Opened 10 years ago

Closed 9 years ago

#47050 closed update (fixed)

pass @1.6.3 update to 1.6.5

Reported by: edwin@… Owned by: ryandesign (Ryan Carsten Schmidt)
Priority: Normal Milestone:
Component: ports Version: 2.3.3
Keywords: haspatch Cc: john@…, Ionic (Mihai Moldovan)
Port: pass

Description

patch-getopt-path.diff

and

patch-use_apple_mktemp.diff

seem to have become unnecessary

also the post-patch instruction

Attachments (3)

Portfile-pass.diff (1.1 KB) - added by edwin@… 10 years ago.
Portfile-pass.2.diff (1.4 KB) - added by john@… 10 years ago.
patch-getopt-path.diff (465 bytes) - added by john@… 10 years ago.

Download all attachments as: .zip

Change History (12)

Changed 10 years ago by edwin@…

Attachment: Portfile-pass.diff added

comment:1 Changed 10 years ago by john@…

Thanks for this! I'll take a look shortly.

comment:2 Changed 10 years ago by john@…

It looks as though upstream has changed to use a hard-coded prefix of /opt/local for getopt if Macports is installed. That'll work for a default installation, but not if Macports has been relocated to a different directory. patch-getopt-path.diff & the associated post-patch instruction are therefore still necessary, but will need to be updated to work with the new version.

patch-use_apple_mktemp.diff was never required on a vanilla system, but is necessary if the unqualified mktemp invocation gets you the GNU version (say, from /opt/local/libexec/gnubin/mktemp) rather than the Apple provided /usr/bin/mktemp. I've not checked in detail, but from a quick glance that hasn't changed in the new version of pass.

I'll prepare and upload a revised portfile & associated patches shortly. Thanks again for your help!

comment:3 Changed 10 years ago by john@…

So in fact upstream has fixed the issues with GNU mktemp (ages ago it turns out), so the workaround there is no longer necessary.

I'm a little nervous because upstream doesn't use absolute paths for anything, which I naively imagine means it would be easy for something incompatible (or even malicious) to sneak its way onto your $PATH and cause havoc. I think that's a problem for upstream, though, not something I want to address in a Macports-specific way.

Changed 10 years ago by john@…

Attachment: Portfile-pass.2.diff added

Changed 10 years ago by john@…

Attachment: patch-getopt-path.diff added

comment:4 Changed 10 years ago by john@…

I've provided an updated Portfile which reinstates patch-getopt-path. I've also taken the opportunity to introduce a bin dependency on gpg2, thereby addressing #40751 in the process.

Hopefully somebody with commit privileges will take care of this soon. Thanks for your help!

Version 0, edited 10 years ago by john@… (next)

comment:5 in reply to:  3 Changed 10 years ago by ryandesign (Ryan Carsten Schmidt)

Keywords: haspatch added
Owner: changed from macports-tickets@… to ryandesign@…
Status: newassigned

Replying to john@…:

I'm a little nervous because upstream doesn't use absolute paths for anything, which I naively imagine means it would be easy for something incompatible (or even malicious) to sneak its way onto your $PATH and cause havoc.

MacPorts sanitizes PATH and other environment variables. The only way something weird could get into PATH is if the user deliberately modifies the binpath setting in their macports.conf, and there's a comment in that file discouraging that practice.

comment:6 Changed 10 years ago by john@…

Note that pass is invoking mktemp, gpg2, srm, etc at run-time, and will pick whatever happens to come first in the user's $PATH. This could be a problem if there's something unexpected in there that happens to share a name with one of the above, either maliciously or just through unfortunate coincidence.

I don't think there's anything that MacPorts can do about this; as far as I know the 'sanitization' you refer to only happens at install-time.

comment:7 Changed 10 years ago by ryandesign (Ryan Carsten Schmidt)

That's right, MacPorts' precautions only help at build time. I didn't realize we were talking about runtime behaviors.

comment:8 Changed 10 years ago by ryandesign (Ryan Carsten Schmidt)

To guard against a weird PATH at runtime (and this can help at build time too), use the absolute path to each program, making sure to take the user's MacPorts prefix into account.

comment:9 Changed 9 years ago by Ionic (Mihai Moldovan)

Cc: ionic@… added
Resolution: fixed
Status: assignedclosed

Committed in r138163. Thanks!

Note: See TracTickets for help on using tickets.