Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 41172 Details for
Bug 66360
dev-lang/perl: Insecure tempfile handling
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
perl-5.8.3-openwall-1.3-tempfile.patch
perl-5.8.3-openwall-1.3-tempfile.patch (text/plain), 29.92 KB, created by
Luke Macken (RETIRED)
on 2004-10-05 13:53:20 UTC
(
hide
)
Description:
perl-5.8.3-openwall-1.3-tempfile.patch
Filename:
MIME Type:
Creator:
Luke Macken (RETIRED)
Created:
2004-10-05 13:53:20 UTC
Size:
29.92 KB
patch
obsolete
>diff -ur perl-5.8.3.orig/ext/DB_File/DB_File.pm perl-5.8.3/ext/DB_File/DB_File.pm >--- perl-5.8.3.orig/ext/DB_File/DB_File.pm Mon Jan 19 18:46:25 2004 >+++ perl-5.8.3/ext/DB_File/DB_File.pm Mon Jan 19 20:14:11 2004 >@@ -1821,7 +1821,7 @@ > use DB_File ; > > my %hash ; >- my $filename = "/tmp/filt" ; >+ my $filename = "/var/run/filt" ; > unlink $filename ; > > my $db = tie %hash, 'DB_File', $filename, O_CREAT|O_RDWR, 0666, $DB_HASH >@@ -1863,7 +1863,7 @@ > use strict ; > use DB_File ; > my %hash ; >- my $filename = "/tmp/filt" ; >+ my $filename = "/var/run/filt" ; > unlink $filename ; > > >@@ -1894,8 +1894,8 @@ > > The locking technique went like this. > >- $db = tie(%db, 'DB_File', '/tmp/foo.db', O_CREAT|O_RDWR, 0666) >- || die "dbcreat /tmp/foo.db $!"; >+ $db = tie(%db, 'DB_File', '/var/run/foo.db', O_CREAT|O_RDWR, 0644) >+ || die "dbcreat /var/run/foo.db $!"; > $fd = $db->fd; > open(DB_FH, "+<&=$fd") || die "dup $!"; > flock (DB_FH, LOCK_EX) || die "flock: $!"; >diff -ur perl-5.8.3.orig/ext/DB_File/t/db-recno.t perl-5.8.3/ext/DB_File/t/db-recno.t >--- perl-5.8.3.orig/ext/DB_File/t/db-recno.t Mon Jan 19 18:46:25 2004 >+++ perl-5.8.3/ext/DB_File/t/db-recno.t Sun Jan 25 18:53:51 2004 >@@ -1198,7 +1198,7 @@ > > my $testnum = 181; > my $failed = 0; >-require POSIX; my $tmp = POSIX::tmpnam(); >+my $tmp = "dbr$$"; > foreach my $test (@tests) { > my $err = test_splice(@$test); > if (defined $err) { >diff -ur perl-5.8.3.orig/ext/Devel/PPPort/PPPort.pm perl-5.8.3/ext/Devel/PPPort/PPPort.pm >--- perl-5.8.3.orig/ext/Devel/PPPort/PPPort.pm Mon Jan 19 18:46:25 2004 >+++ perl-5.8.3/ext/Devel/PPPort/PPPort.pm Sun Jan 25 16:16:53 2004 >@@ -349,13 +349,13 @@ > } > > if ($changes) { >- open(OUT,">/tmp/ppport.h.$$"); >+ open(OUT,"ppport.h.$$"); > print OUT $c; > close(OUT); >- open(DIFF, "diff -u $filename /tmp/ppport.h.$$|"); >- while (<DIFF>) { s!/tmp/ppport\.h\.$$!$filename.patched!; print STDOUT; } >+ open(DIFF, "diff -u $filename ppport.h.$$|"); >+ while (<DIFF>) { s!ppport\.h\.$$!$filename.patched!; print STDOUT; } > close(DIFF); >- unlink("/tmp/ppport.h.$$"); >+ unlink("ppport.h.$$"); > } else { > print "Looks OK\n"; > } >diff -ur perl-5.8.3.orig/ext/IO/t/io_unix.t perl-5.8.3/ext/IO/t/io_unix.t >--- perl-5.8.3.orig/ext/IO/t/io_unix.t Tue Sep 30 17:10:17 2003 >+++ perl-5.8.3/ext/IO/t/io_unix.t Sun Jan 25 16:17:43 2004 >@@ -24,7 +24,7 @@ > elsif ($^O eq 'os2') { > require IO::Socket; > >- eval {IO::Socket::pack_sockaddr_un('/tmp/foo') || 1} >+ eval {IO::Socket::pack_sockaddr_un('/foo/bar') || 1} > or $@ !~ /not implemented/ or > $reason = 'compiled without TCP/IP stack v4'; > } elsif ($^O =~ m/^(?:qnx|nto|vos)$/ ) { >@@ -37,7 +37,7 @@ > } > } > >-$PATH = "/tmp/sock-$$"; >+$PATH = "sock-$$"; > > # Test if we can create the file within the tmp directory > if (-e $PATH or not open(TEST, ">$PATH") and $^O ne 'os2') { >diff -ur perl-5.8.3.orig/ext/ODBM_File/ODBM_File.xs perl-5.8.3/ext/ODBM_File/ODBM_File.xs >--- perl-5.8.3.orig/ext/ODBM_File/ODBM_File.xs Tue Sep 30 17:10:20 2003 >+++ perl-5.8.3/ext/ODBM_File/ODBM_File.xs Mon Jan 19 21:55:54 2004 >@@ -32,7 +32,7 @@ > * Set DBM_BUG_DUPLICATE_FREE in the extension hint file. > */ > /* Close the previous dbm, and fail to open a new dbm */ >-#define dbmclose() ((void) dbminit("/tmp/x/y/z/z/y")) >+#define dbmclose() ((void) dbminit("/nonexistent")) > #endif > > #include <fcntl.h> >diff -ur perl-5.8.3.orig/ext/POSIX/POSIX.pod perl-5.8.3/ext/POSIX/POSIX.pod >--- perl-5.8.3.orig/ext/POSIX/POSIX.pod Tue Sep 30 17:10:22 2003 >+++ perl-5.8.3/ext/POSIX/POSIX.pod Sun Jan 25 16:19:16 2004 >@@ -417,9 +417,9 @@ > uses file descriptors such as those obtained by calling C<POSIX::open>. > > The following will determine the maximum length of the longest allowable >-pathname on the filesystem which holds C</tmp/foo>. >+pathname on the filesystem which holds C</var/foo>. > >- $fd = POSIX::open( "/tmp/foo", &POSIX::O_RDONLY ); >+ $fd = POSIX::open( "/var/foo", &POSIX::O_RDONLY ); > $path_max = POSIX::fpathconf( $fd, &POSIX::_PC_PATH_MAX ); > > Returns C<undef> on failure. >@@ -919,7 +919,7 @@ > > Open a directory for reading. > >- $dir = POSIX::opendir( "/tmp" ); >+ $dir = POSIX::opendir( "/var" ); > @files = POSIX::readdir( $dir ); > POSIX::closedir( $dir ); > >@@ -930,9 +930,9 @@ > Retrieves the value of a configurable limit on a file or directory. > > The following will determine the maximum length of the longest allowable >-pathname on the filesystem which holds C</tmp>. >+pathname on the filesystem which holds C</var>. > >- $path_max = POSIX::pathconf( "/tmp", &POSIX::_PC_PATH_MAX ); >+ $path_max = POSIX::pathconf( "/var", &POSIX::_PC_PATH_MAX ); > > Returns C<undef> on failure. > >diff -ur perl-5.8.3.orig/ext/Socket/Socket.pm perl-5.8.3/ext/Socket/Socket.pm >--- perl-5.8.3.orig/ext/Socket/Socket.pm Tue Sep 30 17:10:25 2003 >+++ perl-5.8.3/ext/Socket/Socket.pm Mon Jan 19 20:14:11 2004 >@@ -32,8 +32,8 @@ > > $proto = getprotobyname('tcp'); > socket(Socket_Handle, PF_UNIX, SOCK_STREAM, $proto); >- unlink('/tmp/usock'); >- $sun = sockaddr_un('/tmp/usock'); >+ unlink('/var/run/usock'); >+ $sun = sockaddr_un('/var/run/usock'); > connect(Socket_Handle,$sun); > > =head1 DESCRIPTION >diff -ur perl-5.8.3.orig/ext/Storable/Storable.pm perl-5.8.3/ext/Storable/Storable.pm >--- perl-5.8.3.orig/ext/Storable/Storable.pm Mon Jan 19 18:46:25 2004 >+++ perl-5.8.3/ext/Storable/Storable.pm Sun Jan 25 16:24:24 2004 >@@ -786,10 +786,10 @@ > > %color = ('Blue' => 0.1, 'Red' => 0.8, 'Black' => 0, 'White' => 1); > >- store(\%color, '/tmp/colors') or die "Can't store %a in /tmp/colors!\n"; >+ store(\%color, '/var/run/colors') or die "Can't store %a in /var/run/colors!\n"; > >- $colref = retrieve('/tmp/colors'); >- die "Unable to retrieve from /tmp/colors!\n" unless defined $colref; >+ $colref = retrieve('/var/run/colors'); >+ die "Unable to retrieve from /var/run/colors!\n" unless defined $colref; > printf "Blue is still %lf\n", $colref->{'Blue'}; > > $colref2 = dclone(\%color); >diff -ur perl-5.8.3.orig/ext/Time/HiRes/Makefile.PL perl-5.8.3/ext/Time/HiRes/Makefile.PL >--- perl-5.8.3.orig/ext/Time/HiRes/Makefile.PL Tue Oct 28 20:35:51 2003 >+++ perl-5.8.3/ext/Time/HiRes/Makefile.PL Sun Jan 25 16:27:01 2004 >@@ -71,19 +71,11 @@ > # without changing it, and then I'd always forget to change it before a > # release. Sorry, Edward :) > >-sub TMPDIR { >- my $TMPDIR = >- (grep(defined $_ && -d $_ && -w _, >- ((defined $ENV{'TMPDIR'} ? $ENV{'TMPDIR'} : undef), >- qw(/var/tmp /usr/tmp /tmp c:/temp))))[0]; >- $TMPDIR || die "Cannot find writable temporary directory.\n"; >-} >- > sub try_compile_and_link { > my ($c, %args) = @_; > > my ($ok) = 0; >- my ($tmp) = (($^O eq 'VMS') ? "sys\$scratch:tmp$$" : TMPDIR() . '/' . "tmp$$"); >+ my ($tmp) = "tmp$$"; > local(*TMPC); > > my $obj_ext = $Config{obj_ext} || ".o"; >diff -ur perl-5.8.3.orig/lib/CGI/Cookie.pm perl-5.8.3/lib/CGI/Cookie.pm >--- perl-5.8.3.orig/lib/CGI/Cookie.pm Mon Jan 19 18:46:25 2004 >+++ perl-5.8.3/lib/CGI/Cookie.pm Mon Jan 19 20:14:11 2004 >@@ -407,7 +407,7 @@ > You may also retrieve cookies that were stored in some external > form using the parse() class method: > >- $COOKIES = `cat /usr/tmp/Cookie_stash`; >+ $COOKIES = `cat /var/run/www/Cookie_stash`; > %cookies = parse CGI::Cookie($COOKIES); > > If you are in a mod_perl environment, you can save some overhead by >diff -ur perl-5.8.3.orig/lib/CGI.pm perl-5.8.3/lib/CGI.pm >--- perl-5.8.3.orig/lib/CGI.pm Mon Jan 19 18:46:25 2004 >+++ perl-5.8.3/lib/CGI.pm Sun Jan 25 16:45:26 2004 >@@ -2,6 +2,9 @@ > require 5.004; > use Carp 'croak'; > >+# XXX: The temporary file handling implemented in here is crap. It should >+# be re-done making use of File::Temp. >+ > # See the bottom of this file for the POD documentation. Search for the > # string '=head'. > >diff -ur perl-5.8.3.orig/lib/CPAN.pm perl-5.8.3/lib/CPAN.pm >--- perl-5.8.3.orig/lib/CPAN.pm Tue Sep 30 17:10:44 2003 >+++ perl-5.8.3/lib/CPAN.pm Sun Jan 25 16:46:02 2004 >@@ -2273,7 +2273,7 @@ > # If more accuracy is wanted/needed, Chris Leach sent me this patch... > > # > *** /install/perl/live/lib/CPAN.pm- Wed Sep 24 13:08:48 1997 >- # > --- /tmp/cp Wed Sep 24 13:26:40 1997 >+ # > --- cp Wed Sep 24 13:26:40 1997 > # > *************** > # > *** 1562,1567 **** > # > --- 1562,1580 ---- >diff -ur perl-5.8.3.orig/lib/ExtUtils/MakeMaker.pm perl-5.8.3/lib/ExtUtils/MakeMaker.pm >--- perl-5.8.3.orig/lib/ExtUtils/MakeMaker.pm Fri Oct 31 22:03:49 2003 >+++ perl-5.8.3/lib/ExtUtils/MakeMaker.pm Sun Jan 25 16:48:00 2004 >@@ -1013,7 +1013,7 @@ > The Makefile to be produced may be altered by adding arguments of the > form C<KEY=VALUE>. E.g. > >- perl Makefile.PL PREFIX=/tmp/myperl5 >+ perl Makefile.PL PREFIX=~/myperl5 > > Other interesting targets in the generated Makefile are > >@@ -1355,13 +1355,13 @@ > > This is the root directory into which the code will be installed. It > I<prepends itself to the normal prefix>. For example, if your code >-would normally go into /usr/local/lib/perl you could set DESTDIR=/tmp/ >-and installation would go into /tmp/usr/local/lib/perl. >+would normally go into /usr/local/lib/perl you could set DESTDIR=/other/ >+and installation would go into /other/usr/local/lib/perl. > > This is primarily of use for people who repackage Perl modules. > > NOTE: Due to the nature of make, it is important that you put the trailing >-slash on your DESTDIR. "/tmp/" not "/tmp". >+slash on your DESTDIR. "/other/" not "/other". > > =item DIR > >diff -ur perl-5.8.3.orig/lib/ExtUtils/instmodsh perl-5.8.3/lib/ExtUtils/instmodsh >--- perl-5.8.3.orig/lib/ExtUtils/instmodsh Tue Sep 30 17:10:47 2003 >+++ perl-5.8.3/lib/ExtUtils/instmodsh Mon Jan 19 20:14:11 2004 >@@ -2,6 +2,7 @@ > > use strict; > use IO::File; >+use File::Temp; > use ExtUtils::Packlist; > use ExtUtils::Installed; > >@@ -58,16 +59,12 @@ > $reply =~ /^t\s*/ and do > { > my $file = (split(' ', $reply))[1]; >- my $tmp = "/tmp/inst.$$"; >- if (my $fh = IO::File->new($tmp, "w")) >- { >- $fh->print(join("\n", $Inst->files($module))); >- $fh->close(); >- system("tar cvf $file -I $tmp"); >- unlink($tmp); >- last CASE; >- } >- else { print("Can't open $file: $!\n"); } >+ my ($fh, $tmp) = File::Temp::tempfile(UNLINK => 1); >+ $fh->print(join("\n", $Inst->files($module))); >+ $fh->close(); >+ # This used to use -I which is wrong for GNU tar. >+ system("tar cvf $file -T $tmp"); >+ unlink($tmp); > last CASE; > }; > $reply eq 'v' and do >diff -ur perl-5.8.3.orig/lib/Memoize/t/tie.t perl-5.8.3/lib/Memoize/t/tie.t >--- perl-5.8.3.orig/lib/Memoize/t/tie.t Tue Sep 30 17:10:58 2003 >+++ perl-5.8.3/lib/Memoize/t/tie.t Sun Jan 25 16:54:31 2004 >@@ -29,14 +29,7 @@ > $_[0]+1; > } > >-if (eval {require File::Spec::Functions}) { >- File::Spec::Functions->import('tmpdir', 'catfile'); >- $tmpdir = tmpdir(); >-} else { >- *catfile = sub { join '/', @_ }; >- $tmpdir = $ENV{TMP} || $ENV{TMPDIR} || '/tmp'; >-} >-$file = catfile($tmpdir, "md$$"); >+$file = "md$$"; > @files = ($file, "$file.db", "$file.dir", "$file.pag"); > 1 while unlink @files; > >diff -ur perl-5.8.3.orig/lib/Memoize/t/tie_gdbm.t perl-5.8.3/lib/Memoize/t/tie_gdbm.t >--- perl-5.8.3.orig/lib/Memoize/t/tie_gdbm.t Tue Sep 30 17:10:58 2003 >+++ perl-5.8.3/lib/Memoize/t/tie_gdbm.t Sun Jan 25 16:53:07 2004 >@@ -26,13 +26,7 @@ > > print "1..4\n"; > >-if (eval {require File::Spec::Functions}) { >- File::Spec::Functions->import(); >-} else { >- *catfile = sub { join '/', @_ }; >-} >-$tmpdir = $ENV{TMP} || $ENV{TMPDIR} || '/tmp'; >-$file = catfile($tmpdir, "md$$"); >+$file = "md$$"; > 1 while unlink $file, "$file.dir", "$file.pag"; > tryout('GDBM_File', $file, 1); # Test 1..4 > 1 while unlink $file, "$file.dir", "$file.pag"; >diff -ur perl-5.8.3.orig/lib/Memoize/t/tie_ndbm.t perl-5.8.3/lib/Memoize/t/tie_ndbm.t >--- perl-5.8.3.orig/lib/Memoize/t/tie_ndbm.t Tue Sep 30 17:10:59 2003 >+++ perl-5.8.3/lib/Memoize/t/tie_ndbm.t Sun Jan 25 16:53:56 2004 >@@ -28,14 +28,7 @@ > > print "1..4\n"; > >- >-if (eval {require File::Spec::Functions}) { >- File::Spec::Functions->import(); >-} else { >- *catfile = sub { join '/', @_ }; >-} >-$tmpdir = $ENV{TMP} || $ENV{TMPDIR} || '/tmp'; >-$file = catfile($tmpdir, "md$$"); >+$file = "md$$"; > 1 while unlink $file, "$file.dir", "$file.pag"; > tryout('Memoize::NDBM_File', $file, 1); # Test 1..4 > 1 while unlink $file, "$file.dir", "$file.pag"; >diff -ur perl-5.8.3.orig/lib/Memoize/t/tie_sdbm.t perl-5.8.3/lib/Memoize/t/tie_sdbm.t >--- perl-5.8.3.orig/lib/Memoize/t/tie_sdbm.t Tue Sep 30 17:10:59 2003 >+++ perl-5.8.3/lib/Memoize/t/tie_sdbm.t Sun Jan 25 16:52:33 2004 >@@ -28,14 +28,7 @@ > > print "1..4\n"; > >-if (eval {require File::Spec::Functions}) { >- File::Spec::Functions->import('tmpdir', 'catfile'); >- $tmpdir = tmpdir(); >-} else { >- *catfile = sub { join '/', @_ }; >- $tmpdir = $ENV{TMP} || $ENV{TMPDIR} || '/tmp'; >-} >-$file = catfile($tmpdir, "md$$"); >+$file = "md$$"; > 1 while unlink $file, "$file.dir", "$file.pag"; > tryout('Memoize::SDBM_File', $file, 1); # Test 1..4 > 1 while unlink $file, "$file.dir", "$file.pag"; >diff -ur perl-5.8.3.orig/lib/Memoize/t/tie_storable.t perl-5.8.3/lib/Memoize/t/tie_storable.t >--- perl-5.8.3.orig/lib/Memoize/t/tie_storable.t Tue Sep 30 17:10:59 2003 >+++ perl-5.8.3/lib/Memoize/t/tie_storable.t Sun Jan 25 16:53:25 2004 >@@ -33,14 +33,7 @@ > > print "1..4\n"; > >- >-if (eval {require File::Spec::Functions}) { >- File::Spec::Functions->import(); >-} else { >- *catfile = sub { join '/', @_ }; >-} >-$tmpdir = $ENV{TMP} || $ENV{TMPDIR} || '/tmp'; >-$file = catfile($tmpdir, "storable$$"); >+$file = "storable$$"; > 1 while unlink $file; > tryout('Memoize::Storable', $file, 1); # Test 1..4 > 1 while unlink $file; >diff -ur perl-5.8.3.orig/lib/Shell.pm perl-5.8.3/lib/Shell.pm >--- perl-5.8.3.orig/lib/Shell.pm Tue Sep 30 17:11:05 2003 >+++ perl-5.8.3/lib/Shell.pm Mon Jan 19 20:14:11 2004 >@@ -140,7 +140,7 @@ > sub ps; > print ps -ww; > >- cp("/etc/passwd", "/tmp/passwd"); >+ cp("/etc/passwd", "/etc/passwd.orig"); > > That's maybe too gonzo. It actually exports an AUTOLOAD to the current > package (and uncovered a bug in Beta 3, by the way). Maybe the usual >diff -ur perl-5.8.3.orig/lib/dotsh.pl perl-5.8.3/lib/dotsh.pl >--- perl-5.8.3.orig/lib/dotsh.pl Tue Sep 30 17:11:16 2003 >+++ perl-5.8.3/lib/dotsh.pl Mon Jan 19 20:14:11 2004 >@@ -27,9 +27,9 @@ > # dependent upon. These variables MUST be defined using shell syntax. > # > # Example: >-# &dotsh ('/tmp/foo', 'arg1'); >-# &dotsh ('/tmp/foo'); >-# &dotsh ('/tmp/foo arg1 ... argN'); >+# &dotsh ('/foo/bar', 'arg1'); >+# &dotsh ('/foo/bar'); >+# &dotsh ('/foo/bar arg1 ... argN'); > # > sub dotsh { > local(@sh) = @_; >@@ -54,19 +54,17 @@ > } > } > if (length($vars) > 0) { >- system "$shell \"$vars;. $command $args; set > /tmp/_sh_env$$\""; >+ open (_SH_ENV, "$shell \"$vars && . $command $args && set \" |") || die; > } else { >- system "$shell \". $command $args; set > /tmp/_sh_env$$\""; >+ open (_SH_ENV, "$shell \". $command $args && set \" |") || die; > } > >- open (_SH_ENV, "/tmp/_sh_env$$") || die "Could not open /tmp/_sh_env$$!\n"; > while (<_SH_ENV>) { > chop; > m/^([^=]*)=(.*)/s; > $ENV{$1} = $2; > } > close (_SH_ENV); >- system "rm -f /tmp/_sh_env$$"; > > foreach $key (keys(%ENV)) { > $tmp .= "\$$key = \$ENV{'$key'};" if $key =~ /^[A-Za-z]\w*$/; >diff -ur perl-5.8.3.orig/lib/perl5db.pl perl-5.8.3/lib/perl5db.pl >--- perl-5.8.3.orig/lib/perl5db.pl Mon Jan 19 18:46:25 2004 >+++ perl-5.8.3/lib/perl5db.pl Mon Jan 19 20:14:11 2004 >@@ -206,7 +206,7 @@ > =item * noTTY > > if set, goes in NonStop mode. On interrupt, if TTY is not set, >-uses the value of noTTY or "/tmp/perldbtty$$" to find TTY using >+uses the value of noTTY or "/var/run/perldbtty$$" to find TTY using > Term::Rendezvous. Current variant is to have the name of TTY in this > file. > >@@ -5689,8 +5689,8 @@ > else { > eval "require Term::Rendezvous;" or die; > # See if we have anything to pass to Term::Rendezvous. >- # Use /tmp/perldbtty$$ if not. >- my $rv = $ENV{PERLDB_NOTTY} || "/tmp/perldbtty$$"; >+ # Use /var/run/perldbtty$$ if not. >+ my $rv = $ENV{PERLDB_NOTTY} || "/var/run/perldbtty$$"; > > # Rendezvous and get the filehandles. > my $term_rv = new Term::Rendezvous $rv; >diff -ur perl-5.8.3.orig/mpeix/nm perl-5.8.3/mpeix/nm >--- perl-5.8.3.orig/mpeix/nm Tue Sep 30 17:11:39 2003 >+++ perl-5.8.3/mpeix/nm Sun Jan 25 16:55:26 2004 >@@ -22,12 +22,12 @@ > # I wanted to pipe this into awk, but it fell victim to a known pipe/streams > # bug on my multiprocessor machine. > >-callci xeq linkedit.pub.sys \"$LIST\" >/tmp/nm.$$ >+callci xeq linkedit.pub.sys \"$LIST\" >nm.$$ > > /bin/awk '\ > / data univ / { printf "%-20s|%10s|%-6s|%-7s|%s\n",$1,$5,"extern","data","?"} \ >- / entry univ / { printf "%-20s|%10s|%-6s|%-7s|%s\n",$1,$7,"extern","entry","?"}' /tmp/nm.$$ >+ / entry univ / { printf "%-20s|%10s|%-6s|%-7s|%s\n",$1,$7,"extern","entry","?"}' nm.$$ > >-rm -f /tmp/nm.$$ >+rm -f nm.$$ > > exit 0 >diff -ur perl-5.8.3.orig/mpeix/relink perl-5.8.3/mpeix/relink >--- perl-5.8.3.orig/mpeix/relink Tue Sep 30 17:11:39 2003 >+++ perl-5.8.3/mpeix/relink Sun Jan 25 16:55:44 2004 >@@ -14,7 +14,7 @@ > > echo "Creating $RAND.sl...\n" > >-TEMP=/tmp/perlmpe.$$ >+TEMP=perlmpe.$$ > > rm -f $TEMP $RAND.a $RAND.sl > >diff -ur perl-5.8.3.orig/perly.fixer perl-5.8.3/perly.fixer >--- perl-5.8.3.orig/perly.fixer Tue Sep 30 17:11:42 2003 >+++ perl-5.8.3/perly.fixer Mon Jan 19 20:14:11 2004 >@@ -23,7 +23,7 @@ > > input=$1 > output=$2 >-tmp=/tmp/f$$ >+tmp=perly$$ > > inputh=`echo $input|sed 's:\.c$:.h:'` > if grep '^#ifdef PERL_CORE' $inputh; then >diff -ur perl-5.8.3.orig/pod/perl571delta.pod perl-5.8.3/pod/perl571delta.pod >--- perl-5.8.3.orig/pod/perl571delta.pod Tue Sep 30 17:11:44 2003 >+++ perl-5.8.3/pod/perl571delta.pod Sun Jan 25 16:57:40 2004 >@@ -771,17 +771,17 @@ > If your file system supports symbolic links you can build Perl outside > of the source directory by > >- mkdir /tmp/perl/build/directory >- cd /tmp/perl/build/directory >+ mkdir perl/build/directory >+ cd perl/build/directory > sh /path/to/perl/source/Configure -Dmksymlinks ... > >-This will create in /tmp/perl/build/directory a tree of symbolic links >+This will create in perl/build/directory a tree of symbolic links > pointing to files in /path/to/perl/source. The original files are left > unaffected. After Configure has finished you can just say > > make all test > >-and Perl will be built and tested, all in /tmp/perl/build/directory. >+and Perl will be built and tested, all in perl/build/directory. > > =back > >diff -ur perl-5.8.3.orig/pod/perl58delta.pod perl-5.8.3/pod/perl58delta.pod >--- perl-5.8.3.orig/pod/perl58delta.pod Mon Jan 19 18:46:25 2004 >+++ perl-5.8.3/pod/perl58delta.pod Sun Jan 25 16:58:03 2004 >@@ -1905,17 +1905,17 @@ > If your file system supports symbolic links, you can build Perl outside > of the source directory by > >- mkdir /tmp/perl/build/directory >- cd /tmp/perl/build/directory >+ mkdir perl/build/directory >+ cd perl/build/directory > sh /path/to/perl/source/Configure -Dmksymlinks ... > >-This will create in /tmp/perl/build/directory a tree of symbolic links >+This will create in perl/build/directory a tree of symbolic links > pointing to files in /path/to/perl/source. The original files are left > unaffected. After Configure has finished, you can just say > > make all test > >-and Perl will be built and tested, all in /tmp/perl/build/directory. >+and Perl will be built and tested, all in perl/build/directory. > [561] > > =item * >diff -ur perl-5.8.3.orig/pod/perldbmfilter.pod perl-5.8.3/pod/perldbmfilter.pod >--- perl-5.8.3.orig/pod/perldbmfilter.pod Tue Sep 30 17:11:45 2003 >+++ perl-5.8.3/pod/perldbmfilter.pod Mon Jan 19 20:14:11 2004 >@@ -91,7 +91,7 @@ > use Fcntl ; > > my %hash ; >- my $filename = "/tmp/filt" ; >+ my $filename = "/var/run/filt" ; > unlink $filename ; > > my $db = tie(%hash, 'SDBM_File', $filename, O_RDWR|O_CREAT, 0640) >@@ -137,7 +137,7 @@ > use warnings ; > use DB_File ; > my %hash ; >- my $filename = "/tmp/filt" ; >+ my $filename = "/var/run/filt" ; > unlink $filename ; > > >diff -ur perl-5.8.3.orig/pod/perldebug.pod perl-5.8.3/pod/perldebug.pod >--- perl-5.8.3.orig/pod/perldebug.pod Tue Sep 30 17:11:45 2003 >+++ perl-5.8.3/pod/perldebug.pod Mon Jan 19 20:14:11 2004 >@@ -700,7 +700,7 @@ > with two methods: C<IN> and C<OUT>. These should return filehandles to use > for debugging input and output correspondingly. The C<new> method should > inspect an argument containing the value of C<$ENV{PERLDB_NOTTY}> at >-startup, or C<"/tmp/perldbtty$$"> otherwise. This file is not >+startup, or C<"/var/run/perldbtty$$"> otherwise. This file is not > inspected for proper ownership, so security hazards are theoretically > possible. > >diff -ur perl-5.8.3.orig/pod/perlfaq5.pod perl-5.8.3/pod/perlfaq5.pod >--- perl-5.8.3.orig/pod/perlfaq5.pod Mon Jan 19 18:46:25 2004 >+++ perl-5.8.3/pod/perlfaq5.pod Sun Jan 25 16:59:15 2004 >@@ -141,6 +141,7 @@ > my $count = 0; > until (defined(fileno(FH)) || $count++ > 100) { > $base_name =~ s/-(\d+)$/"-" . (1 + $1)/e; >+ # O_EXCL is required for security reasons. > sysopen(FH, $base_name, O_WRONLY|O_EXCL|O_CREAT); > } > if (defined(fileno(FH)) >@@ -427,8 +428,8 @@ > > To open a file without blocking, creating if necessary: > >- sysopen(FH, "/tmp/somefile", O_WRONLY|O_NDELAY|O_CREAT) >- or die "can't open /tmp/somefile: $!": >+ sysopen(FH, "/foo/somefile", O_WRONLY|O_NDELAY|O_CREAT) >+ or die "can't open /foo/somefile: $!": > > Be warned that neither creation nor deletion of files is guaranteed to > be an atomic operation over NFS. That is, two processes might both >@@ -924,7 +925,7 @@ > If you check L<perlfunc/open>, you'll see that several of the ways > to call open() should do the trick. For example: > >- open(LOG, ">>/tmp/logfile"); >+ open(LOG, ">>/foo/logfile"); > open(STDERR, ">&LOG"); > > Or even with a literal numeric descriptor: >diff -ur perl-5.8.3.orig/pod/perlfaq8.pod perl-5.8.3/pod/perlfaq8.pod >--- perl-5.8.3.orig/pod/perlfaq8.pod Tue Sep 30 17:11:46 2003 >+++ perl-5.8.3/pod/perlfaq8.pod Mon Jan 19 20:14:11 2004 >@@ -749,10 +749,10 @@ > while (<PH>) { } # plus a read > > To read both a command's STDOUT and its STDERR separately, it's easiest >-and safest to redirect them separately to files, and then read from those >-files when the program is done: >+to redirect them separately to files, and then read from those files >+when the program is done: > >- system("program args 1>/tmp/program.stdout 2>/tmp/program.stderr"); >+ system("program args 1>program.stdout 2>program.stderr"); > > Ordering is important in all these examples. That's because the shell > processes file descriptor redirections in strictly left to right order. >@@ -1063,8 +1063,8 @@ > sysopen(): > > use Fcntl; >- sysopen(FH, "/tmp/somefile", O_WRONLY|O_NDELAY|O_CREAT, 0644) >- or die "can't open /tmp/somefile: $!": >+ sysopen(FH, "/foo/somefile", O_WRONLY|O_NDELAY|O_CREAT, 0644) >+ or die "can't open /foo/somefile: $!": > > =head2 How do I install a module from CPAN? > >diff -ur perl-5.8.3.orig/pod/perlfunc.pod perl-5.8.3/pod/perlfunc.pod >--- perl-5.8.3.orig/pod/perlfunc.pod Mon Jan 19 18:46:25 2004 >+++ perl-5.8.3/pod/perlfunc.pod Mon Jan 19 20:14:11 2004 >@@ -2928,7 +2928,7 @@ > open(ARTICLE, "caesar <$article |") # ditto > or die "Can't start caesar: $!"; > >- open(EXTRACT, "|sort >/tmp/Tmp$$") # $$ is our process id >+ open(EXTRACT, "|sort >Tmp$$") # $$ is our process id > or die "Can't start sort: $!"; > > # in memory files >diff -ur perl-5.8.3.orig/pod/perlipc.pod perl-5.8.3/pod/perlipc.pod >--- perl-5.8.3.orig/pod/perlipc.pod Tue Sep 30 17:11:48 2003 >+++ perl-5.8.3/pod/perlipc.pod Mon Jan 19 20:14:11 2004 >@@ -1030,7 +1030,7 @@ > use strict; > my ($rendezvous, $line); > >- $rendezvous = shift || '/tmp/catsock'; >+ $rendezvous = shift || 'catsock'; > socket(SOCK, PF_UNIX, SOCK_STREAM, 0) || die "socket: $!"; > connect(SOCK, sockaddr_un($rendezvous)) || die "connect: $!"; > while (defined($line = <SOCK>)) { >@@ -1051,7 +1051,7 @@ > sub spawn; # forward declaration > sub logmsg { print "$0 $$: @_ at ", scalar localtime, "\n" } > >- my $NAME = '/tmp/catsock'; >+ my $NAME = 'catsock'; > my $uaddr = sockaddr_un($NAME); > my $proto = getprotobyname('tcp'); > >diff -ur perl-5.8.3.orig/pod/perllexwarn.pod perl-5.8.3/pod/perllexwarn.pod >--- perl-5.8.3.orig/pod/perllexwarn.pod Tue Sep 30 17:11:48 2003 >+++ perl-5.8.3/pod/perllexwarn.pod Sun Jan 25 17:02:14 2004 >@@ -381,9 +381,9 @@ > sub open { > my $path = shift ; > if ($path !~ m#^/#) { >- warnings::warn("changing relative path to /tmp/") >+ warnings::warn("changing relative path to /var/abc") > if warnings::enabled(); >- $path = "/tmp/$path" ; >+ $path = "/var/abc/$path"; > } > } > >diff -ur perl-5.8.3.orig/pod/perlobj.pod perl-5.8.3/pod/perlobj.pod >--- perl-5.8.3.orig/pod/perlobj.pod Mon Jan 19 18:46:25 2004 >+++ perl-5.8.3/pod/perlobj.pod Mon Jan 19 20:14:11 2004 >@@ -535,15 +535,15 @@ > warn "time to die..."; > exit; > >-When run as F</tmp/test>, the following output is produced: >+When run as F</foo/test>, the following output is produced: > >- starting program at /tmp/test line 18. >- CREATING SCALAR(0x8e5b8) at /tmp/test line 7. >- CREATING SCALAR(0x8e57c) at /tmp/test line 7. >- leaving block at /tmp/test line 23. >- DESTROYING Subtle=SCALAR(0x8e5b8) at /tmp/test line 13. >- just exited block at /tmp/test line 26. >- time to die... at /tmp/test line 27. >+ starting program at /foo/test line 18. >+ CREATING SCALAR(0x8e5b8) at /foo/test line 7. >+ CREATING SCALAR(0x8e57c) at /foo/test line 7. >+ leaving block at /foo/test line 23. >+ DESTROYING Subtle=SCALAR(0x8e5b8) at /foo/test line 13. >+ just exited block at /foo/test line 26. >+ time to die... at /foo/test line 27. > DESTROYING Subtle=SCALAR(0x8e57c) during global destruction. > > Notice that "global destruction" bit there? That's the thread >diff -ur perl-5.8.3.orig/pod/perlop.pod perl-5.8.3/pod/perlop.pod >--- perl-5.8.3.orig/pod/perlop.pod Mon Jan 19 18:46:25 2004 >+++ perl-5.8.3/pod/perlop.pod Mon Jan 19 20:14:11 2004 >@@ -1160,10 +1160,10 @@ > $output = `cmd 3>&1 1>&2 2>&3 3>&-`; > > To read both a command's STDOUT and its STDERR separately, it's easiest >-and safest to redirect them separately to files, and then read from those >-files when the program is done: >+to redirect them separately to files, and then read from those files >+when the program is done: > >- system("program args 1>/tmp/program.stdout 2>/tmp/program.stderr"); >+ system("program args 1>program.stdout 2>program.stderr"); > > Using single-quote as a delimiter protects the command from Perl's > double-quote interpolation, passing it on to the shell instead: >diff -ur perl-5.8.3.orig/pod/perlopentut.pod perl-5.8.3/pod/perlopentut.pod >--- perl-5.8.3.orig/pod/perlopentut.pod Tue Sep 30 17:11:49 2003 >+++ perl-5.8.3/pod/perlopentut.pod Mon Jan 19 20:14:11 2004 >@@ -192,11 +192,11 @@ > open(WTMP, "+< /usr/adm/wtmp") > || die "can't open /usr/adm/wtmp: $!"; > >- open(SCREEN, "+> /tmp/lkscreen") >- || die "can't open /tmp/lkscreen: $!"; >+ open(SCREEN, "+> lkscreen") >+ || die "can't open lkscreen: $!"; > >- open(LOGFILE, "+>> /tmp/applog" >- || die "can't open /tmp/applog: $!"; >+ open(LOGFILE, "+>> /var/log/applog" >+ || die "can't open /var/log/applog: $!"; > > The first one won't create a new file, and the second one will always > clobber an old one. The third one will create a new file if necessary >diff -ur perl-5.8.3.orig/utils/c2ph.PL perl-5.8.3/utils/c2ph.PL >--- perl-5.8.3.orig/utils/c2ph.PL Tue Sep 30 17:12:10 2003 >+++ perl-5.8.3/utils/c2ph.PL Mon Jan 19 20:18:11 2004 >@@ -280,6 +280,7 @@ > > $RCSID = '$Id: c2ph,v 1.7 95/10/28 10:41:47 tchrist Exp Locker: tchrist $'; > >+use File::Temp; > > ###################################################################### > >@@ -480,6 +481,13 @@ > printf "%-16s%-15s %s\n", $var, eval "\$$var", $msg; > } > >+sub safedir { >+ $SAFEDIR = File::Temp::tempdir("c2ph.XXXXXX", TMPDIR => 1, CLEANUP => 1) >+ unless (defined($SAFEDIR)); >+} >+ >+undef $SAFEDIR; >+ > $recurse = 1; > > if (@ARGV) { >@@ -495,15 +503,15 @@ > } > elsif (@ARGV == 1 && $ARGV[0] =~ /\.c$/) { > local($dir, $file) = $ARGV[0] =~ m#(.*/)?(.*)$#; >- $chdir = "cd $dir; " if $dir; >+ $chdir = "cd $dir && " if $dir; > &system("$chdir$CC $CFLAGS $DEFINES $file") && exit 1; > $ARGV[0] =~ s/\.c$/.s/; > } > else { >- $TMPDIR = tempdir(CLEANUP => 1); >- $TMP = "$TMPDIR/c2ph.$$.c"; >+ &safedir; >+ $TMP = "$SAFEDIR/c2ph.$$.c"; > &system("cat @ARGV > $TMP") && exit 1; >- &system("cd $TMPDIR; $CC $CFLAGS $DEFINES $TMP") && exit 1; >+ &system("cd $SAFEDIR && $CC $CFLAGS $DEFINES $TMP") && exit 1; > unlink $TMP; > $TMP =~ s/\.c$/.s/; > @ARGV = ($TMP); >@@ -1274,8 +1282,8 @@ > } > > sub compute_intrinsics { >- $TMPDIR ||= tempdir(CLEANUP => 1); >- local($TMP) = "$TMPDIR/c2ph-i.$$.c"; >+ &safedir; >+ local($TMP) = "$SAFEDIR/c2ph-i.$$.c"; > open (TMP, ">$TMP") || die "can't open $TMP: $!"; > select(TMP); > >@@ -1303,7 +1311,7 @@ > close TMP; > > select(STDOUT); >- open(PIPE, "cd $TMPDIR && $CC $TMP && $TMPDIR/a.out|"); >+ open(PIPE, "cd $SAFEDIR && $CC $TMP && $SAFEDIR/a.out|"); > while (<PIPE>) { > chop; > split(' ',$_,2);; >@@ -1312,7 +1320,7 @@ > $intrinsics{$_[1]} = $template{$_[0]}; > } > close(PIPE) || die "couldn't read intrinsics!"; >- unlink($TMP, '$TMPDIR/a.out'); >+ unlink($TMP, '$SAFEDIR/a.out'); > print STDERR "done\n" if $trace; > } > >diff -ur perl-5.8.3.orig/utils/perlbug.PL perl-5.8.3/utils/perlbug.PL >--- perl-5.8.3.orig/utils/perlbug.PL Tue Sep 30 17:12:10 2003 >+++ perl-5.8.3/utils/perlbug.PL Mon Jan 19 20:14:11 2004 >@@ -78,7 +78,7 @@ > print OUT <<'!NO!SUBS!'; > > use Config; >-use File::Spec; # keep perlbug Perl 5.005 compatible >+use File::Temp; > use Getopt::Std; > use strict; > >@@ -958,10 +958,9 @@ > } > > sub filename { >- my $dir = File::Spec->tmpdir(); >- $filename = "bugrep0$$"; >- $filename++ while -e File::Spec->catfile($dir, $filename); >- $filename = File::Spec->catfile($dir, $filename); >+ my ($fh, $filename) = File::Temp::tempfile(UNLINK => 1); >+ close($fh); >+ return $filename; > } > > sub paraprint {
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=41172">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 66360
:
41099
| 41172 |
42265
