkgtools-20041224/lib/pkgtools.rb Wed Mar 23 21:37:47 2005 ++++ ./lib/pkgtools.rb Wed Mar 30 23:51:50 2005 +@@ -204,7 +204,7 @@ + $ports_dir = $portsdb.ports_dir + $packages_base = ENV['PACKAGES'] || File.join($ports_dir, 'packages') + $packages_dir = File.join($packages_base, 'All') +- $tmpdir = ENV['PKG_TMPDIR'] || ENV['TMPDIR'] || '/var/tmp' ++ init_tmpdir + $pkg_path = ENV['PKG_PATH'] || $packages_dir + + $pkg_sites = (ENV['PKG_SITES'] || '').split +@@ -222,6 +222,31 @@ + + $portsdb.ignore_categories = config_value(:IGNORE_CATEGORIES) || [] + $portsdb.extra_categories = config_value(:EXTRA_CATEGORIES) || [] ++end ++ ++def init_tmpdir ++ maintmpdir = ENV['PKG_TMPDIR'] || ENV['TMPDIR'] || '/var/tmp' ++ if !FileTest.directory?(maintmpdir) ++ raise "Temporary directory #{maintmpdir} does not exist" ++ end ++ ++ cmdline = shelljoin("/usr/bin/mktemp", "-d", maintmpdir + "/portupgradeXXXXXXXX") ++ pipe = IO.popen(cmdline) ++ tmpdir = pipe.gets ++ pipe.close ++ if $? != 0 || tmpdir.nil? || tmpdir.length == 0 ++ raise "Could not create temporary directory in #{maintmpdir}" ++ end ++ tmpdir.chomp! ++ ++ at_exit { ++ begin ++ Dir.delete(tmpdir) ++ rescue ++ warning_message "Could not clean up temporary directory: " + $! ++ end ++ } ++ $tmpdir=tmpdir + end + + def parse_pattern(str, regex = false) diff --git a/ports-mgmt/portupgrade/Makefile b/ports-mgmt/portupgrade/Makefile index 75fe60b2e425..999d63e9e490 100644 --- a/ports-mgmt/portupgrade/Makefile +++ b/ports-mgmt/portupgrade/Makefile @@ -7,7 +7,7 @@ PORTNAME= portupgrade PORTVERSION= 20041226 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= sysutils MASTER_SITES= ftp://ftp.iDaemons.org/pub/distfiles/ \ ${MASTER_SITE_LOCAL} diff --git a/ports-mgmt/portupgrade/files/patch-CAN-2005-0610 b/ports-mgmt/portupgrade/files/patch-CAN-2005-0610 new file mode 100644 index 000000000000..9e5a01a0b2a3 --- /dev/null +++ b/ports-mgmt/portupgrade/files/patch-CAN-2005-0610 @@ -0,0 +1,68 @@ +diff -ru ../orig.pkgtools-20041224/lib/pkgdb.rb ./lib/pkgdb.rb +--- ../orig.pkgtools-20041224/lib/pkgdb.rb Wed Mar 23 21:37:47 2005 ++++ ./lib/pkgdb.rb Tue Mar 29 00:27:02 2005 +@@ -97,7 +97,7 @@ + + @db_file = File.join(@db_dir, 'pkgdb.db') + @tmp_dir = ENV['PKG_TMPDIR'] || ENV['TMPDIR'] || '/var/tmp' +- @fixme_file = File.join(@tmp_dir, 'pkgdb.fixme') ++ @fixme_file = File.join(@db_dir, 'pkgdb.fixme') + @db_filebase = @db_file.sub(/\.db$/, '') + close_db + +diff -ru ../orig.pkgtools-20041224/lib/pkgsqldb.rb ./lib/pkgsqldb.rb +--- ../orig.pkgtools-20041224/lib/pkgsqldb.rb Wed Mar 23 21:37:47 2005 ++++ ./lib/pkgsqldb.rb Tue Mar 29 00:29:51 2005 +@@ -74,7 +74,7 @@ + + @db_file = File.join(@db_dir, 'pkgdb.sqldb') + @tmp_dir = ENV['PKG_TMPDIR'] || ENV['TMPDIR'] || '/var/tmp' +- @fixme_file = File.join(@tmp_dir, 'pkgdb.fixme') ++ @fixme_file = File.join(@db_dir, 'pkgdb.fixme') + close_db + + @db_dir +diff -ru ../orig.pkgtools-20041224/lib/pkgtools.rb ./lib/pkgtools.rb +--- ../orig.pkgtools-20041224/lib/pkgtools.rb Wed Mar 23 21:37:47 2005 ++++ ./lib/pkgtools.rb Wed Mar 30 23:51:50 2005 +@@ -204,7 +204,7 @@ + $ports_dir = $portsdb.ports_dir + $packages_base = ENV['PACKAGES'] || File.join($ports_dir, 'packages') + $packages_dir = File.join($packages_base, 'All') +- $tmpdir = ENV['PKG_TMPDIR'] || ENV['TMPDIR'] || '/var/tmp' ++ init_tmpdir + $pkg_path = ENV['PKG_PATH'] || $packages_dir + + $pkg_sites = (ENV['PKG_SITES'] || '').split +@@ -222,6 +222,31 @@ + + $portsdb.ignore_categories = config_value(:IGNORE_CATEGORIES) || [] + $portsdb.extra_categories = config_value(:EXTRA_CATEGORIES) || [] ++end ++ ++def init_tmpdir ++ maintmpdir = ENV['PKG_TMPDIR'] || ENV['TMPDIR'] || '/var/tmp' ++ if !FileTest.directory?(maintmpdir) ++ raise "Temporary directory #{maintmpdir} does not exist" ++ end ++ ++ cmdline = shelljoin("/usr/bin/mktemp", "-d", maintmpdir + "/portupgradeXXXXXXXX") ++ pipe = IO.popen(cmdline) ++ tmpdir = pipe.gets ++ pipe.close ++ if $? != 0 || tmpdir.nil? || tmpdir.length == 0 ++ raise "Could not create temporary directory in #{maintmpdir}" ++ end ++ tmpdir.chomp! ++ ++ at_exit { ++ begin ++ Dir.delete(tmpdir) ++ rescue ++ warning_message "Could not clean up temporary directory: " + $! ++ end ++ } ++ $tmpdir=tmpdir + end + + def parse_pattern(str, regex = false) |