NetBSD Problem Report #45181
From louis@maat.zabrico.com Wed Jul 27 02:10:01 2011
Return-Path: <louis@maat.zabrico.com>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
by www.NetBSD.org (Postfix) with ESMTP id 920C963BAC3
for <gnats-bugs@gnats.NetBSD.org>; Wed, 27 Jul 2011 02:10:01 +0000 (UTC)
Message-Id: <20110727005038.5DF021083C@maat.zabrico.com>
Date: Tue, 26 Jul 2011 20:50:38 -0400 (EDT)
From: louis@zabrico.com
Reply-To: louis@zabrico.com
To: gnats-bugs@gnats.NetBSD.org
Subject: textproc/groff pdfroff patch is not portable
X-Send-Pr-Version: 3.95
>Number: 45181
>Category: pkg
>Synopsis: the new patch uses mktemp with the -p option, which is not portable.
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: tez
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Wed Jul 27 02:15:00 +0000 2011
>Closed-Date: Thu Jul 28 03:16:11 +0000 2011
>Last-Modified: Thu Jul 28 03:16:11 +0000 2011
>Originator: Louis Guillaume
>Release: NetBSD 5.1_STABLE
>Organization:
>Environment:
System: NetBSD xxxxxxxxxxxxxxxx 5.1_STABLE NetBSD 5.1_STABLE (GENERIC) #11: Sat Jul 23 13:03:08 EDT 2011 louis@xxxxxxxxxxxxxxxx:/usr/obj/sys/arch/i386/compile/GENERIC i386
Architecture: i386
Machine: i386
>Description:
Affects NetBSD, but I also found on OS X 10.6. with pkgsrc-2011Q2.
With pkgsrc-2011Q2, we have a new patch in groff, named patches/patch-contrib_pdfmark_pdfroff.sh.
This patch introduces a mktemp command with the `-p' option, which is not portable. It seems to only be on Linux AFAICT.
Below is a patch to the patch that works for me. I left the `XXXX' in there to support Linux, as it still needs a specific template with the `X's. I thought 4 was enough but it's totally arbitrary.
>How-To-Repeat:
Try to run pdfroff after building from pkgsrc-2011Q2 on NetBSD or OS X.
>Fix:
--- textproc/groff/patches/patch-contrib_pdfmark_pdfroff.sh 21 Jul 2011 04:24:07 -0000 1.1.2.2
+++ textproc/groff/patches/patch-contrib_pdfmark_pdfroff.sh 27 Jul 2011 00:39:18 -0000
@@ -18,7 +18,7 @@
#
- WRKFILE=${GROFF_TMPDIR=${TMPDIR-${TMP-${TEMP-"."}}}}/pdf$$.tmp
+ MYTMPDIR=${GROFF_TMPDIR-${TMPDIR-${TMP-${TEMP-"/tmp"}}}}
-+ WRKDIR="`unset TMPDIR && mktemp -dp "$MYTMPDIR" groff-pdfroff.XXXXXXXXXX`" || exit
++ WRKDIR="$(TMPDIR=$MYTMPDIR mktemp -d -t groff-pdfroff.XXXX)" || exit
+
+ trap 'rm -rf -- "$WRKDIR"' EXIT
+ trap 'trap - EXIT; rm -rf -- "$WRKDIR"; exit 1' HUP INT QUIT PIPE TERM
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: pkg-manager->tez
Responsible-Changed-By: gdt@NetBSD.org
Responsible-Changed-When: Wed, 27 Jul 2011 14:07:44 +0000
Responsible-Changed-Why:
Problem appears to be from a recent security update.
From: Tim Zingelman <tez@netbsd.org>
To: gnats-bugs@netbsd.org
Cc:
Subject: Re: pkg/45181 (the new patch uses mktemp with the -p option, which is
not portable.)
Date: Wed, 27 Jul 2011 10:29:56 -0500
I am looking at this now.
The -p option is not linux only. It exists on Solaris 10, as well as
any platform if you happen to have pkgsrc/sysutils/coreutils
installed.
Also, the patch you supplied does not work on Solaris at least... it
results in errors like:
pdfroff: $(TMPDIR=/tmp mktemp -d -t
groff-pdfroff.XXXXXXXXXX)/pdf27836.in: cannot create
From: Louis Guillaume <louis@zabrico.com>
To: gnats-bugs@NetBSD.org
Cc: Tim Zingelman <tez@NetBSD.org>, gnats-admin@NetBSD.org,
pkgsrc-bugs@NetBSD.org
Subject: Re: pkg/45181 (the new patch uses mktemp with the -p option, which
is not portable.)
Date: Wed, 27 Jul 2011 11:48:40 -0400
On 7/27/11 11:30 AM, Tim Zingelman wrote:
> The following reply was made to PR pkg/45181; it has been noted by GNATS.
>
> From: Tim Zingelman<tez@netbsd.org>
> To: gnats-bugs@netbsd.org
> Cc:
> Subject: Re: pkg/45181 (the new patch uses mktemp with the -p option, which is
> not portable.)
> Date: Wed, 27 Jul 2011 10:29:56 -0500
>
> I am looking at this now.
>
> The -p option is not linux only. It exists on Solaris 10, as well as
> any platform if you happen to have pkgsrc/sysutils/coreutils
> installed.
>
> Also, the patch you supplied does not work on Solaris at least... it
> results in errors like:
>
> pdfroff: $(TMPDIR=/tmp mktemp -d -t
> groff-pdfroff.XXXXXXXXXX)/pdf27836.in: cannot create
>
Why isn't the shell resolving the command inside the $() ?? That's just
strange. Is Solaris' sh really that out-of-date?
I guess we can fall back on using the "`" syntax instead. But that's
annoying.
Try the patch below instead...
Louis
--- textproc/groff/patches/patch-contrib_pdfmark_pdfroff.sh 21 Jul
2011 04:24:07 -0000 1.1.2.2
+++ textproc/groff/patches/patch-contrib_pdfmark_pdfroff.sh 27 Jul
2011 15:44:52 -0000
@@ -18,7 +18,7 @@
#
- WRKFILE=${GROFF_TMPDIR=${TMPDIR-${TMP-${TEMP-"."}}}}/pdf$$.tmp
+ MYTMPDIR=${GROFF_TMPDIR-${TMPDIR-${TMP-${TEMP-"/tmp"}}}}
-+ WRKDIR="`unset TMPDIR && mktemp -dp "$MYTMPDIR"
groff-pdfroff.XXXXXXXXXX`" || exit
++ WRKDIR="`TMPDIR=$MYTMPDIR mktemp -d -t groff-pdfroff.XXXX`" || exit
+
+ trap 'rm -rf -- "$WRKDIR"' EXIT
+ trap 'trap - EXIT; rm -rf -- "$WRKDIR"; exit 1' HUP INT QUIT PIPE TERM
From: Tim Zingelman <tez@netbsd.org>
To: gnats-bugs@netbsd.org
Cc:
Subject: Re: pkg/45181 (the new patch uses mktemp with the -p option, which is
not portable.)
Date: Wed, 27 Jul 2011 10:49:21 -0500
Does this patch work for you?
--- patches/patch-contrib_pdfmark_pdfroff.sh 19 Jul 2011 21:09:39
-0000 1.1
+++ patches/patch-contrib_pdfmark_pdfroff.sh 27 Jul 2011 15:41:14 -0000
@@ -6,6 +6,7 @@
http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff?rev=1.2
Modified for pkgsrc and excluded a documentaion change to doc/groff.texinfo
that changes a `makeinfo' is too old warning into a fatal error.
+Modified to not use '-p' option to mktemp which is missing on some platforms.
Added patch to make pdfroff.sh use -dSAFER
See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538338 for why.
@@ -18,7 +19,7 @@
#
- WRKFILE=${GROFF_TMPDIR=${TMPDIR-${TMP-${TEMP-"."}}}}/pdf$$.tmp
+ MYTMPDIR=${GROFF_TMPDIR-${TMPDIR-${TMP-${TEMP-"/tmp"}}}}
-+ WRKDIR="`unset TMPDIR && mktemp -dp "$MYTMPDIR"
groff-pdfroff.XXXXXXXXXX`" || exit
++ WRKDIR="`TMPDIR=$MYTMPDIR mktemp -d -t groff-pdfroff.XXXXXXXXXX`" || exit
+
+ trap 'rm -rf -- "$WRKDIR"' EXIT
+ trap 'trap - EXIT; rm -rf -- "$WRKDIR"; exit 1' HUP INT QUIT PIPE TERM
- Tim
From: Tim Zingelman <tez@netbsd.org>
To: gnats-bugs@netbsd.org
Cc:
Subject: Re: pkg/45181 (the new patch uses mktemp with the -p option, which is
not portable.)
Date: Wed, 27 Jul 2011 10:53:27 -0500
email passing like ships in the night :)
I'll commit the patch and request a pullup to pkgsrc-2011Q2
- Tim
From: Joerg Sonnenberger <joerg@britannica.bec.de>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: pkg/45181 (the new patch uses mktemp with the -p option, which
is not portable.)
Date: Wed, 27 Jul 2011 18:07:51 +0200
On Wed, Jul 27, 2011 at 03:50:04PM +0000, Louis Guillaume wrote:
> Why isn't the shell resolving the command inside the $() ?? That's just
> strange. Is Solaris' sh really that out-of-date?
Yes, it is. The alternative would be to properly substitute SH.
Joerg
From: "Tim Zingelman" <tez@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/45181 CVS commit: pkgsrc/textproc/groff
Date: Wed, 27 Jul 2011 16:33:25 +0000
Module Name: pkgsrc
Committed By: tez
Date: Wed Jul 27 16:33:25 UTC 2011
Modified Files:
pkgsrc/textproc/groff: Makefile distinfo
pkgsrc/textproc/groff/patches: patch-contrib_pdfmark_pdfroff.sh
Log Message:
Adjust pdfroff security patch to not use '-p' option to mktemp which is
missing on some platforms. fixes PR#45181
To generate a diff of this commit:
cvs rdiff -u -r1.58 -r1.59 pkgsrc/textproc/groff/Makefile
cvs rdiff -u -r1.15 -r1.16 pkgsrc/textproc/groff/distinfo
cvs rdiff -u -r1.1 -r1.2 \
pkgsrc/textproc/groff/patches/patch-contrib_pdfmark_pdfroff.sh
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: Alan Barrett <apb@cequrux.com>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: pkg/45181 (the new patch uses mktemp with the -p option, which
is not portable.)
Date: Wed, 27 Jul 2011 18:46:20 +0200
On Wed, 27 Jul 2011, Tim Zingelman wrote:
> Also, the patch you supplied does not work on Solaris at least... it
> results in errors like:
>
> pdfroff: $(TMPDIR=/tmp mktemp -d -t
> groff-pdfroff.XXXXXXXXXX)/pdf27836.in: cannot create
If you use the REPLACE_SH mechanism, then #!/bin/sh can be
changed to something appropriate for the target system. If
I am reading pkgsrc/mk/configure/replace-interpreter.mk and
pkgsrc/mk/tools/tools.SunOS.mk correctly, then it looks as though
REPLACE_SH would use #!/bin/ksh on Solaris.
--apb (Alan Barrett)
From: "Steven Drake" <sbd@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/45181 CVS commit: [pkgsrc-2011Q2] pkgsrc/textproc/groff
Date: Thu, 28 Jul 2011 02:30:24 +0000
Module Name: pkgsrc
Committed By: sbd
Date: Thu Jul 28 02:30:24 UTC 2011
Modified Files:
pkgsrc/textproc/groff [pkgsrc-2011Q2]: Makefile distinfo
pkgsrc/textproc/groff/patches [pkgsrc-2011Q2]:
patch-contrib_pdfmark_pdfroff.sh
Log Message:
Pullup ticket #3481 - requested by tez
textproc/groff security/portablity update
Revisions pulled up:
- textproc/groff/Makefile 1.59
- textproc/groff/distinfo 1.16
- textproc/groff/patches/patch-contrib_pdfmark_pdfroff.sh 1.2
---
Module Name: pkgsrc
Committed By: tez
Date: Wed Jul 27 16:33:25 UTC 2011
Modified Files:
pkgsrc/textproc/groff: Makefile distinfo
pkgsrc/textproc/groff/patches: patch-contrib_pdfmark_pdfroff.sh
Log Message:
Adjust pdfroff security patch to not use '-p' option to mktemp which is
missing on some platforms. fixes PR#45181
To generate a diff of this commit:
cvs rdiff -u -r1.57.2.1 -r1.57.2.2 pkgsrc/textproc/groff/Makefile
cvs rdiff -u -r1.14.14.1 -r1.14.14.2 pkgsrc/textproc/groff/distinfo
cvs rdiff -u -r1.1.2.2 -r1.1.2.3 \
pkgsrc/textproc/groff/patches/patch-contrib_pdfmark_pdfroff.sh
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: open->closed
State-Changed-By: dholland@NetBSD.org
State-Changed-When: Thu, 28 Jul 2011 03:16:11 +0000
State-Changed-Why:
Fixed, thanks.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.
Home