Fix insecure-temp-files, PR 45558diff -r1.12 -r1.13 pkgsrc/lang/caml-light/Makefile
(dholland)
| @@ -1,19 +1,19 @@ | @@ -1,19 +1,19 @@ | |||
| 1 | # $NetBSD: Makefile,v 1.12 2011/11/01 11:39:59 bsiegert Exp $ | 1 | # $NetBSD: Makefile,v 1.13 2011/11/06 19:32:07 dholland Exp $ | |
| 2 | # | 2 | # | |
| 3 | 3 | |||
| 4 | DISTNAME= cl74unix | 4 | DISTNAME= cl74unix | |
| 5 | PKGNAME= caml-light-0.74 | 5 | PKGNAME= caml-light-0.74 | |
| 6 | PKGREVISION= 1 | 6 | PKGREVISION= 2 | |
| 7 | CATEGORIES= lang | 7 | CATEGORIES= lang | |
| 8 | MASTER_SITES= ftp://ftp.inria.fr/lang/caml-light/ | 8 | MASTER_SITES= ftp://ftp.inria.fr/lang/caml-light/ | |
| 9 | 9 | |||
| 10 | MAINTAINER= bouyer@NetBSD.org | 10 | MAINTAINER= bouyer@NetBSD.org | |
| 11 | HOMEPAGE= http://caml.inria.fr/caml-light/index.en.html | 11 | HOMEPAGE= http://caml.inria.fr/caml-light/index.en.html | |
| 12 | COMMENT= Another implementation of Caml | 12 | COMMENT= Another implementation of Caml | |
| 13 | 13 | |||
| 14 | PKG_DESTDIR_SUPPORT= user-destdir | 14 | PKG_DESTDIR_SUPPORT= user-destdir | |
| 15 | 15 | |||
| 16 | MAKE_JOBS_SAFE= no | 16 | MAKE_JOBS_SAFE= no | |
| 17 | 17 | |||
| 18 | WRKSRC= ${WRKDIR}/cl74/src | 18 | WRKSRC= ${WRKDIR}/cl74/src | |
| 19 | BUILD_TARGET= world | 19 | BUILD_TARGET= world |
| @@ -1,26 +1,27 @@ | @@ -1,26 +1,27 @@ | |||
| 1 | $NetBSD: distinfo,v 1.8 2011/11/02 15:04:17 dholland Exp $ | 1 | $NetBSD: distinfo,v 1.9 2011/11/06 19:32:07 dholland Exp $ | |
| 2 | 2 | |||
| 3 | SHA1 (cl74unix.tar.gz) = feae4a53af78b6c500a03c618dc11444e8b5dc47 | 3 | SHA1 (cl74unix.tar.gz) = feae4a53af78b6c500a03c618dc11444e8b5dc47 | |
| 4 | RMD160 (cl74unix.tar.gz) = a00a8de15e042080041076fcf3ad2592d9deb469 | 4 | RMD160 (cl74unix.tar.gz) = a00a8de15e042080041076fcf3ad2592d9deb469 | |
| 5 | Size (cl74unix.tar.gz) = 999170 bytes | 5 | Size (cl74unix.tar.gz) = 999170 bytes | |
| 6 | SHA1 (patch-aa) = 6d3bc6249267789806ad4eef1b36aa809277a930 | 6 | SHA1 (patch-aa) = 6d3bc6249267789806ad4eef1b36aa809277a930 | |
| 7 | SHA1 (patch-ab) = 3098db9faa0cd60931c781b4b24f796ac23ef52d | 7 | SHA1 (patch-ab) = 3098db9faa0cd60931c781b4b24f796ac23ef52d | |
| 8 | SHA1 (patch-ac) = 6b268ddd007f73a8bb4085df4826627425eb9658 | 8 | SHA1 (patch-ac) = 6b268ddd007f73a8bb4085df4826627425eb9658 | |
| 9 | SHA1 (patch-ad) = 22c97a5a2ee4a45cd85ae4c886b61cdcf833703a | 9 | SHA1 (patch-ad) = 22c97a5a2ee4a45cd85ae4c886b61cdcf833703a | |
| 10 | SHA1 (patch-ae) = 8de237bfb4b9a1c17e1cf4ad9c4abb7b1b456698 | 10 | SHA1 (patch-ae) = 8de237bfb4b9a1c17e1cf4ad9c4abb7b1b456698 | |
| 11 | SHA1 (patch-af) = 196fb2ace8ab078bccb2c8dba8b8cff211e6e95c | 11 | SHA1 (patch-af) = 196fb2ace8ab078bccb2c8dba8b8cff211e6e95c | |
| 12 | SHA1 (patch-ag) = fce329f96d369f86c6fe7e3a30d78bed003d7043 | 12 | SHA1 (patch-ag) = fce329f96d369f86c6fe7e3a30d78bed003d7043 | |
| 13 | SHA1 (patch-ah) = 6a83f924ba49ae7121e070dc75432b2009643d9a | 13 | SHA1 (patch-ah) = 6a83f924ba49ae7121e070dc75432b2009643d9a | |
| 14 | SHA1 (patch-ai) = d9b663b4be634ccb64259c6fe0ddcda193dbbe50 | 14 | SHA1 (patch-ai) = d9b663b4be634ccb64259c6fe0ddcda193dbbe50 | |
| 15 | SHA1 (patch-aj) = 0e9ebfb02fb5efa06e393cf3e0ea3db6acd56acd | 15 | SHA1 (patch-aj) = 0e9ebfb02fb5efa06e393cf3e0ea3db6acd56acd | |
| 16 | SHA1 (patch-ak) = c24484f6dc1978c8bd04ff125f6fd86812fe68bc | 16 | SHA1 (patch-ak) = c24484f6dc1978c8bd04ff125f6fd86812fe68bc | |
| 17 | SHA1 (patch-al) = d4274b118eacf8f6f2a61ddaa8fde7468f45aefc | 17 | SHA1 (patch-al) = d4274b118eacf8f6f2a61ddaa8fde7468f45aefc | |
| 18 | SHA1 (patch-am) = a158d8553a85467955394b169ace0081eab65317 | 18 | SHA1 (patch-am) = a158d8553a85467955394b169ace0081eab65317 | |
| 19 | SHA1 (patch-an) = 1bb3d4a32ae15f5639ab7575f50452764cf1d9a5 | 19 | SHA1 (patch-an) = 1bb3d4a32ae15f5639ab7575f50452764cf1d9a5 | |
| 20 | SHA1 (patch-ao) = 59ec322fd19a9139fd329a9a36c0640a12306adf | 20 | SHA1 (patch-ao) = 59ec322fd19a9139fd329a9a36c0640a12306adf | |
| 21 | SHA1 (patch-ap) = e573c67efe96d159b3ab5bedc2ca1a319633a227 | 21 | SHA1 (patch-ap) = e573c67efe96d159b3ab5bedc2ca1a319633a227 | |
| 22 | SHA1 (patch-aq) = 00285a3f4cd6beea7a5b1b8f9c7c6810540dc5d8 | 22 | SHA1 (patch-aq) = 00285a3f4cd6beea7a5b1b8f9c7c6810540dc5d8 | |
| 23 | SHA1 (patch-ar) = aba9a829916af887d1115b51a57b449aced8535f | 23 | SHA1 (patch-ar) = aba9a829916af887d1115b51a57b449aced8535f | |
| 24 | SHA1 (patch-as) = 5d462ae1a1bf72ae1a0f19ff73d4b1b4226dbb32 | 24 | SHA1 (patch-as) = 5d462ae1a1bf72ae1a0f19ff73d4b1b4226dbb32 | |
| 25 | SHA1 (patch-at) = 83c69c1635a0c8f038bcd23d00acc4dc406c0684 | 25 | SHA1 (patch-at) = 83c69c1635a0c8f038bcd23d00acc4dc406c0684 | |
| 26 | SHA1 (patch-au) = 4fe5ac20d7526e782143874b0ce9c7367716dbce | 26 | SHA1 (patch-au) = 4fe5ac20d7526e782143874b0ce9c7367716dbce | |
| 27 | SHA1 (patch-yacc_main_c) = 37171cb256ffc85faf4505525ec950d3e31e002c |
$NetBSD: patch-yacc_main_c,v 1.1 2011/11/06 19:32:07 dholland Exp $
Avoid insecure use of mktemp().
--- yacc/main.c~ 1995-06-07 09:34:32.000000000 -0400
+++ yacc/main.c 2008-09-04 22:15:26.000000000 -0400
@@ -1,4 +1,5 @@
#include <signal.h>
+#include <stdlib.h> /* for mkstemp(), getenv() */
#include "defs.h"
char dflag;
@@ -31,6 +32,11 @@ char *text_file_name;
char *union_file_name;
char *verbose_file_name;
+static int action_fd = -1;
+static int entry_fd = -1;
+static int text_fd = -1;
+static int union_fd = -1;
+
FILE *action_file; /* a temp file, used to save actions associated */
/* with rules until the parser is written */
FILE *entry_file;
@@ -69,9 +75,6 @@ char *rassoc;
short **derives;
char *nullable;
-extern char *mktemp();
-extern char *getenv();
-
done(k)
int k;
@@ -276,12 +279,21 @@ create_file_names()
union_file_name[len + 5] = 'u';
#ifndef NO_UNIX
- mktemp(action_file_name);
- mktemp(entry_file_name);
- mktemp(text_file_name);
- mktemp(union_file_name);
+ action_fd = mkstemp(action_file_name);
+ entry_fd = mkstemp(entry_file_name);
+ text_fd = mkstemp(text_file_name);
+ union_fd = mkstemp(union_file_name);
#endif
+ if (action_fd < 0)
+ open_error(action_file_name);
+ if (entry_fd < 0)
+ open_error(entry_file_name);
+ if (text_fd < 0)
+ open_error(text_file_name);
+ if (union_fd < 0)
+ open_error(union_file_name);
+
len = strlen(file_prefix);
output_file_name = MALLOC(len + 7);
@@ -321,15 +333,15 @@ open_files()
open_error(input_file_name);
}
- action_file = fopen(action_file_name, "w");
+ action_file = fdopen(action_fd, "w");
if (action_file == 0)
open_error(action_file_name);
- entry_file = fopen(entry_file_name, "w");
+ entry_file = fdopen(entry_fd, "w");
if (entry_file == 0)
open_error(entry_file_name);
- text_file = fopen(text_file_name, "w");
+ text_file = fdopen(text_fd, "w");
if (text_file == 0)
open_error(text_file_name);
@@ -345,7 +357,7 @@ open_files()
defines_file = fopen(defines_file_name, "w");
if (defines_file == 0)
open_error(defines_file_name);
- union_file = fopen(union_file_name, "w");
+ union_file = fdopen(union_fd, "w");
if (union_file == 0)
open_error(union_file_name);
}