head 1.4; access; symbols pkgsrc-2026Q1:1.4.0.82 pkgsrc-2026Q1-base:1.4 pkgsrc-2025Q4:1.4.0.80 pkgsrc-2025Q4-base:1.4 pkgsrc-2025Q3:1.4.0.78 pkgsrc-2025Q3-base:1.4 pkgsrc-2025Q2:1.4.0.76 pkgsrc-2025Q2-base:1.4 pkgsrc-2025Q1:1.4.0.74 pkgsrc-2025Q1-base:1.4 pkgsrc-2024Q4:1.4.0.72 pkgsrc-2024Q4-base:1.4 pkgsrc-2024Q3:1.4.0.70 pkgsrc-2024Q3-base:1.4 pkgsrc-2024Q2:1.4.0.68 pkgsrc-2024Q2-base:1.4 pkgsrc-2024Q1:1.4.0.66 pkgsrc-2024Q1-base:1.4 pkgsrc-2023Q4:1.4.0.64 pkgsrc-2023Q4-base:1.4 pkgsrc-2023Q3:1.4.0.62 pkgsrc-2023Q3-base:1.4 pkgsrc-2023Q2:1.4.0.60 pkgsrc-2023Q2-base:1.4 pkgsrc-2023Q1:1.4.0.58 pkgsrc-2023Q1-base:1.4 pkgsrc-2022Q4:1.4.0.56 pkgsrc-2022Q4-base:1.4 pkgsrc-2022Q3:1.4.0.54 pkgsrc-2022Q3-base:1.4 pkgsrc-2022Q2:1.4.0.52 pkgsrc-2022Q2-base:1.4 pkgsrc-2022Q1:1.4.0.50 pkgsrc-2022Q1-base:1.4 pkgsrc-2021Q4:1.4.0.48 pkgsrc-2021Q4-base:1.4 pkgsrc-2021Q3:1.4.0.46 pkgsrc-2021Q3-base:1.4 pkgsrc-2021Q2:1.4.0.44 pkgsrc-2021Q2-base:1.4 pkgsrc-2021Q1:1.4.0.42 pkgsrc-2021Q1-base:1.4 pkgsrc-2020Q4:1.4.0.40 pkgsrc-2020Q4-base:1.4 pkgsrc-2020Q3:1.4.0.38 pkgsrc-2020Q3-base:1.4 pkgsrc-2020Q2:1.4.0.34 pkgsrc-2020Q2-base:1.4 pkgsrc-2020Q1:1.4.0.14 pkgsrc-2020Q1-base:1.4 pkgsrc-2019Q4:1.4.0.36 pkgsrc-2019Q4-base:1.4 pkgsrc-2019Q3:1.4.0.32 pkgsrc-2019Q3-base:1.4 pkgsrc-2019Q2:1.4.0.30 pkgsrc-2019Q2-base:1.4 pkgsrc-2019Q1:1.4.0.28 pkgsrc-2019Q1-base:1.4 pkgsrc-2018Q4:1.4.0.26 pkgsrc-2018Q4-base:1.4 pkgsrc-2018Q3:1.4.0.24 pkgsrc-2018Q3-base:1.4 pkgsrc-2018Q2:1.4.0.22 pkgsrc-2018Q2-base:1.4 pkgsrc-2018Q1:1.4.0.20 pkgsrc-2018Q1-base:1.4 pkgsrc-2017Q4:1.4.0.18 pkgsrc-2017Q4-base:1.4 pkgsrc-2017Q3:1.4.0.16 pkgsrc-2017Q3-base:1.4 pkgsrc-2017Q2:1.4.0.12 pkgsrc-2017Q2-base:1.4 pkgsrc-2017Q1:1.4.0.10 pkgsrc-2017Q1-base:1.4 pkgsrc-2016Q4:1.4.0.8 pkgsrc-2016Q4-base:1.4 pkgsrc-2016Q3:1.4.0.6 pkgsrc-2016Q3-base:1.4 pkgsrc-2016Q2:1.4.0.4 pkgsrc-2016Q2-base:1.4 pkgsrc-2016Q1:1.4.0.2 pkgsrc-2016Q1-base:1.4 pkgsrc-2015Q4:1.3.0.50 pkgsrc-2015Q4-base:1.3 pkgsrc-2015Q3:1.3.0.48 pkgsrc-2015Q3-base:1.3 pkgsrc-2015Q2:1.3.0.46 pkgsrc-2015Q2-base:1.3 pkgsrc-2015Q1:1.3.0.44 pkgsrc-2015Q1-base:1.3 pkgsrc-2014Q4:1.3.0.42 pkgsrc-2014Q4-base:1.3 pkgsrc-2014Q3:1.3.0.40 pkgsrc-2014Q3-base:1.3 pkgsrc-2014Q2:1.3.0.38 pkgsrc-2014Q2-base:1.3 pkgsrc-2014Q1:1.3.0.36 pkgsrc-2014Q1-base:1.3 pkgsrc-2013Q4:1.3.0.34 pkgsrc-2013Q4-base:1.3 pkgsrc-2013Q3:1.3.0.32 pkgsrc-2013Q3-base:1.3 pkgsrc-2013Q2:1.3.0.30 pkgsrc-2013Q2-base:1.3 pkgsrc-2013Q1:1.3.0.28 pkgsrc-2013Q1-base:1.3 pkgsrc-2012Q4:1.3.0.26 pkgsrc-2012Q4-base:1.3 pkgsrc-2012Q3:1.3.0.24 pkgsrc-2012Q3-base:1.3 pkgsrc-2012Q2:1.3.0.22 pkgsrc-2012Q2-base:1.3 pkgsrc-2012Q1:1.3.0.20 pkgsrc-2012Q1-base:1.3 pkgsrc-2011Q4:1.3.0.18 pkgsrc-2011Q4-base:1.3 pkgsrc-2011Q3:1.3.0.16 pkgsrc-2011Q3-base:1.3 pkgsrc-2011Q2:1.3.0.14 pkgsrc-2011Q2-base:1.3 pkgsrc-2011Q1:1.3.0.12 pkgsrc-2011Q1-base:1.3 pkgsrc-2010Q4:1.3.0.10 pkgsrc-2010Q4-base:1.3 pkgsrc-2010Q3:1.3.0.8 pkgsrc-2010Q3-base:1.3 pkgsrc-2010Q2:1.3.0.6 pkgsrc-2010Q2-base:1.3 pkgsrc-2010Q1:1.3.0.4 pkgsrc-2010Q1-base:1.3 pkgsrc-2009Q4:1.3.0.2 pkgsrc-2009Q4-base:1.3 pkgsrc-2009Q3:1.1.0.44 pkgsrc-2009Q3-base:1.1 pkgsrc-2009Q2:1.1.0.42 pkgsrc-2009Q2-base:1.1 pkgsrc-2009Q1:1.1.0.40 pkgsrc-2009Q1-base:1.1 pkgsrc-2008Q4:1.1.0.38 pkgsrc-2008Q4-base:1.1 pkgsrc-2008Q3:1.1.0.36 pkgsrc-2008Q3-base:1.1 cube-native-xorg:1.1.0.34 cube-native-xorg-base:1.1 pkgsrc-2008Q2:1.1.0.32 pkgsrc-2008Q2-base:1.1 cwrapper:1.1.0.30 pkgsrc-2008Q1:1.1.0.28 pkgsrc-2008Q1-base:1.1 pkgsrc-2007Q4:1.1.0.26 pkgsrc-2007Q4-base:1.1 pkgsrc-2007Q3:1.1.0.24 pkgsrc-2007Q3-base:1.1 pkgsrc-2007Q2:1.1.0.22 pkgsrc-2007Q2-base:1.1 pkgsrc-2007Q1:1.1.0.20 pkgsrc-2007Q1-base:1.1 pkgsrc-2006Q4:1.1.0.18 pkgsrc-2006Q4-base:1.1 pkgsrc-2006Q3:1.1.0.16 pkgsrc-2006Q3-base:1.1 pkgsrc-2006Q2:1.1.0.14 pkgsrc-2006Q2-base:1.1 pkgsrc-2006Q1:1.1.0.12 pkgsrc-2006Q1-base:1.1 pkgsrc-2005Q4:1.1.0.10 pkgsrc-2005Q4-base:1.1 pkgsrc-2005Q3:1.1.0.8 pkgsrc-2005Q3-base:1.1 pkgsrc-2005Q2:1.1.0.6 pkgsrc-2005Q2-base:1.1 pkgsrc-2005Q1:1.1.0.4 pkgsrc-2005Q1-base:1.1 pkgsrc-2004Q4:1.1.0.2; locks; strict; comment @# @; 1.4 date 2015.12.29.23.34.46; author dholland; state Exp; branches; next 1.3; commitid J5mAcuIF0darSTOy; 1.3 date 2009.12.23.00.48.20; author asau; state Exp; branches; next 1.2; 1.2 date 2009.11.22.12.52.54; author asau; state dead; branches; next 1.1; 1.1 date 2005.01.28.23.37.42; author dmcmahill; state Exp; branches 1.1.2.1; next ; 1.1.2.1 date 2005.01.28.23.37.42; author salo; state dead; branches; next 1.1.2.2; 1.1.2.2 date 2005.01.29.01.20.06; author salo; state Exp; branches; next ; desc @@ 1.4 log @Add patch comments. @ text @$NetBSD: patch-ak,v 1.3 2009/12/23 00:48:20 asau Exp $ Use standard headers. --- src/sysdep.c.orig 2009-12-22 11:45:47.000000000 +0100 +++ src/sysdep.c @@@@ -80,8 +80,8 @@@@ extern "C" { #define Cextern extern #endif -Cextern int unlink Argdcl((const char *)); -Cextern int fork Argdcl((void)), getpid Argdcl((void)), wait Argdcl((int*)); +#include +#include void #ifdef KR_headers @ 1.3 log @Pull in system prototypes instead of defining own ones. From . @ text @d1 3 a3 1 $NetBSD$ @ 1.2 log @Update f2c to 2009-04-11 snapshot. Changes are mostly bug fixes. Perform conservative update: recreate libF77 and libI77 providing binary compatibility. Prefer files to patches creating respective files. Override build system completely, we effectively did that anyway. @ text @d1 1 a1 1 $NetBSD: patch-ak,v 1.1 2005/01/28 23:37:42 dmcmahill Exp $ d3 1 a3 1 --- src/sysdep.c.orig 2000-07-04 22:54:54.000000000 +0000 d5 8 a12 5 @@@@ -22,6 +22,7 @@@@ use or performance of this software. ****************************************************************/ #include "defs.h" #include "usignal.h" +#include d14 2 a15 59 char binread[] = "rb", textread[] = "r"; char binwrite[] = "wb", textwrite[] = "w"; @@@@ -95,8 +96,10 @@@@ Un_link_all(int cdelete) { if (!debugflag) { unlink(c_functions); + unlink(initbname); unlink(initfname); unlink(p1_file); + unlink(p1_bakfile); unlink(sortfname); unlink(blkdfname); if (cdelete && coutput) @@@@ -118,6 +121,15 @@@@ set_tmp_names(Void) p1_file = blkdfname + k; p1_bakfile = p1_file + k; sortfname = p1_bakfile + k; +#if !defined(MSDOS) + sprintf(c_functions, "%s/f2c_func_XXXXXX", tmpdir); + sprintf(initfname, "%s/f2c_rc_XXXXXX", tmpdir); + sprintf(initbname, "%s/f2c_rc.b_XXXXXX", tmpdir); + sprintf(blkdfname, "%s/f2c_blkd_XXXXXX", tmpdir); + sprintf(p1_file, "%s/f2c_p1f_XXXXXX", tmpdir); + sprintf(p1_bakfile, "%s/f2c_p1fb_XXXXXX", tmpdir); + sprintf(sortfname, "%s/f2c_sort_XXXXXX", tmpdir); +#endif { #ifdef MSDOS char buf[64], *s, *t; @@@@ -156,16 +168,21 @@@@ set_tmp_names(Void) sprintf(p1_file, "%s%sp1f", t, f2c); sprintf(p1_bakfile, "%s%sp1fb", t, f2c); sprintf(sortfname, "%s%ssort", t, f2c); + sprintf(initbname, "%s.b", initfname); #else - long pid = getpid(); - sprintf(c_functions, "%s/f2c%ld_func", tmpdir, pid); - sprintf(initfname, "%s/f2c%ld_rd", tmpdir, pid); - sprintf(blkdfname, "%s/f2c%ld_blkd", tmpdir, pid); - sprintf(p1_file, "%s/f2c%ld_p1f", tmpdir, pid); - sprintf(p1_bakfile, "%s/f2c%ld_p1fb", tmpdir, pid); - sprintf(sortfname, "%s/f2c%ld_sort", tmpdir, pid); + + if (mkstemp(c_functions) == -1 + || mkstemp(initfname) == -1 + || mkstemp(initbname) == -1 + || mkstemp(blkdfname) == -1 + || mkstemp(p1_file) == -1 + || mkstemp(p1_bakfile) == -1 + || mkstemp(sortfname) == -1) { + fprintf(stderr, "Cannot create temporary files\n"); + Un_link_all(0); + exit(1); + } #endif - sprintf(initbname, "%s.b", initfname); } if (debugflag) fprintf(diagfile, "%s %s %s %s %s %s\n", c_functions, @ 1.1 log @update to f2c-20001205nb8 This addresses a temp file symlink race vulnerability. The f2c patch is adapted from the debian one. The f2c-f77 (wrapper script which emulates a fortran compiler) patch was done a bit differently. @ text @d1 1 a1 1 $NetBSD$ @ 1.1.2.1 log @file patch-ak was added on branch pkgsrc-2004Q4 on 2005-01-28 23:37:42 +0000 @ text @d1 69 @ 1.1.2.2 log @Pullup ticket 253 - requested by Dan McMahill security fix for f2c Revisions pulled up; - pkgsrc/lang/f2c/Makefile 1.33 - pkgsrc/lang/f2c/buildlink3.mk 1.4 - pkgsrc/lang/f2c/distinfo 1.13 - pkgsrc/lang/f2c/patches/patch-ac 1.15 - pkgsrc/lang/f2c/patches/patch-ae 1.10 - pkgsrc/lang/f2c/patches/patch-ag 1.10 - pkgsrc/lang/f2c/patches/patch-ak 1.1 Modified Files: pkgsrc/lang/f2c: Makefile buildlink3.mk distinfo pkgsrc/lang/f2c/patches: patch-ac patch-ae patch-ag Added Files: pkgsrc/lang/f2c/patches: patch-ak Log Message: update to f2c-20001205nb8 This addresses a temp file symlink race vulnerability. The f2c patch is adapted from the debian one. The f2c-f77 (wrapper script which emulates a fortran compiler) patch was done a bit differently. @ text @a0 69 $NetBSD: patch-ak,v 1.1.2.1 2005/01/29 01:20:06 salo Exp $ --- src/sysdep.c.orig 2000-07-04 22:54:54.000000000 +0000 +++ src/sysdep.c @@@@ -22,6 +22,7 @@@@ use or performance of this software. ****************************************************************/ #include "defs.h" #include "usignal.h" +#include char binread[] = "rb", textread[] = "r"; char binwrite[] = "wb", textwrite[] = "w"; @@@@ -95,8 +96,10 @@@@ Un_link_all(int cdelete) { if (!debugflag) { unlink(c_functions); + unlink(initbname); unlink(initfname); unlink(p1_file); + unlink(p1_bakfile); unlink(sortfname); unlink(blkdfname); if (cdelete && coutput) @@@@ -118,6 +121,15 @@@@ set_tmp_names(Void) p1_file = blkdfname + k; p1_bakfile = p1_file + k; sortfname = p1_bakfile + k; +#if !defined(MSDOS) + sprintf(c_functions, "%s/f2c_func_XXXXXX", tmpdir); + sprintf(initfname, "%s/f2c_rc_XXXXXX", tmpdir); + sprintf(initbname, "%s/f2c_rc.b_XXXXXX", tmpdir); + sprintf(blkdfname, "%s/f2c_blkd_XXXXXX", tmpdir); + sprintf(p1_file, "%s/f2c_p1f_XXXXXX", tmpdir); + sprintf(p1_bakfile, "%s/f2c_p1fb_XXXXXX", tmpdir); + sprintf(sortfname, "%s/f2c_sort_XXXXXX", tmpdir); +#endif { #ifdef MSDOS char buf[64], *s, *t; @@@@ -156,16 +168,21 @@@@ set_tmp_names(Void) sprintf(p1_file, "%s%sp1f", t, f2c); sprintf(p1_bakfile, "%s%sp1fb", t, f2c); sprintf(sortfname, "%s%ssort", t, f2c); + sprintf(initbname, "%s.b", initfname); #else - long pid = getpid(); - sprintf(c_functions, "%s/f2c%ld_func", tmpdir, pid); - sprintf(initfname, "%s/f2c%ld_rd", tmpdir, pid); - sprintf(blkdfname, "%s/f2c%ld_blkd", tmpdir, pid); - sprintf(p1_file, "%s/f2c%ld_p1f", tmpdir, pid); - sprintf(p1_bakfile, "%s/f2c%ld_p1fb", tmpdir, pid); - sprintf(sortfname, "%s/f2c%ld_sort", tmpdir, pid); + + if (mkstemp(c_functions) == -1 + || mkstemp(initfname) == -1 + || mkstemp(initbname) == -1 + || mkstemp(blkdfname) == -1 + || mkstemp(p1_file) == -1 + || mkstemp(p1_bakfile) == -1 + || mkstemp(sortfname) == -1) { + fprintf(stderr, "Cannot create temporary files\n"); + Un_link_all(0); + exit(1); + } #endif - sprintf(initbname, "%s.b", initfname); } if (debugflag) fprintf(diagfile, "%s %s %s %s %s %s\n", c_functions, @