Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Alin Nastac (mrness)" <mrness@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] gentoo-x86 commit in www-apps/freeradius-dialupadmin/files: freeradius-dialupadmin-1.80-gentoo.patch freeradius-dialupadmin-1.80-tmpfile.patch
Date: Sun, 12 Oct 2008 10:33:22
Message-Id: E1KoyGF-0002Yn-CW@stork.gentoo.org
1 mrness 08/10/12 10:33:19
2
3 Added: freeradius-dialupadmin-1.80-gentoo.patch
4 freeradius-dialupadmin-1.80-tmpfile.patch
5 Log:
6 Version bump. Fix insecure usage of temporary files (#240546).
7 (Portage version: 2.1.4.4)
8
9 Revision Changes Path
10 1.1 www-apps/freeradius-dialupadmin/files/freeradius-dialupadmin-1.80-gentoo.patch
11
12 file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/www-apps/freeradius-dialupadmin/files/freeradius-dialupadmin-1.80-gentoo.patch?rev=1.1&view=markup
13 plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/www-apps/freeradius-dialupadmin/files/freeradius-dialupadmin-1.80-gentoo.patch?rev=1.1&content-type=text/plain
14
15 Index: freeradius-dialupadmin-1.80-gentoo.patch
16 ===================================================================
17 diff -Nru freeradius-server-2.1.1.orig/dialup_admin/Makefile freeradius-server-2.1.1/dialup_admin/Makefile
18 --- freeradius-server-2.1.1.orig/dialup_admin/Makefile 2008-10-12 10:13:16.000000000 +0000
19 +++ freeradius-server-2.1.1/dialup_admin/Makefile 2008-10-12 10:16:16.000000000 +0000
20 @@ -4,7 +4,6 @@
21 # Version: $Id: freeradius-dialupadmin-1.80-gentoo.patch,v 1.1 2008/10/12 10:33:19 mrness Exp $
22 #
23
24 -include ../Make.inc
25
26 DIALUP_PREFIX := /usr/local/dialup_admin
27 DIALUP_DOCDIR := $(DIALUP_PREFIX)/doc
28 diff -Nru freeradius-server-2.1.1.orig/dialup_admin/conf/admin.conf freeradius-server-2.1.1/dialup_admin/conf/admin.conf
29 --- freeradius-server-2.1.1.orig/dialup_admin/conf/admin.conf 2008-09-25 08:41:26.000000000 +0000
30 +++ freeradius-server-2.1.1/dialup_admin/conf/admin.conf 2008-10-12 09:14:12.000000000 +0000
31 @@ -204,7 +204,7 @@
32 #
33 # Uncomment to enable ldap debug
34 #
35 -ldap_debug: true
36 +#ldap_debug: true
37 #
38 # Allow for defining the ldap filter used when searching for a user
39 # Variables supported:
40 @@ -274,7 +274,7 @@
41 #
42 # Uncomment to enable sql debug
43 #
44 -sql_debug: true
45 +#sql_debug: true
46 #
47 # If set to yes then the HTTP credentials (http authentication)
48 # will be used to connect to the sql server instead of sql_username
49
50
51
52 1.1 www-apps/freeradius-dialupadmin/files/freeradius-dialupadmin-1.80-tmpfile.patch
53
54 file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/www-apps/freeradius-dialupadmin/files/freeradius-dialupadmin-1.80-tmpfile.patch?rev=1.1&view=markup
55 plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/www-apps/freeradius-dialupadmin/files/freeradius-dialupadmin-1.80-tmpfile.patch?rev=1.1&content-type=text/plain
56
57 Index: freeradius-dialupadmin-1.80-tmpfile.patch
58 ===================================================================
59 diff -Nru freeradius-server-2.1.1.orig/dialup_admin/bin/clean_radacct freeradius-server-2.1.1/dialup_admin/bin/clean_radacct
60 --- freeradius-server-2.1.1.orig/dialup_admin/bin/clean_radacct 2008-09-25 08:41:26.000000000 +0000
61 +++ freeradius-server-2.1.1/dialup_admin/bin/clean_radacct 2008-10-12 09:29:50.000000000 +0000
62 @@ -5,6 +5,7 @@
63 # Works with mysql and postgresql
64 #
65 use POSIX;
66 +use File::Temp;
67
68 $conf=shift||'/usr/local/dialup_admin/conf/admin.conf';
69 $back_days = 35;
70 @@ -42,11 +43,10 @@
71
72 $query = "DELETE FROM $sql_accounting_table WHERE AcctStopTime IS NULL AND AcctStartTime < '$date';";
73 print "$query\n";
74 -open TMP, ">/tmp/clean_radacct.query"
75 - or die "Could not open tmp file\n";
76 -print TMP $query;
77 -close TMP;
78 -$command = "$sqlcmd -h$sql_server -u$sql_username $sql_password $sql_database </tmp/clean_radacct.query" if ($sql_type eq 'mysql');
79 -$command = "$sqlcmd -U $sql_username -f /tmp/clean_radacct.query $sql_database" if ($sql_type eq 'pg');
80 -$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' </tmp/clean_radacct.query" if ($sql_type eq 'sqlrelay');
81 +my ($fh, $tmp_filename) = tempfile() or die "Could not open tmp file\n";
82 +print $fh $query;
83 +close $fh;
84 +$command = "$sqlcmd -h$sql_server -u$sql_username $sql_password $sql_database < $tmp_filename" if ($sql_type eq 'mysql');
85 +$command = "$sqlcmd -U $sql_username -f $tmp_filename $sql_database" if ($sql_type eq 'pg');
86 +$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' < $tmp_filename" if ($sql_type eq 'sqlrelay');
87 `$command`;
88 diff -Nru freeradius-server-2.1.1.orig/dialup_admin/bin/log_badlogins freeradius-server-2.1.1/dialup_admin/bin/log_badlogins
89 --- freeradius-server-2.1.1.orig/dialup_admin/bin/log_badlogins 2008-09-25 08:41:26.000000000 +0000
90 +++ freeradius-server-2.1.1/dialup_admin/bin/log_badlogins 2008-10-12 10:09:58.000000000 +0000
91 @@ -14,6 +14,7 @@
92
93 use Date::Manip qw(ParseDate UnixDate);
94 use Digest::MD5;
95 +use File::Temp;
96 $|=1;
97
98 $file=shift||'none';
99 @@ -29,7 +30,8 @@
100 # CHANGE THESE TO MATCH YOUR SETUP
101 #
102 #$regexp = 'from client localhost port 135|from client blabla ';
103 -$tmpfile='/var/tmp/sql.input';
104 +$tmpdir=tempdir( CLEANUP => 1 );
105 +$tmpfile="$tmpdir/sql.input";
106 #
107 $verbose = 0;
108 #
109 diff -Nru freeradius-server-2.1.1.orig/dialup_admin/bin/monthly_tot_stats freeradius-server-2.1.1/dialup_admin/bin/monthly_tot_stats
110 --- freeradius-server-2.1.1.orig/dialup_admin/bin/monthly_tot_stats 2008-09-25 08:41:26.000000000 +0000
111 +++ freeradius-server-2.1.1/dialup_admin/bin/monthly_tot_stats 2008-10-12 09:29:50.000000000 +0000
112 @@ -1,5 +1,6 @@
113 #!/usr/bin/perl
114 use POSIX;
115 +use File::Temp;
116
117 # Log in the mtotacct table aggregated accounting information for
118 # each user spaning in one month period.
119 @@ -51,14 +52,13 @@
120 AcctDate <= '$date_end' GROUP BY UserName,NASIPAddress;";
121 print "$query1\n";
122 print "$query2\n";
123 -open TMP, ">/tmp/tot_stats.query"
124 - or die "Could not open tmp file\n";
125 -print TMP "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle');
126 -print TMP $query1;
127 -print TMP $query2;
128 -close TMP;
129 -$command = "$sqlcmd -h $sql_server -u $sql_username $sql_password $sql_database </tmp/tot_stats.query" if ($sql_type eq 'mysql');
130 -$command = "$sqlcmd -U $sql_username -f /tmp/tot_stats.query $sql_database" if ($sql_type eq 'pg');
131 +my ($fh, $tmp_filename) = tempfile() or die "Could not open tmp file\n";
132 +print $fh "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle');
133 +print $fh $query1;
134 +print $fh $query2;
135 +close $fh;
136 +$command = "$sqlcmd -h $sql_server -u $sql_username $sql_password $sql_database < $tmp_filename" if ($sql_type eq 'mysql');
137 +$command = "$sqlcmd -U $sql_username -f $tmp_filename $sql_database" if ($sql_type eq 'pg');
138 $command = "$sqlcmd $sql_username/$pass" . "@" . "$sql_database <$tmpfile.$server" if ($sql_type eq 'oracle');
139 -$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' </tmp/tot_stats.query" if ($sql_type eq 'sqlrelay');
140 +$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' < $tmp_filename" if ($sql_type eq 'sqlrelay');
141 `$command`;
142 diff -Nru freeradius-server-2.1.1.orig/dialup_admin/bin/tot_stats freeradius-server-2.1.1/dialup_admin/bin/tot_stats
143 --- freeradius-server-2.1.1.orig/dialup_admin/bin/tot_stats 2008-09-25 08:41:26.000000000 +0000
144 +++ freeradius-server-2.1.1/dialup_admin/bin/tot_stats 2008-10-12 09:29:50.000000000 +0000
145 @@ -1,5 +1,6 @@
146 #!/usr/bin/perl
147 use POSIX;
148 +use File::Temp;
149
150 # Log in the totacct table aggregated daily accounting information for
151 # each user.
152 @@ -48,14 +49,13 @@
153 AcctStopTime < '$date_end' GROUP BY UserName,NASIPAddress;";
154 print "$query1\n";
155 print "$query2\n";
156 -open TMP, ">/tmp/tot_stats.query"
157 - or die "Could not open tmp file\n";
158 -print TMP "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle');
159 -print TMP $query1;
160 -print TMP $query2;
161 -close TMP;
162 -$command = "$sqlcmd -h $sql_server -u $sql_username $sql_password $sql_database </tmp/tot_stats.query" if ($sql_type eq 'mysql');
163 -$command = "$sqlcmd -U $sql_username -f /tmp/tot_stats.query $sql_database" if ($sql_type eq 'pg');
164 +my ($fh, $tmp_filename) = tempfile() or die "Could not open tmp file\n";
165 +print $fh "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle');
166 +print $fh $query1;
167 +print $fh $query2;
168 +close $fh;
169 +$command = "$sqlcmd -h $sql_server -u $sql_username $sql_password $sql_database < $tmp_filename" if ($sql_type eq 'mysql');
170 +$command = "$sqlcmd -U $sql_username -f $tmp_filename $sql_database" if ($sql_type eq 'pg');
171 $command = "$sqlcmd $sql_username/$pass" . "@" . "$sql_database <$tmpfile.$server" if ($sql_type eq 'oracle');
172 -$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' </tmp/tot_stats.query" if ($sql_type eq 'sqlrelay');
173 +$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' < $tmp_filename" if ($sql_type eq 'sqlrelay');
174 `$command`;
175 diff -Nru freeradius-server-2.1.1.orig/dialup_admin/bin/truncate_radacct freeradius-server-2.1.1/dialup_admin/bin/truncate_radacct
176 --- freeradius-server-2.1.1.orig/dialup_admin/bin/truncate_radacct 2008-09-25 08:41:26.000000000 +0000
177 +++ freeradius-server-2.1.1/dialup_admin/bin/truncate_radacct 2008-10-12 09:29:50.000000000 +0000
178 @@ -5,6 +5,7 @@
179 # Works with mysql and postgresql
180 #
181 use POSIX;
182 +use File::Temp;
183
184 $conf=shift||'/usr/local/dialup_admin/conf/admin.conf';
185 $back_days = 90;
186 @@ -44,13 +45,12 @@
187 $query .= "DELETE FROM $sql_accounting_table WHERE AcctStopTime < '$date' AND AcctStopTime IS NOT NULL ;";
188 $query .= "UNLOCK TABLES;" if ($sql_type eq 'mysql');
189 print "$query\n";
190 -open TMP, ">/tmp/truncate_radacct.query"
191 - or die "Could not open tmp file\n";
192 -print TMP "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle');
193 -print TMP $query;
194 -close TMP;
195 -$command = "$sqlcmd -h$sql_server -u$sql_username $sql_password $sql_database </tmp/truncate_radacct.query" if ($sql_type eq 'mysql');
196 -$command = "$sqlcmd -U $sql_username -f /tmp/truncate_radacct.query $sql_database" if ($sql_type eq 'pg');
197 +my ($fh, $tmp_filename) = tempfile() or die "Could not open tmp file\n";
198 +print $fh "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle');
199 +print $fh $query;
200 +close $fh;
201 +$command = "$sqlcmd -h$sql_server -u$sql_username $sql_password $sql_database < $tmp_filename" if ($sql_type eq 'mysql');
202 +$command = "$sqlcmd -U $sql_username -f $tmp_filename $sql_database" if ($sql_type eq 'pg');
203 $command = "$sqlcmd $sql_username/$pass" . "@" . "$sql_database <$tmpfile.$server" if ($sql_type eq 'oracle');
204 -$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' </tmp/truncate_radacct.query" if ($sql_type eq 'sqlrelay');
205 +$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' < $tmp_filename" if ($sql_type eq 'sqlrelay');
206 `$command`;
Report Message
Find on MARC Find on Google Groups