Gentoo Logo

About | Projects | Docs | Forums | Lists | Bugs | Get Gentoo! | Support | Planet | Wiki

Gentoo Spaceship
Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-commits
Navigation:
Lists: gentoo-commits: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-commits@g.o
From: "Alin Nastac (mrness)" <mrness@g.o>
Subject: gentoo-x86 commit in www-apps/freeradius-dialupadmin/files: freeradius-dialupadmin-1.80-gentoo.patch freeradius-dialupadmin-1.80-tmpfile.patch
Date: Sun, 12 Oct 2008 10:33:19 +0000 
mrness      08/10/12 10:33:19

  Added:                freeradius-dialupadmin-1.80-gentoo.patch
                        freeradius-dialupadmin-1.80-tmpfile.patch
  Log:
  Version bump. Fix insecure usage of temporary files (#240546).
  (Portage version: 2.1.4.4)

Revision  Changes    Path
1.1                  www-apps/freeradius-dialupadmin/files/freeradius-dialupadmin-1.80-gentoo.patch

file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/www-apps/freeradius-dialupadmin/files/freeradius-dialupadmin-1.80-gentoo.patch?rev=1.1&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/www-apps/freeradius-dialupadmin/files/freeradius-dialupadmin-1.80-gentoo.patch?rev=1.1&content-type=text/plain

Index: freeradius-dialupadmin-1.80-gentoo.patch
===================================================================
diff -Nru freeradius-server-2.1.1.orig/dialup_admin/Makefile freeradius-server-2.1.1/dialup_admin/Makefile
--- freeradius-server-2.1.1.orig/dialup_admin/Makefile	2008-10-12 10:13:16.000000000 +0000
+++ freeradius-server-2.1.1/dialup_admin/Makefile	2008-10-12 10:16:16.000000000 +0000
@@ -4,7 +4,6 @@
 # Version:	$Id: freeradius-dialupadmin-1.80-gentoo.patch,v 1.1 2008/10/12 10:33:19 mrness Exp $
 #
 
-include ../Make.inc
 
 DIALUP_PREFIX := /usr/local/dialup_admin
 DIALUP_DOCDIR := $(DIALUP_PREFIX)/doc
diff -Nru freeradius-server-2.1.1.orig/dialup_admin/conf/admin.conf freeradius-server-2.1.1/dialup_admin/conf/admin.conf
--- freeradius-server-2.1.1.orig/dialup_admin/conf/admin.conf	2008-09-25 08:41:26.000000000 +0000
+++ freeradius-server-2.1.1/dialup_admin/conf/admin.conf	2008-10-12 09:14:12.000000000 +0000
@@ -204,7 +204,7 @@
 #
 # Uncomment to enable ldap debug
 #
-ldap_debug: true
+#ldap_debug: true
 #
 # Allow for defining the ldap filter used when searching for a user
 # Variables supported:
@@ -274,7 +274,7 @@
 #
 # Uncomment to enable sql debug
 #
-sql_debug: true
+#sql_debug: true
 #
 # If set to yes then the HTTP credentials (http authentication)
 # will be used to connect to the sql server instead of sql_username



1.1                  www-apps/freeradius-dialupadmin/files/freeradius-dialupadmin-1.80-tmpfile.patch

file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/www-apps/freeradius-dialupadmin/files/freeradius-dialupadmin-1.80-tmpfile.patch?rev=1.1&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/www-apps/freeradius-dialupadmin/files/freeradius-dialupadmin-1.80-tmpfile.patch?rev=1.1&content-type=text/plain

Index: freeradius-dialupadmin-1.80-tmpfile.patch
===================================================================
diff -Nru freeradius-server-2.1.1.orig/dialup_admin/bin/clean_radacct freeradius-server-2.1.1/dialup_admin/bin/clean_radacct
--- freeradius-server-2.1.1.orig/dialup_admin/bin/clean_radacct	2008-09-25 08:41:26.000000000 +0000
+++ freeradius-server-2.1.1/dialup_admin/bin/clean_radacct	2008-10-12 09:29:50.000000000 +0000
@@ -5,6 +5,7 @@
 # Works with mysql and postgresql
 #
 use POSIX;
+use File::Temp;
 
 $conf=shift||'/usr/local/dialup_admin/conf/admin.conf';
 $back_days = 35;
@@ -42,11 +43,10 @@
 
 $query = "DELETE FROM $sql_accounting_table WHERE AcctStopTime IS NULL AND AcctStartTime < '$date';";
 print "$query\n";
-open TMP, ">/tmp/clean_radacct.query"
-        or die "Could not open tmp file\n";
-print TMP $query;
-close TMP;
-$command = "$sqlcmd -h$sql_server -u$sql_username $sql_password $sql_database </tmp/clean_radacct.query" if ($sql_type eq 'mysql');
-$command = "$sqlcmd  -U $sql_username -f /tmp/clean_radacct.query $sql_database" if ($sql_type eq 'pg');
-$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' </tmp/clean_radacct.query" if ($sql_type eq 'sqlrelay');
+my ($fh, $tmp_filename) = tempfile() or die "Could not open tmp file\n";
+print $fh $query;
+close $fh;
+$command = "$sqlcmd -h$sql_server -u$sql_username $sql_password $sql_database < $tmp_filename" if ($sql_type eq 'mysql');
+$command = "$sqlcmd  -U $sql_username -f  $tmp_filename $sql_database" if ($sql_type eq 'pg');
+$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' < $tmp_filename" if ($sql_type eq 'sqlrelay');
 `$command`;
diff -Nru freeradius-server-2.1.1.orig/dialup_admin/bin/log_badlogins freeradius-server-2.1.1/dialup_admin/bin/log_badlogins
--- freeradius-server-2.1.1.orig/dialup_admin/bin/log_badlogins	2008-09-25 08:41:26.000000000 +0000
+++ freeradius-server-2.1.1/dialup_admin/bin/log_badlogins	2008-10-12 10:09:58.000000000 +0000
@@ -14,6 +14,7 @@
 
 use Date::Manip qw(ParseDate UnixDate);
 use Digest::MD5;
+use File::Temp;
 $|=1;
 
 $file=shift||'none';
@@ -29,7 +30,8 @@
 # CHANGE THESE TO MATCH YOUR SETUP
 #
 #$regexp = 'from client localhost port 135|from client blabla ';
-$tmpfile='/var/tmp/sql.input';
+$tmpdir=tempdir( CLEANUP => 1 );
+$tmpfile="$tmpdir/sql.input";
 #
 $verbose = 0;
 #
diff -Nru freeradius-server-2.1.1.orig/dialup_admin/bin/monthly_tot_stats freeradius-server-2.1.1/dialup_admin/bin/monthly_tot_stats
--- freeradius-server-2.1.1.orig/dialup_admin/bin/monthly_tot_stats	2008-09-25 08:41:26.000000000 +0000
+++ freeradius-server-2.1.1/dialup_admin/bin/monthly_tot_stats	2008-10-12 09:29:50.000000000 +0000
@@ -1,5 +1,6 @@
 #!/usr/bin/perl
 use POSIX;
+use File::Temp;
 
 # Log in the mtotacct table aggregated accounting information for
 # each user spaning in one month period.
@@ -51,14 +52,13 @@
 	AcctDate <= '$date_end' GROUP BY UserName,NASIPAddress;";
 print "$query1\n";
 print "$query2\n";
-open TMP, ">/tmp/tot_stats.query"
-	or die "Could not open tmp file\n";
-print TMP "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle');
-print TMP $query1;
-print TMP $query2;
-close TMP;
-$command = "$sqlcmd -h $sql_server -u $sql_username $sql_password $sql_database </tmp/tot_stats.query" if ($sql_type eq 'mysql');
-$command = "$sqlcmd  -U $sql_username -f /tmp/tot_stats.query $sql_database" if ($sql_type eq 'pg');
+my ($fh, $tmp_filename) = tempfile() or die "Could not open tmp file\n";
+print $fh "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle');
+print $fh $query1;
+print $fh $query2;
+close $fh;
+$command = "$sqlcmd -h $sql_server -u $sql_username $sql_password $sql_database < $tmp_filename" if ($sql_type eq 'mysql');
+$command = "$sqlcmd  -U $sql_username -f  $tmp_filename $sql_database" if ($sql_type eq 'pg');
 $command = "$sqlcmd  $sql_username/$pass" . "@" . "$sql_database <$tmpfile.$server" if ($sql_type eq 'oracle');
-$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' </tmp/tot_stats.query" if ($sql_type eq 'sqlrelay');
+$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' < $tmp_filename" if ($sql_type eq 'sqlrelay');
 `$command`;
diff -Nru freeradius-server-2.1.1.orig/dialup_admin/bin/tot_stats freeradius-server-2.1.1/dialup_admin/bin/tot_stats
--- freeradius-server-2.1.1.orig/dialup_admin/bin/tot_stats	2008-09-25 08:41:26.000000000 +0000
+++ freeradius-server-2.1.1/dialup_admin/bin/tot_stats	2008-10-12 09:29:50.000000000 +0000
@@ -1,5 +1,6 @@
 #!/usr/bin/perl
 use POSIX;
+use File::Temp;
 
 # Log in the totacct table aggregated daily accounting information for
 # each user.
@@ -48,14 +49,13 @@
 	AcctStopTime < '$date_end' GROUP BY UserName,NASIPAddress;";
 print "$query1\n";
 print "$query2\n";
-open TMP, ">/tmp/tot_stats.query"
-	or die "Could not open tmp file\n";
-print TMP "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle');
-print TMP $query1;
-print TMP $query2;
-close TMP;
-$command = "$sqlcmd -h $sql_server -u $sql_username $sql_password $sql_database </tmp/tot_stats.query" if ($sql_type eq 'mysql');
-$command = "$sqlcmd  -U $sql_username -f /tmp/tot_stats.query $sql_database" if ($sql_type eq 'pg');
+my ($fh, $tmp_filename) = tempfile() or die "Could not open tmp file\n";
+print $fh "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle');
+print $fh $query1;
+print $fh $query2;
+close $fh;
+$command = "$sqlcmd -h $sql_server -u $sql_username $sql_password $sql_database < $tmp_filename" if ($sql_type eq 'mysql');
+$command = "$sqlcmd  -U $sql_username -f  $tmp_filename $sql_database" if ($sql_type eq 'pg');
 $command = "$sqlcmd  $sql_username/$pass" . "@" . "$sql_database <$tmpfile.$server" if ($sql_type eq 'oracle');
-$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' </tmp/tot_stats.query" if ($sql_type eq 'sqlrelay');
+$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' < $tmp_filename" if ($sql_type eq 'sqlrelay');
 `$command`;
diff -Nru freeradius-server-2.1.1.orig/dialup_admin/bin/truncate_radacct freeradius-server-2.1.1/dialup_admin/bin/truncate_radacct
--- freeradius-server-2.1.1.orig/dialup_admin/bin/truncate_radacct	2008-09-25 08:41:26.000000000 +0000
+++ freeradius-server-2.1.1/dialup_admin/bin/truncate_radacct	2008-10-12 09:29:50.000000000 +0000
@@ -5,6 +5,7 @@
 # Works with mysql and postgresql
 #
 use POSIX;
+use File::Temp;
 
 $conf=shift||'/usr/local/dialup_admin/conf/admin.conf';
 $back_days = 90;
@@ -44,13 +45,12 @@
 $query .= "DELETE FROM $sql_accounting_table WHERE AcctStopTime < '$date' AND AcctStopTime IS NOT NULL ;";
 $query .= "UNLOCK TABLES;" if ($sql_type eq 'mysql');
 print "$query\n";
-open TMP, ">/tmp/truncate_radacct.query"
-        or die "Could not open tmp file\n";
-print TMP "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle');
-print TMP $query;
-close TMP;
-$command = "$sqlcmd -h$sql_server -u$sql_username $sql_password $sql_database </tmp/truncate_radacct.query" if ($sql_type eq 'mysql');
-$command = "$sqlcmd  -U $sql_username -f /tmp/truncate_radacct.query $sql_database" if ($sql_type eq 'pg');
+my ($fh, $tmp_filename) = tempfile() or die "Could not open tmp file\n";
+print $fh "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle');
+print $fh $query;
+close $fh;
+$command = "$sqlcmd -h$sql_server -u$sql_username $sql_password $sql_database < $tmp_filename" if ($sql_type eq 'mysql');
+$command = "$sqlcmd  -U $sql_username -f  $tmp_filename $sql_database" if ($sql_type eq 'pg');
 $command = "$sqlcmd  $sql_username/$pass" . "@" . "$sql_database <$tmpfile.$server" if ($sql_type eq 'oracle');
-$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' </tmp/truncate_radacct.query" if ($sql_type eq 'sqlrelay');
+$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' < $tmp_filename" if ($sql_type eq 'sqlrelay');
 `$command`;
Navigation:
Lists: gentoo-commits: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
gentoo-x86 commit in app-text/gnome-doc-utils: gnome-doc-utils-0.14.0.ebuild ChangeLog
Next by thread:
gentoo-x86 commit in www-apps/freeradius-dialupadmin: ChangeLog freeradius-dialupadmin-1.80.ebuild
Previous by date:
gentoo-x86 commit in app-text/gnome-spell: gnome-spell-1.0.8.ebuild ChangeLog
Next by date:
gentoo-x86 commit in www-apps/freeradius-dialupadmin: ChangeLog freeradius-dialupadmin-1.80.ebuild


Updated Jun 24, 2012

Summary: Archive of the gentoo-commits mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.