The configure script provided with cvsadmin-1.0.3 does not recognise that the host system provides mkdtemp(3); in fact, it does not even test for it. Therefore ${WRKSRC}/src/util.c uses an insecure (as admitted in the source code) work around to generate a temporary directory instead of using mkdtemp(3). Fix: Since all supported versions of FreeBSD (even all versions since 3.2) provide mkdtemp(3), simply set HAVE_MKDTEMP manually in the post-configure phase. This can be achieved by applying the following patch to the port. How-To-Repeat: cd /usr/ports/devel/cvsadmin && make configure and inspect ${WRKSRC}/config.h, reading ${WRKSRC}/src/util.c alternatively, cd /usr/ports/devel/cvsadmin && make build and inspect ${WRKSRC}/src/util.o
Class Changed From-To: sw-bug->maintainer-update Fix category (submitter is maintainer) (via the GNATS Auto Assign Tool)
Responsible Changed From-To: freebsd-ports-bugs->pgollucci I'll take it.
pgollucci 2009-07-09 02:37:20 UTC FreeBSD ports repository Modified files: devel/cvsadmin Makefile Log: - configure cvsadmin to use mkdtemp(3) instead of insecure work-around PR: ports/136287 Submitted by: Klaus T Aehlig <aehlig@linta.de> (maintainer) Revision Changes Path 1.16 +5 -3 ports/devel/cvsadmin/Makefile _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
State Changed From-To: open->closed Committed. Thanks!