head	1.3;
access;
symbols
	RELEASE_6_0_0:1.2
	RELEASE_5_4_0:1.2
	RELEASE_4_11_0:1.2
	RELEASE_5_3_0:1.2
	RELEASE_4_10_0:1.2
	RELEASE_5_2_1:1.2
	RELEASE_5_2_0:1.2
	RELEASE_4_9_0:1.2
	RELEASE_5_1_0:1.2
	RELEASE_4_8_0:1.2
	RELEASE_5_0_0:1.2
	RELEASE_4_7_0:1.2
	RELEASE_4_6_2:1.2
	RELEASE_4_6_1:1.2
	RELEASE_4_6_0:1.2
	RELEASE_5_0_DP1:1.2
	RELEASE_4_5_0:1.2
	RELEASE_4_4_0:1.2
	RELEASE_4_3_0:1.2
	RELEASE_4_2_0:1.2
	RELEASE_4_1_1:1.2
	RELEASE_4_1_0:1.2
	RELEASE_3_5_0:1.2
	RELEASE_4_0_0:1.2
	RELEASE_3_4_0:1.1
	RELEASE_3_3_0:1.1
	RELEASE_3_2_0:1.1
	RELEASE_3_1_0:1.1
	RELEASE_2_2_8:1.1
	RELEASE_3_0_0:1.1
	RELEASE_2_2_7:1.1;
locks; strict;
comment	@# @;


1.3
date	2005.10.14.12.25.57;	author naddy;	state dead;
branches;
next	1.2;

1.2
date	2000.03.05.09.27.25;	author kris;	state Exp;
branches;
next	1.1;

1.1
date	98.06.14.23.33.19;	author hoek;	state Exp;
branches;
next	;


desc
@@


1.3
log
@Update to 5.21n.  No user-visible changes.

The new upstream version now opens temporary files in a safe manner,
so our local patches for this are no longer needed.

Approved by:	ache
@
text
@--- ./marc.c.orig	Tue Apr 14 18:59:21 1992
+++ ./marc.c	Wed Aug 11 10:22:31 1999
@@@@ -28,12 +28,17 @@@@
 #if	UNIX
 #include <sys/types.h>
 #include <sys/stat.h>
+#include <errno.h>
+#include <unistd.h>
+#include <string.h>
+#include <err.h>
 #endif
 
 #ifndef	__STDC__
 char *calloc(), *malloc(), *realloc(); /* memory managers */
 #endif
 VOID	arcdie();
+int move(),setstamp();
 static VOID expandlst(), merge();
 
 FILE *src;			       /* source archive */
@@@@ -50,7 +55,7 @@@@
     char *makefnam();		       /* filename fixup routine */
     char *envfind();
 #if	!_MTS
-    char *arctemp2, *mktemp();		/* temp file stuff */
+    char *arctemp2;		       /* temp file stuff */
 #endif
 #if	GEMDOS
     VOID exitpause();
@@@@ -114,8 +119,18 @@@@
 #endif
 #if	!MSDOS
 	{
-		static char tempname[] = "AXXXXXX";
-		strcat(arctemp, mktemp(tempname));
+		static char tempname[] = "AXXXXXX.arc";
+		int fd=-1;
+		strcat(arctemp, tempname);
+		if((fd = mkstemps(arctemp,4)) == -1 ||
+		   (new = fdopen(fd, "w+")) == NULL) {
+			if (fd != -1) {
+				unlink(arctemp);
+				close(fd);
+			}
+			err(1, "can't create temp file %s", arctemp);
+		}
+
 	}
 #else
 	strcat(arctemp, "$ARCTEMP");
@@@@ -148,8 +163,10 @@@@
     arc = fopen(arcname,OPEN_R);	       /* open the archives */
     if(!(src=fopen(srcname,OPEN_R)))
 	 arcdie("Cannot read source archive %s",srcname);
+#if !defined(__OpenBSD__) && !defined(__FreeBSD__) /* this is insecure, see mkstemp(3) */
     if(!(new=fopen(newname,OPEN_W)))
 	 arcdie("Cannot create new archive %s",newname);
+#endif
 
     if(!arc)
 	 printf("Creating new archive %s\n",arcname);
@@@@ -283,7 +300,7 @@@@
     else return 0;		       /* or fake end of archive */
 }
 
-copyfile(f,hdr,ver)		       /* copy a file from an archive */
+int copyfile(f,hdr,ver)		       /* copy a file from an archive */
 FILE *f;			       /* archive to copy from */
 struct heads *hdr;		       /* header data for file */
 int ver;			       /* header version */
@


1.2
log
@From OpenBSD: generate tempfiles securely with mkstemps()

Approved by:	Maintainer
@
text
@@


1.1
log
@1) Break-up the mega-patch-aa.
2) Fix install for non-root users.
3) "See work/Arc521.doc" is not considered a good pkg/DESCR.
4) install ad. doc., too.
@
text
@d1 70
a70 22
*** marc.c.old	Wed Apr 15 02:59:21 1992
--- marc.c	Sat Dec 31 20:40:30 1994
***************
*** 35,40 ****
--- 35,41 ----
  #endif
  VOID	arcdie();
  static VOID expandlst(), merge();
+ char *makefnam();                  /* filename fixup routine */
  
  FILE *src;			       /* source archive */
  char srcname[STRLEN];		       /* source archive name */
***************
*** 47,53 ****
  int nargs;			       /* number of arguments */
  char *arg[];			       /* pointers to arguments */
  {
-     char *makefnam();		       /* filename fixup routine */
      char *envfind();
  #if	!_MTS
      char *arctemp2, *mktemp();		/* temp file stuff */
--- 48,53 ----
@

