Opened 10 years ago
Closed 9 years ago
#47050 closed update (fixed)
pass @1.6.3 update to 1.6.5
Reported by: | edwin@… | Owned by: | ryandesign (Ryan Carsten Schmidt) |
---|---|---|---|
Priority: | Normal | Milestone: | |
Component: | ports | Version: | 2.3.3 |
Keywords: | haspatch | Cc: | john@…, Ionic (Mihai Moldovan) |
Port: | pass |
Description
patch-getopt-path.diff
and
patch-use_apple_mktemp.diff
seem to have become unnecessary
also the post-patch instruction
Attachments (3)
Change History (12)
Changed 10 years ago by edwin@…
Attachment: | Portfile-pass.diff added |
---|
comment:1 Changed 10 years ago by john@…
comment:2 Changed 10 years ago by john@…
It looks as though upstream has changed to use a hard-coded prefix of /opt/local
for getopt
if Macports is installed. That'll work for a default installation, but not if Macports has been relocated to a different directory. patch-getopt-path.diff
& the associated post-patch instruction are therefore still necessary, but will need to be updated to work with the new version.
patch-use_apple_mktemp.diff
was never required on a vanilla system, but is necessary if the unqualified mktemp
invocation gets you the GNU version (say, from /opt/local/libexec/gnubin/mktemp
) rather than the Apple provided /usr/bin/mktemp
. I've not checked in detail, but from a quick glance that hasn't changed in the new version of pass.
I'll prepare and upload a revised portfile & associated patches shortly. Thanks again for your help!
comment:3 follow-up: 5 Changed 10 years ago by john@…
So in fact upstream has fixed the issues with GNU mktemp (ages ago it turns out), so the workaround there is no longer necessary.
I'm a little nervous because upstream doesn't use absolute paths for anything, which I naively imagine means it would be easy for something incompatible (or even malicious) to sneak its way onto your $PATH
and cause havoc. I think that's a problem for upstream, though, not something I want to address in a Macports-specific way.
Changed 10 years ago by john@…
Attachment: | Portfile-pass.2.diff added |
---|
Changed 10 years ago by john@…
Attachment: | patch-getopt-path.diff added |
---|
comment:4 Changed 10 years ago by john@…
I've provided an updated Portfile which reinstates patch-getopt-path
. I've also taken the opportunity to introduce a bin dependency on gpg2
, thereby addressing #40751 in the process.
Hopefully somebody with commit privileges will take care of this soon. Thanks for your help!
comment:5 Changed 10 years ago by ryandesign (Ryan Carsten Schmidt)
Keywords: | haspatch added |
---|---|
Owner: | changed from macports-tickets@… to ryandesign@… |
Status: | new → assigned |
Replying to john@…:
I'm a little nervous because upstream doesn't use absolute paths for anything, which I naively imagine means it would be easy for something incompatible (or even malicious) to sneak its way onto your
$PATH
and cause havoc.
MacPorts sanitizes PATH and other environment variables. The only way something weird could get into PATH is if the user deliberately modifies the binpath setting in their macports.conf, and there's a comment in that file discouraging that practice.
comment:6 Changed 10 years ago by john@…
Note that pass is invoking mktemp
, gpg2
, srm
, etc at run-time, and will pick whatever happens to come first in the user's $PATH
. This could be a problem if there's something unexpected in there that happens to share a name with one of the above, either maliciously or just through unfortunate coincidence.
I don't think there's anything that MacPorts can do about this; as far as I know the 'sanitization' you refer to only happens at install-time.
comment:7 Changed 10 years ago by ryandesign (Ryan Carsten Schmidt)
That's right, MacPorts' precautions only help at build time. I didn't realize we were talking about runtime behaviors.
comment:8 Changed 10 years ago by ryandesign (Ryan Carsten Schmidt)
To guard against a weird PATH at runtime (and this can help at build time too), use the absolute path to each program, making sure to take the user's MacPorts prefix into account.
comment:9 Changed 9 years ago by Ionic (Mihai Moldovan)
Cc: | ionic@… added |
---|---|
Resolution: | → fixed |
Status: | assigned → closed |
Committed in r138163. Thanks!
Thanks for this! I'll take a look shortly.