summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlin Năstac <mrness@gentoo.org>2008-10-12 10:33:19 +0000
committerAlin Năstac <mrness@gentoo.org>2008-10-12 10:33:19 +0000
commit42b96fb43a4f3ee0ae719efbf99a52aa393f6c50 (patch)
tree97bde3f1fd410668cdff5ed788a950741288407d /www-apps
parentRespect LINGUAS, bug #183086. (diff)
downloadgentoo-2-42b96fb43a4f3ee0ae719efbf99a52aa393f6c50.tar.gz
gentoo-2-42b96fb43a4f3ee0ae719efbf99a52aa393f6c50.tar.bz2
gentoo-2-42b96fb43a4f3ee0ae719efbf99a52aa393f6c50.zip
Version bump. Fix insecure usage of temporary files (#240546).
(Portage version: 2.1.4.4)
Diffstat (limited to 'www-apps')
-rw-r--r--www-apps/freeradius-dialupadmin/ChangeLog12
-rw-r--r--www-apps/freeradius-dialupadmin/files/freeradius-dialupadmin-1.80-gentoo.patch32
-rw-r--r--www-apps/freeradius-dialupadmin/files/freeradius-dialupadmin-1.80-tmpfile.patch148
-rw-r--r--www-apps/freeradius-dialupadmin/freeradius-dialupadmin-1.80.ebuild81
4 files changed, 271 insertions, 2 deletions
diff --git a/www-apps/freeradius-dialupadmin/ChangeLog b/www-apps/freeradius-dialupadmin/ChangeLog
index d86336de5468..3464533c5bf0 100644
--- a/www-apps/freeradius-dialupadmin/ChangeLog
+++ b/www-apps/freeradius-dialupadmin/ChangeLog
@@ -1,6 +1,14 @@
# ChangeLog for www-apps/freeradius-dialupadmin
-# Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/www-apps/freeradius-dialupadmin/ChangeLog,v 1.8 2007/04/14 08:58:32 mrness Exp $
+# Copyright 1999-2008 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/www-apps/freeradius-dialupadmin/ChangeLog,v 1.9 2008/10/12 10:33:19 mrness Exp $
+
+*freeradius-dialupadmin-1.80 (12 Oct 2008)
+
+ 12 Oct 2008; Alin Năstac <mrness@gentoo.org>
+ +files/freeradius-dialupadmin-1.80-gentoo.patch,
+ +files/freeradius-dialupadmin-1.80-tmpfile.patch,
+ +freeradius-dialupadmin-1.80.ebuild:
+ Version bump. Fix insecure usage of temporary files (#240546).
14 Apr 2007; Alin Năstac <mrness@gentoo.org> files/setrootpath,
freeradius-dialupadmin-1.70.3.ebuild:
diff --git a/www-apps/freeradius-dialupadmin/files/freeradius-dialupadmin-1.80-gentoo.patch b/www-apps/freeradius-dialupadmin/files/freeradius-dialupadmin-1.80-gentoo.patch
new file mode 100644
index 000000000000..31f8490c5103
--- /dev/null
+++ b/www-apps/freeradius-dialupadmin/files/freeradius-dialupadmin-1.80-gentoo.patch
@@ -0,0 +1,32 @@
+diff -Nru freeradius-server-2.1.1.orig/dialup_admin/Makefile freeradius-server-2.1.1/dialup_admin/Makefile
+--- freeradius-server-2.1.1.orig/dialup_admin/Makefile 2008-10-12 10:13:16.000000000 +0000
++++ freeradius-server-2.1.1/dialup_admin/Makefile 2008-10-12 10:16:16.000000000 +0000
+@@ -4,7 +4,6 @@
+ # Version: $Id: freeradius-dialupadmin-1.80-gentoo.patch,v 1.1 2008/10/12 10:33:19 mrness Exp $
+ #
+
+-include ../Make.inc
+
+ DIALUP_PREFIX := /usr/local/dialup_admin
+ DIALUP_DOCDIR := $(DIALUP_PREFIX)/doc
+diff -Nru freeradius-server-2.1.1.orig/dialup_admin/conf/admin.conf freeradius-server-2.1.1/dialup_admin/conf/admin.conf
+--- freeradius-server-2.1.1.orig/dialup_admin/conf/admin.conf 2008-09-25 08:41:26.000000000 +0000
++++ freeradius-server-2.1.1/dialup_admin/conf/admin.conf 2008-10-12 09:14:12.000000000 +0000
+@@ -204,7 +204,7 @@
+ #
+ # Uncomment to enable ldap debug
+ #
+-ldap_debug: true
++#ldap_debug: true
+ #
+ # Allow for defining the ldap filter used when searching for a user
+ # Variables supported:
+@@ -274,7 +274,7 @@
+ #
+ # Uncomment to enable sql debug
+ #
+-sql_debug: true
++#sql_debug: true
+ #
+ # If set to yes then the HTTP credentials (http authentication)
+ # will be used to connect to the sql server instead of sql_username
diff --git a/www-apps/freeradius-dialupadmin/files/freeradius-dialupadmin-1.80-tmpfile.patch b/www-apps/freeradius-dialupadmin/files/freeradius-dialupadmin-1.80-tmpfile.patch
new file mode 100644
index 000000000000..1da5671761ff
--- /dev/null
+++ b/www-apps/freeradius-dialupadmin/files/freeradius-dialupadmin-1.80-tmpfile.patch
@@ -0,0 +1,148 @@
+diff -Nru freeradius-server-2.1.1.orig/dialup_admin/bin/clean_radacct freeradius-server-2.1.1/dialup_admin/bin/clean_radacct
+--- freeradius-server-2.1.1.orig/dialup_admin/bin/clean_radacct 2008-09-25 08:41:26.000000000 +0000
++++ freeradius-server-2.1.1/dialup_admin/bin/clean_radacct 2008-10-12 09:29:50.000000000 +0000
+@@ -5,6 +5,7 @@
+ # Works with mysql and postgresql
+ #
+ use POSIX;
++use File::Temp;
+
+ $conf=shift||'/usr/local/dialup_admin/conf/admin.conf';
+ $back_days = 35;
+@@ -42,11 +43,10 @@
+
+ $query = "DELETE FROM $sql_accounting_table WHERE AcctStopTime IS NULL AND AcctStartTime < '$date';";
+ print "$query\n";
+-open TMP, ">/tmp/clean_radacct.query"
+- or die "Could not open tmp file\n";
+-print TMP $query;
+-close TMP;
+-$command = "$sqlcmd -h$sql_server -u$sql_username $sql_password $sql_database </tmp/clean_radacct.query" if ($sql_type eq 'mysql');
+-$command = "$sqlcmd -U $sql_username -f /tmp/clean_radacct.query $sql_database" if ($sql_type eq 'pg');
+-$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' </tmp/clean_radacct.query" if ($sql_type eq 'sqlrelay');
++my ($fh, $tmp_filename) = tempfile() or die "Could not open tmp file\n";
++print $fh $query;
++close $fh;
++$command = "$sqlcmd -h$sql_server -u$sql_username $sql_password $sql_database < $tmp_filename" if ($sql_type eq 'mysql');
++$command = "$sqlcmd -U $sql_username -f $tmp_filename $sql_database" if ($sql_type eq 'pg');
++$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' < $tmp_filename" if ($sql_type eq 'sqlrelay');
+ `$command`;
+diff -Nru freeradius-server-2.1.1.orig/dialup_admin/bin/log_badlogins freeradius-server-2.1.1/dialup_admin/bin/log_badlogins
+--- freeradius-server-2.1.1.orig/dialup_admin/bin/log_badlogins 2008-09-25 08:41:26.000000000 +0000
++++ freeradius-server-2.1.1/dialup_admin/bin/log_badlogins 2008-10-12 10:09:58.000000000 +0000
+@@ -14,6 +14,7 @@
+
+ use Date::Manip qw(ParseDate UnixDate);
+ use Digest::MD5;
++use File::Temp;
+ $|=1;
+
+ $file=shift||'none';
+@@ -29,7 +30,8 @@
+ # CHANGE THESE TO MATCH YOUR SETUP
+ #
+ #$regexp = 'from client localhost port 135|from client blabla ';
+-$tmpfile='/var/tmp/sql.input';
++$tmpdir=tempdir( CLEANUP => 1 );
++$tmpfile="$tmpdir/sql.input";
+ #
+ $verbose = 0;
+ #
+diff -Nru freeradius-server-2.1.1.orig/dialup_admin/bin/monthly_tot_stats freeradius-server-2.1.1/dialup_admin/bin/monthly_tot_stats
+--- freeradius-server-2.1.1.orig/dialup_admin/bin/monthly_tot_stats 2008-09-25 08:41:26.000000000 +0000
++++ freeradius-server-2.1.1/dialup_admin/bin/monthly_tot_stats 2008-10-12 09:29:50.000000000 +0000
+@@ -1,5 +1,6 @@
+ #!/usr/bin/perl
+ use POSIX;
++use File::Temp;
+
+ # Log in the mtotacct table aggregated accounting information for
+ # each user spaning in one month period.
+@@ -51,14 +52,13 @@
+ AcctDate <= '$date_end' GROUP BY UserName,NASIPAddress;";
+ print "$query1\n";
+ print "$query2\n";
+-open TMP, ">/tmp/tot_stats.query"
+- or die "Could not open tmp file\n";
+-print TMP "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle');
+-print TMP $query1;
+-print TMP $query2;
+-close TMP;
+-$command = "$sqlcmd -h $sql_server -u $sql_username $sql_password $sql_database </tmp/tot_stats.query" if ($sql_type eq 'mysql');
+-$command = "$sqlcmd -U $sql_username -f /tmp/tot_stats.query $sql_database" if ($sql_type eq 'pg');
++my ($fh, $tmp_filename) = tempfile() or die "Could not open tmp file\n";
++print $fh "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle');
++print $fh $query1;
++print $fh $query2;
++close $fh;
++$command = "$sqlcmd -h $sql_server -u $sql_username $sql_password $sql_database < $tmp_filename" if ($sql_type eq 'mysql');
++$command = "$sqlcmd -U $sql_username -f $tmp_filename $sql_database" if ($sql_type eq 'pg');
+ $command = "$sqlcmd $sql_username/$pass" . "@" . "$sql_database <$tmpfile.$server" if ($sql_type eq 'oracle');
+-$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' </tmp/tot_stats.query" if ($sql_type eq 'sqlrelay');
++$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' < $tmp_filename" if ($sql_type eq 'sqlrelay');
+ `$command`;
+diff -Nru freeradius-server-2.1.1.orig/dialup_admin/bin/tot_stats freeradius-server-2.1.1/dialup_admin/bin/tot_stats
+--- freeradius-server-2.1.1.orig/dialup_admin/bin/tot_stats 2008-09-25 08:41:26.000000000 +0000
++++ freeradius-server-2.1.1/dialup_admin/bin/tot_stats 2008-10-12 09:29:50.000000000 +0000
+@@ -1,5 +1,6 @@
+ #!/usr/bin/perl
+ use POSIX;
++use File::Temp;
+
+ # Log in the totacct table aggregated daily accounting information for
+ # each user.
+@@ -48,14 +49,13 @@
+ AcctStopTime < '$date_end' GROUP BY UserName,NASIPAddress;";
+ print "$query1\n";
+ print "$query2\n";
+-open TMP, ">/tmp/tot_stats.query"
+- or die "Could not open tmp file\n";
+-print TMP "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle');
+-print TMP $query1;
+-print TMP $query2;
+-close TMP;
+-$command = "$sqlcmd -h $sql_server -u $sql_username $sql_password $sql_database </tmp/tot_stats.query" if ($sql_type eq 'mysql');
+-$command = "$sqlcmd -U $sql_username -f /tmp/tot_stats.query $sql_database" if ($sql_type eq 'pg');
++my ($fh, $tmp_filename) = tempfile() or die "Could not open tmp file\n";
++print $fh "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle');
++print $fh $query1;
++print $fh $query2;
++close $fh;
++$command = "$sqlcmd -h $sql_server -u $sql_username $sql_password $sql_database < $tmp_filename" if ($sql_type eq 'mysql');
++$command = "$sqlcmd -U $sql_username -f $tmp_filename $sql_database" if ($sql_type eq 'pg');
+ $command = "$sqlcmd $sql_username/$pass" . "@" . "$sql_database <$tmpfile.$server" if ($sql_type eq 'oracle');
+-$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' </tmp/tot_stats.query" if ($sql_type eq 'sqlrelay');
++$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' < $tmp_filename" if ($sql_type eq 'sqlrelay');
+ `$command`;
+diff -Nru freeradius-server-2.1.1.orig/dialup_admin/bin/truncate_radacct freeradius-server-2.1.1/dialup_admin/bin/truncate_radacct
+--- freeradius-server-2.1.1.orig/dialup_admin/bin/truncate_radacct 2008-09-25 08:41:26.000000000 +0000
++++ freeradius-server-2.1.1/dialup_admin/bin/truncate_radacct 2008-10-12 09:29:50.000000000 +0000
+@@ -5,6 +5,7 @@
+ # Works with mysql and postgresql
+ #
+ use POSIX;
++use File::Temp;
+
+ $conf=shift||'/usr/local/dialup_admin/conf/admin.conf';
+ $back_days = 90;
+@@ -44,13 +45,12 @@
+ $query .= "DELETE FROM $sql_accounting_table WHERE AcctStopTime < '$date' AND AcctStopTime IS NOT NULL ;";
+ $query .= "UNLOCK TABLES;" if ($sql_type eq 'mysql');
+ print "$query\n";
+-open TMP, ">/tmp/truncate_radacct.query"
+- or die "Could not open tmp file\n";
+-print TMP "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle');
+-print TMP $query;
+-close TMP;
+-$command = "$sqlcmd -h$sql_server -u$sql_username $sql_password $sql_database </tmp/truncate_radacct.query" if ($sql_type eq 'mysql');
+-$command = "$sqlcmd -U $sql_username -f /tmp/truncate_radacct.query $sql_database" if ($sql_type eq 'pg');
++my ($fh, $tmp_filename) = tempfile() or die "Could not open tmp file\n";
++print $fh "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle');
++print $fh $query;
++close $fh;
++$command = "$sqlcmd -h$sql_server -u$sql_username $sql_password $sql_database < $tmp_filename" if ($sql_type eq 'mysql');
++$command = "$sqlcmd -U $sql_username -f $tmp_filename $sql_database" if ($sql_type eq 'pg');
+ $command = "$sqlcmd $sql_username/$pass" . "@" . "$sql_database <$tmpfile.$server" if ($sql_type eq 'oracle');
+-$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' </tmp/truncate_radacct.query" if ($sql_type eq 'sqlrelay');
++$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' < $tmp_filename" if ($sql_type eq 'sqlrelay');
+ `$command`;
diff --git a/www-apps/freeradius-dialupadmin/freeradius-dialupadmin-1.80.ebuild b/www-apps/freeradius-dialupadmin/freeradius-dialupadmin-1.80.ebuild
new file mode 100644
index 000000000000..d8ee2c104b27
--- /dev/null
+++ b/www-apps/freeradius-dialupadmin/freeradius-dialupadmin-1.80.ebuild
@@ -0,0 +1,81 @@
+# Copyright 1999-2008 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/www-apps/freeradius-dialupadmin/freeradius-dialupadmin-1.80.ebuild,v 1.1 2008/10/12 10:33:19 mrness Exp $
+
+inherit eutils webapp
+MY_FREERADIUS_PV="2.1.1"
+
+DESCRIPTION="Web administration interface of freeradius server"
+SRC_URI="ftp://ftp.freeradius.org/pub/radius/freeradius-server-${MY_FREERADIUS_PV}.tar.gz"
+HOMEPAGE="http://www.freeradius.org/dialupadmin.html"
+
+KEYWORDS="~amd64 ~ppc ~x86"
+IUSE=""
+LICENSE="GPL-2"
+
+DEPEND="sys-apps/findutils
+ sys-apps/sed"
+RDEPEND="virtual/php
+ dev-perl/DateManip
+ >=net-dialup/freeradius-${MY_FREERADIUS_PV}"
+
+S="${WORKDIR}/freeradius-server-${MY_FREERADIUS_PV}/dialup_admin"
+
+src_unpack() {
+ unpack ${A}
+
+ cd "${S}"
+ epatch "${FILESDIR}/${P}-gentoo.patch"
+ epatch "${FILESDIR}/${P}-tmpfile.patch"
+
+ sed -i -e 's:/usr/local:/usr:' \
+ -e 's:/usr/etc/raddb:${general_raddb_dir}:' \
+ -e 's:/usr/radiusd::' \
+ conf/admin.conf
+ sed -i -e 's:/usr/local:/usr:' bin/*
+
+ #rename files .php3 -> .php
+ (find . -iname '*.php3' | (
+ local PHPFILE
+ while read PHPFILE; do
+ mv "${PHPFILE}" "${PHPFILE/.php3/.php}"
+ done
+ )) && \
+ (find . -type f | xargs sed -i -e 's:[.]php3:.php:g') || \
+ die "failed to replace php3 with php"
+
+ # fix dangling ../ to deal with the way webapp-config installs files
+ find . -name '*.php' | xargs sed -i \
+ -e 's:../conf/:../../conf/:' \
+ -e 's:../html/:../../html/:' \
+ -e 's:../lib/:../../lib/:'
+}
+
+src_install() {
+ webapp_src_preinst
+
+ insinto "${MY_HTDOCSDIR}"
+ doins -r htdocs/*
+ insinto "${MY_HOSTROOTDIR}"
+ doins -r conf html lib
+ exeinto "${MY_HOSTROOTDIR}/bin"
+ dodoc bin/*.cron bin/Changelog*
+ rm bin/*.cron bin/Changelog*
+ doexe bin/*
+
+ insinto "${MY_SQLSCRIPTSDIR}"
+ doins -r sql/*
+
+ dodoc Changelog README doc/*
+
+ webapp_hook_script "${FILESDIR}/setrootpath"
+
+ cd "${D}/${MY_HOSTROOTDIR}"
+ local CONFFILE
+ for CONFFILE in conf/* ; do
+ webapp_configfile "${MY_HOSTROOTDIR}/${CONFFILE}"
+ webapp_serverowned "${MY_HOSTROOTDIR}/${CONFFILE}"
+ done
+
+ webapp_src_install
+}