diff options
author | Alin Năstac <mrness@gentoo.org> | 2008-10-12 10:33:19 +0000 |
---|---|---|
committer | Alin Năstac <mrness@gentoo.org> | 2008-10-12 10:33:19 +0000 |
commit | 42b96fb43a4f3ee0ae719efbf99a52aa393f6c50 (patch) | |
tree | 97bde3f1fd410668cdff5ed788a950741288407d /www-apps | |
parent | Respect LINGUAS, bug #183086. (diff) | |
download | gentoo-2-42b96fb43a4f3ee0ae719efbf99a52aa393f6c50.tar.gz gentoo-2-42b96fb43a4f3ee0ae719efbf99a52aa393f6c50.tar.bz2 gentoo-2-42b96fb43a4f3ee0ae719efbf99a52aa393f6c50.zip |
Version bump. Fix insecure usage of temporary files (#240546).
(Portage version: 2.1.4.4)
Diffstat (limited to 'www-apps')
4 files changed, 271 insertions, 2 deletions
diff --git a/www-apps/freeradius-dialupadmin/ChangeLog b/www-apps/freeradius-dialupadmin/ChangeLog index d86336de5468..3464533c5bf0 100644 --- a/www-apps/freeradius-dialupadmin/ChangeLog +++ b/www-apps/freeradius-dialupadmin/ChangeLog @@ -1,6 +1,14 @@ # ChangeLog for www-apps/freeradius-dialupadmin -# Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/www-apps/freeradius-dialupadmin/ChangeLog,v 1.8 2007/04/14 08:58:32 mrness Exp $ +# Copyright 1999-2008 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/www-apps/freeradius-dialupadmin/ChangeLog,v 1.9 2008/10/12 10:33:19 mrness Exp $ + +*freeradius-dialupadmin-1.80 (12 Oct 2008) + + 12 Oct 2008; Alin Năstac <mrness@gentoo.org> + +files/freeradius-dialupadmin-1.80-gentoo.patch, + +files/freeradius-dialupadmin-1.80-tmpfile.patch, + +freeradius-dialupadmin-1.80.ebuild: + Version bump. Fix insecure usage of temporary files (#240546). 14 Apr 2007; Alin Năstac <mrness@gentoo.org> files/setrootpath, freeradius-dialupadmin-1.70.3.ebuild: diff --git a/www-apps/freeradius-dialupadmin/files/freeradius-dialupadmin-1.80-gentoo.patch b/www-apps/freeradius-dialupadmin/files/freeradius-dialupadmin-1.80-gentoo.patch new file mode 100644 index 000000000000..31f8490c5103 --- /dev/null +++ b/www-apps/freeradius-dialupadmin/files/freeradius-dialupadmin-1.80-gentoo.patch @@ -0,0 +1,32 @@ +diff -Nru freeradius-server-2.1.1.orig/dialup_admin/Makefile freeradius-server-2.1.1/dialup_admin/Makefile +--- freeradius-server-2.1.1.orig/dialup_admin/Makefile 2008-10-12 10:13:16.000000000 +0000 ++++ freeradius-server-2.1.1/dialup_admin/Makefile 2008-10-12 10:16:16.000000000 +0000 +@@ -4,7 +4,6 @@ + # Version: $Id: freeradius-dialupadmin-1.80-gentoo.patch,v 1.1 2008/10/12 10:33:19 mrness Exp $ + # + +-include ../Make.inc + + DIALUP_PREFIX := /usr/local/dialup_admin + DIALUP_DOCDIR := $(DIALUP_PREFIX)/doc +diff -Nru freeradius-server-2.1.1.orig/dialup_admin/conf/admin.conf freeradius-server-2.1.1/dialup_admin/conf/admin.conf +--- freeradius-server-2.1.1.orig/dialup_admin/conf/admin.conf 2008-09-25 08:41:26.000000000 +0000 ++++ freeradius-server-2.1.1/dialup_admin/conf/admin.conf 2008-10-12 09:14:12.000000000 +0000 +@@ -204,7 +204,7 @@ + # + # Uncomment to enable ldap debug + # +-ldap_debug: true ++#ldap_debug: true + # + # Allow for defining the ldap filter used when searching for a user + # Variables supported: +@@ -274,7 +274,7 @@ + # + # Uncomment to enable sql debug + # +-sql_debug: true ++#sql_debug: true + # + # If set to yes then the HTTP credentials (http authentication) + # will be used to connect to the sql server instead of sql_username diff --git a/www-apps/freeradius-dialupadmin/files/freeradius-dialupadmin-1.80-tmpfile.patch b/www-apps/freeradius-dialupadmin/files/freeradius-dialupadmin-1.80-tmpfile.patch new file mode 100644 index 000000000000..1da5671761ff --- /dev/null +++ b/www-apps/freeradius-dialupadmin/files/freeradius-dialupadmin-1.80-tmpfile.patch @@ -0,0 +1,148 @@ +diff -Nru freeradius-server-2.1.1.orig/dialup_admin/bin/clean_radacct freeradius-server-2.1.1/dialup_admin/bin/clean_radacct +--- freeradius-server-2.1.1.orig/dialup_admin/bin/clean_radacct 2008-09-25 08:41:26.000000000 +0000 ++++ freeradius-server-2.1.1/dialup_admin/bin/clean_radacct 2008-10-12 09:29:50.000000000 +0000 +@@ -5,6 +5,7 @@ + # Works with mysql and postgresql + # + use POSIX; ++use File::Temp; + + $conf=shift||'/usr/local/dialup_admin/conf/admin.conf'; + $back_days = 35; +@@ -42,11 +43,10 @@ + + $query = "DELETE FROM $sql_accounting_table WHERE AcctStopTime IS NULL AND AcctStartTime < '$date';"; + print "$query\n"; +-open TMP, ">/tmp/clean_radacct.query" +- or die "Could not open tmp file\n"; +-print TMP $query; +-close TMP; +-$command = "$sqlcmd -h$sql_server -u$sql_username $sql_password $sql_database </tmp/clean_radacct.query" if ($sql_type eq 'mysql'); +-$command = "$sqlcmd -U $sql_username -f /tmp/clean_radacct.query $sql_database" if ($sql_type eq 'pg'); +-$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' </tmp/clean_radacct.query" if ($sql_type eq 'sqlrelay'); ++my ($fh, $tmp_filename) = tempfile() or die "Could not open tmp file\n"; ++print $fh $query; ++close $fh; ++$command = "$sqlcmd -h$sql_server -u$sql_username $sql_password $sql_database < $tmp_filename" if ($sql_type eq 'mysql'); ++$command = "$sqlcmd -U $sql_username -f $tmp_filename $sql_database" if ($sql_type eq 'pg'); ++$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' < $tmp_filename" if ($sql_type eq 'sqlrelay'); + `$command`; +diff -Nru freeradius-server-2.1.1.orig/dialup_admin/bin/log_badlogins freeradius-server-2.1.1/dialup_admin/bin/log_badlogins +--- freeradius-server-2.1.1.orig/dialup_admin/bin/log_badlogins 2008-09-25 08:41:26.000000000 +0000 ++++ freeradius-server-2.1.1/dialup_admin/bin/log_badlogins 2008-10-12 10:09:58.000000000 +0000 +@@ -14,6 +14,7 @@ + + use Date::Manip qw(ParseDate UnixDate); + use Digest::MD5; ++use File::Temp; + $|=1; + + $file=shift||'none'; +@@ -29,7 +30,8 @@ + # CHANGE THESE TO MATCH YOUR SETUP + # + #$regexp = 'from client localhost port 135|from client blabla '; +-$tmpfile='/var/tmp/sql.input'; ++$tmpdir=tempdir( CLEANUP => 1 ); ++$tmpfile="$tmpdir/sql.input"; + # + $verbose = 0; + # +diff -Nru freeradius-server-2.1.1.orig/dialup_admin/bin/monthly_tot_stats freeradius-server-2.1.1/dialup_admin/bin/monthly_tot_stats +--- freeradius-server-2.1.1.orig/dialup_admin/bin/monthly_tot_stats 2008-09-25 08:41:26.000000000 +0000 ++++ freeradius-server-2.1.1/dialup_admin/bin/monthly_tot_stats 2008-10-12 09:29:50.000000000 +0000 +@@ -1,5 +1,6 @@ + #!/usr/bin/perl + use POSIX; ++use File::Temp; + + # Log in the mtotacct table aggregated accounting information for + # each user spaning in one month period. +@@ -51,14 +52,13 @@ + AcctDate <= '$date_end' GROUP BY UserName,NASIPAddress;"; + print "$query1\n"; + print "$query2\n"; +-open TMP, ">/tmp/tot_stats.query" +- or die "Could not open tmp file\n"; +-print TMP "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle'); +-print TMP $query1; +-print TMP $query2; +-close TMP; +-$command = "$sqlcmd -h $sql_server -u $sql_username $sql_password $sql_database </tmp/tot_stats.query" if ($sql_type eq 'mysql'); +-$command = "$sqlcmd -U $sql_username -f /tmp/tot_stats.query $sql_database" if ($sql_type eq 'pg'); ++my ($fh, $tmp_filename) = tempfile() or die "Could not open tmp file\n"; ++print $fh "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle'); ++print $fh $query1; ++print $fh $query2; ++close $fh; ++$command = "$sqlcmd -h $sql_server -u $sql_username $sql_password $sql_database < $tmp_filename" if ($sql_type eq 'mysql'); ++$command = "$sqlcmd -U $sql_username -f $tmp_filename $sql_database" if ($sql_type eq 'pg'); + $command = "$sqlcmd $sql_username/$pass" . "@" . "$sql_database <$tmpfile.$server" if ($sql_type eq 'oracle'); +-$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' </tmp/tot_stats.query" if ($sql_type eq 'sqlrelay'); ++$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' < $tmp_filename" if ($sql_type eq 'sqlrelay'); + `$command`; +diff -Nru freeradius-server-2.1.1.orig/dialup_admin/bin/tot_stats freeradius-server-2.1.1/dialup_admin/bin/tot_stats +--- freeradius-server-2.1.1.orig/dialup_admin/bin/tot_stats 2008-09-25 08:41:26.000000000 +0000 ++++ freeradius-server-2.1.1/dialup_admin/bin/tot_stats 2008-10-12 09:29:50.000000000 +0000 +@@ -1,5 +1,6 @@ + #!/usr/bin/perl + use POSIX; ++use File::Temp; + + # Log in the totacct table aggregated daily accounting information for + # each user. +@@ -48,14 +49,13 @@ + AcctStopTime < '$date_end' GROUP BY UserName,NASIPAddress;"; + print "$query1\n"; + print "$query2\n"; +-open TMP, ">/tmp/tot_stats.query" +- or die "Could not open tmp file\n"; +-print TMP "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle'); +-print TMP $query1; +-print TMP $query2; +-close TMP; +-$command = "$sqlcmd -h $sql_server -u $sql_username $sql_password $sql_database </tmp/tot_stats.query" if ($sql_type eq 'mysql'); +-$command = "$sqlcmd -U $sql_username -f /tmp/tot_stats.query $sql_database" if ($sql_type eq 'pg'); ++my ($fh, $tmp_filename) = tempfile() or die "Could not open tmp file\n"; ++print $fh "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle'); ++print $fh $query1; ++print $fh $query2; ++close $fh; ++$command = "$sqlcmd -h $sql_server -u $sql_username $sql_password $sql_database < $tmp_filename" if ($sql_type eq 'mysql'); ++$command = "$sqlcmd -U $sql_username -f $tmp_filename $sql_database" if ($sql_type eq 'pg'); + $command = "$sqlcmd $sql_username/$pass" . "@" . "$sql_database <$tmpfile.$server" if ($sql_type eq 'oracle'); +-$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' </tmp/tot_stats.query" if ($sql_type eq 'sqlrelay'); ++$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' < $tmp_filename" if ($sql_type eq 'sqlrelay'); + `$command`; +diff -Nru freeradius-server-2.1.1.orig/dialup_admin/bin/truncate_radacct freeradius-server-2.1.1/dialup_admin/bin/truncate_radacct +--- freeradius-server-2.1.1.orig/dialup_admin/bin/truncate_radacct 2008-09-25 08:41:26.000000000 +0000 ++++ freeradius-server-2.1.1/dialup_admin/bin/truncate_radacct 2008-10-12 09:29:50.000000000 +0000 +@@ -5,6 +5,7 @@ + # Works with mysql and postgresql + # + use POSIX; ++use File::Temp; + + $conf=shift||'/usr/local/dialup_admin/conf/admin.conf'; + $back_days = 90; +@@ -44,13 +45,12 @@ + $query .= "DELETE FROM $sql_accounting_table WHERE AcctStopTime < '$date' AND AcctStopTime IS NOT NULL ;"; + $query .= "UNLOCK TABLES;" if ($sql_type eq 'mysql'); + print "$query\n"; +-open TMP, ">/tmp/truncate_radacct.query" +- or die "Could not open tmp file\n"; +-print TMP "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle'); +-print TMP $query; +-close TMP; +-$command = "$sqlcmd -h$sql_server -u$sql_username $sql_password $sql_database </tmp/truncate_radacct.query" if ($sql_type eq 'mysql'); +-$command = "$sqlcmd -U $sql_username -f /tmp/truncate_radacct.query $sql_database" if ($sql_type eq 'pg'); ++my ($fh, $tmp_filename) = tempfile() or die "Could not open tmp file\n"; ++print $fh "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle'); ++print $fh $query; ++close $fh; ++$command = "$sqlcmd -h$sql_server -u$sql_username $sql_password $sql_database < $tmp_filename" if ($sql_type eq 'mysql'); ++$command = "$sqlcmd -U $sql_username -f $tmp_filename $sql_database" if ($sql_type eq 'pg'); + $command = "$sqlcmd $sql_username/$pass" . "@" . "$sql_database <$tmpfile.$server" if ($sql_type eq 'oracle'); +-$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' </tmp/truncate_radacct.query" if ($sql_type eq 'sqlrelay'); ++$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' < $tmp_filename" if ($sql_type eq 'sqlrelay'); + `$command`; diff --git a/www-apps/freeradius-dialupadmin/freeradius-dialupadmin-1.80.ebuild b/www-apps/freeradius-dialupadmin/freeradius-dialupadmin-1.80.ebuild new file mode 100644 index 000000000000..d8ee2c104b27 --- /dev/null +++ b/www-apps/freeradius-dialupadmin/freeradius-dialupadmin-1.80.ebuild @@ -0,0 +1,81 @@ +# Copyright 1999-2008 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/www-apps/freeradius-dialupadmin/freeradius-dialupadmin-1.80.ebuild,v 1.1 2008/10/12 10:33:19 mrness Exp $ + +inherit eutils webapp +MY_FREERADIUS_PV="2.1.1" + +DESCRIPTION="Web administration interface of freeradius server" +SRC_URI="ftp://ftp.freeradius.org/pub/radius/freeradius-server-${MY_FREERADIUS_PV}.tar.gz" +HOMEPAGE="http://www.freeradius.org/dialupadmin.html" + +KEYWORDS="~amd64 ~ppc ~x86" +IUSE="" +LICENSE="GPL-2" + +DEPEND="sys-apps/findutils + sys-apps/sed" +RDEPEND="virtual/php + dev-perl/DateManip + >=net-dialup/freeradius-${MY_FREERADIUS_PV}" + +S="${WORKDIR}/freeradius-server-${MY_FREERADIUS_PV}/dialup_admin" + +src_unpack() { + unpack ${A} + + cd "${S}" + epatch "${FILESDIR}/${P}-gentoo.patch" + epatch "${FILESDIR}/${P}-tmpfile.patch" + + sed -i -e 's:/usr/local:/usr:' \ + -e 's:/usr/etc/raddb:${general_raddb_dir}:' \ + -e 's:/usr/radiusd::' \ + conf/admin.conf + sed -i -e 's:/usr/local:/usr:' bin/* + + #rename files .php3 -> .php + (find . -iname '*.php3' | ( + local PHPFILE + while read PHPFILE; do + mv "${PHPFILE}" "${PHPFILE/.php3/.php}" + done + )) && \ + (find . -type f | xargs sed -i -e 's:[.]php3:.php:g') || \ + die "failed to replace php3 with php" + + # fix dangling ../ to deal with the way webapp-config installs files + find . -name '*.php' | xargs sed -i \ + -e 's:../conf/:../../conf/:' \ + -e 's:../html/:../../html/:' \ + -e 's:../lib/:../../lib/:' +} + +src_install() { + webapp_src_preinst + + insinto "${MY_HTDOCSDIR}" + doins -r htdocs/* + insinto "${MY_HOSTROOTDIR}" + doins -r conf html lib + exeinto "${MY_HOSTROOTDIR}/bin" + dodoc bin/*.cron bin/Changelog* + rm bin/*.cron bin/Changelog* + doexe bin/* + + insinto "${MY_SQLSCRIPTSDIR}" + doins -r sql/* + + dodoc Changelog README doc/* + + webapp_hook_script "${FILESDIR}/setrootpath" + + cd "${D}/${MY_HOSTROOTDIR}" + local CONFFILE + for CONFFILE in conf/* ; do + webapp_configfile "${MY_HOSTROOTDIR}/${CONFFILE}" + webapp_serverowned "${MY_HOSTROOTDIR}/${CONFFILE}" + done + + webapp_src_install +} |