head 1.2; access; symbols pkgsrc-2013Q2:1.2.0.40 pkgsrc-2013Q2-base:1.2 pkgsrc-2012Q4:1.2.0.38 pkgsrc-2012Q4-base:1.2 pkgsrc-2011Q4:1.2.0.36 pkgsrc-2011Q4-base:1.2 pkgsrc-2011Q2:1.2.0.34 pkgsrc-2011Q2-base:1.2 pkgsrc-2009Q4:1.2.0.32 pkgsrc-2009Q4-base:1.2 pkgsrc-2008Q4:1.2.0.30 pkgsrc-2008Q4-base:1.2 pkgsrc-2008Q3:1.2.0.28 pkgsrc-2008Q3-base:1.2 cube-native-xorg:1.2.0.26 cube-native-xorg-base:1.2 pkgsrc-2008Q2:1.2.0.24 pkgsrc-2008Q2-base:1.2 pkgsrc-2008Q1:1.2.0.22 pkgsrc-2008Q1-base:1.2 pkgsrc-2007Q4:1.2.0.20 pkgsrc-2007Q4-base:1.2 pkgsrc-2007Q3:1.2.0.18 pkgsrc-2007Q3-base:1.2 pkgsrc-2007Q2:1.2.0.16 pkgsrc-2007Q2-base:1.2 pkgsrc-2007Q1:1.2.0.14 pkgsrc-2007Q1-base:1.2 pkgsrc-2006Q4:1.2.0.12 pkgsrc-2006Q4-base:1.2 pkgsrc-2006Q3:1.2.0.10 pkgsrc-2006Q3-base:1.2 pkgsrc-2006Q2:1.2.0.8 pkgsrc-2006Q2-base:1.2 pkgsrc-2006Q1:1.2.0.6 pkgsrc-2006Q1-base:1.2 pkgsrc-2005Q4:1.2.0.4 pkgsrc-2005Q4-base:1.2 pkgsrc-2005Q3:1.2.0.2 pkgsrc-2005Q3-base:1.2 pkgsrc-2005Q2:1.1.0.6 pkgsrc-2005Q2-base:1.1 pkgsrc-2005Q1:1.1.0.4 pkgsrc-2005Q1-base:1.1 pkgsrc-2004Q4:1.1.0.2; locks; strict; comment @# @; 1.2 date 2005.06.24.06.43.47; author jlam; state dead; branches; next 1.1; 1.1 date 2005.01.04.09.50.15; author jlam; state Exp; branches 1.1.2.1; next ; 1.1.2.1 date 2005.01.04.09.50.15; author salo; state dead; branches; next 1.1.2.2; 1.1.2.2 date 2005.01.05.11.46.51; author salo; state Exp; branches; next ; desc @@ 1.2 log @Drop the perl-5.6.x package from pkgsrc. Remove lang/perl58 and update lang/perl5 to perl-5.8.6nb4. Modify packages that referred to lang/perl58 to point to lang/perl5 instead. @ text @$NetBSD: patch-bd,v 1.1 2005/01/04 09:50:15 jlam Exp $ --- lib/ExtUtils/instmodsh.orig 2004-01-05 17:34:59.000000000 -0500 +++ lib/ExtUtils/instmodsh @@@@ -58,16 +58,13 @@@@ while (1) $reply =~ /^t\s*/ and do { my $file = (split(' ', $reply))[1]; - my $tmp = "/tmp/inst.$$"; - if (my $fh = IO::File->new($tmp, "w")) - { - $fh->print(join("\n", $Inst->files($module))); - $fh->close(); - system("tar cvf $file -I $tmp"); - unlink($tmp); - last CASE; - } - else { print("Can't open $file: $!\n"); } + # Use File::Temp to create the tempfile and avoid possible symlink + # race attacks against a known filename in /tmp [CAN-2004-0976]. + my ($fh, $tmp) = File::Temp::tempfile(UNLINK => 1); + $fh->print(join("\n", $Inst->files($module))); + $fh->close(); + system("tar cvf $file -T $tmp"); + unlink($tmp); last CASE; }; $reply eq 'v' and do @ 1.1 log @Fix instances of insecure use of /tmp that is subject to symlink attacks due to race conditions [CAN-2004-0976]. Also fix builds on *BSD boxes without a hostname set. Bump the PKGREVISION to 1. @ text @d1 1 a1 1 $NetBSD$ @ 1.1.2.1 log @file patch-bd was added on branch pkgsrc-2004Q4 on 2005-01-04 09:50:15 +0000 @ text @d1 28 @ 1.1.2.2 log @Pullup ticket 206 - requested by Johnny C. Lam security fix for perl58 Module Name: pkgsrc Committed By: jlam Date: Tue Jan 4 09:50:15 UTC 2005 Modified Files: pkgsrc/lang/perl58: Makefile distinfo pkgsrc/lang/perl58/patches: patch-ca Added Files: pkgsrc/lang/perl58/patches: patch-bd patch-be Log Message: Fix instances of insecure use of /tmp that is subject to symlink attacks due to race conditions [CAN-2004-0976]. Also fix builds on *BSD boxes without a hostname set. Bump PKGREVISION. @ text @a0 28 $NetBSD: patch-bd,v 1.1.2.1 2005/01/05 11:46:51 salo Exp $ --- lib/ExtUtils/instmodsh.orig 2004-01-05 17:34:59.000000000 -0500 +++ lib/ExtUtils/instmodsh @@@@ -58,16 +58,13 @@@@ while (1) $reply =~ /^t\s*/ and do { my $file = (split(' ', $reply))[1]; - my $tmp = "/tmp/inst.$$"; - if (my $fh = IO::File->new($tmp, "w")) - { - $fh->print(join("\n", $Inst->files($module))); - $fh->close(); - system("tar cvf $file -I $tmp"); - unlink($tmp); - last CASE; - } - else { print("Can't open $file: $!\n"); } + # Use File::Temp to create the tempfile and avoid possible symlink + # race attacks against a known filename in /tmp [CAN-2004-0976]. + my ($fh, $tmp) = File::Temp::tempfile(UNLINK => 1); + $fh->print(join("\n", $Inst->files($module))); + $fh->close(); + system("tar cvf $file -T $tmp"); + unlink($tmp); last CASE; }; $reply eq 'v' and do @