anvil-editor: init at 0.4
[NixPkgs.git] / pkgs / development / perl-modules / Data-UUID-CVE-2013-4184.patch
blob731e2eeb0dffb2884dc5beb2438efc2ddb13a1d9
1 Eliminate use of state/node files in temp directory, which are a security concern due to insecure writing of State/Node files in a temporary directory, with predictable filenames, with a possible symlink attack.
3 Fixes CVE-2013-4184
5 https://github.com/bleargh45/Data-UUID/pull/40 by Graham TerMarsch @bleargh45
8 diff --git a/Makefile.PL b/Makefile.PL
9 index 4ca26af..fb1a0f0 100644
10 --- a/Makefile.PL
11 +++ b/Makefile.PL
12 @@ -89,30 +89,14 @@ WriteMakefile(
14 CONFIGURE => sub {
15 my %opt;
16 - GetOptions(\%opt, 's|state-storage-directory:s', 'd|default-umask:s',
17 - 'help|?', 'man') or pod2usage(2);
18 + GetOptions(\%opt, 'help|?', 'man') or pod2usage(2);
19 pod2usage(1) if $opt{help};
20 pod2usage(-verbose => 2) if $opt{man};
22 print "Configured options (run perl Makefile.PL --help for how to change this):\n";
24 - my $d = File::Spec->tmpdir;
25 - $d = $opt{s} || $d;
26 - print "\tUUID state storage: $d\n";
27 - $d =~ s/\\/\\\\/g if $^O eq 'MSWin32';
29 - my $m = '0007';
30 - unless ($^O eq 'MSWin32') {
31 - $m = $opt{d} || $m;
32 - print "\tdefault umask: $m\n";
33 - }
35 - chmod(0666, sprintf("%s/%s", $d, ".UUID_NODEID"));
36 - chmod(0666, sprintf("%s/%s", $d, ".UUID_STATE"));
37 return {
38 - DEFINE => '-D_STDIR=' . shell_quote(c_quote($d))
39 - . ' -D' . shell_quote("__$Config{osname}__")
40 - . ' -D_DEFAULT_UMASK=' . shell_quote($m)
41 + DEFINE => ' -D' . shell_quote("__$Config{osname}__")
45 @@ -127,11 +111,9 @@ Makefile.PL - configure Makefile for Data::UUID
47 perl Makefile.PL [options] [EU::MM options]
49 -perl Makefile.PL -s=/var/local/lib/data-uuid -d=0007
50 +perl Makefile.PL
52 Options:
53 - --state-storage-directory directory for storing library state information
54 - --default-umask umask for files in the state storage directory
55 --help brief help message
56 --man full documentation
58 @@ -141,18 +123,6 @@ Options can be abbreviated, see L<Getopt::Long/"Case and abbreviations">.
60 =over
62 -=item --state-storage-directory
64 -Optional. Takes a string that is interpreted as directory for storing library
65 -state information. Default is c:/tmp/ on Windows if it already exists, or the
66 -operating system's temporary directory (see tmpdir in L<File::Spec/"METHODS">),
67 -or /var/tmp as fallback.
69 -=item --default-umask
71 -Optional. Takes a string that is interpreted as umask for the files in the state
72 -storage directory. Default is 0007. This is ignored on Windows.
74 =item --help
76 Print a brief help message and exits.
77 @@ -165,10 +135,7 @@ Prints the manual page and exits.
79 =head1 DESCRIPTION
81 -B<Makefile.PL> writes the Makefile for the Data::UUID library. It is configured
82 -with the options L</"--state-storage-directory"> and L</"--default-umask">.
83 -Unless given, default values are used. In any case the values are printed for
84 -confirmation.
85 +B<Makefile.PL> writes the Makefile for the Data::UUID library.
87 Additionally, the usual EU::MM options are processed, see
88 L<ExtUtils::MakeMaker/"Using Attributes and Parameters">.
89 diff --git a/README b/README
90 index 8aaa1c2..34d53a5 100644
91 --- a/README
92 +++ b/README
93 @@ -23,15 +23,6 @@ To install this module type the following:
94 make test
95 make install
97 -NOTE: This module is designed to save its state information in a permanent
98 -storage location. The installation script (i.e. Makefile.PL) prompts for
99 -a directory name to use as a storage location for state file and defaults
100 -this directory to "/var/tmp" if no directory name is provided.
101 -The installation script will not accept names of directories that do not
102 -exist, however, it will take the locations, which the installing user
103 -has no write permissions to. In this case, the state information will not be
104 -saved, which will maximize the chances of generating duplicate UUIDs.
106 COPYRIGHT AND LICENCE
108 Copyright (C) 2001, Alexander Golomshtok
109 diff --git a/UUID.h b/UUID.h
110 index dc5ea28..11d6e13 100644
111 --- a/UUID.h
112 +++ b/UUID.h
113 @@ -44,23 +44,6 @@
114 #include <process.h>
115 #endif
117 -#if !defined _STDIR
118 -# define _STDIR "/var/tmp"
119 -#endif
120 -#if !defined _DEFAULT_UMASK
121 -# define _DEFAULT_UMASK 0007
122 -#endif
124 -#define UUID_STATE ".UUID_STATE"
125 -#define UUID_NODEID ".UUID_NODEID"
126 -#if defined __mingw32__ || (defined _WIN32 && !defined(__cygwin__)) || defined _MSC_VER
127 -#define UUID_STATE_NV_STORE _STDIR"\\"UUID_STATE
128 -#define UUID_NODEID_NV_STORE _STDIR"\\"UUID_NODEID
129 -#else
130 -#define UUID_STATE_NV_STORE _STDIR"/"UUID_STATE
131 -#define UUID_NODEID_NV_STORE _STDIR"/"UUID_NODEID
132 -#endif
134 #define UUIDS_PER_TICK 1024
135 #ifdef _MSC_VER
136 #define I64(C) C##i64
137 @@ -134,7 +117,6 @@ typedef struct _uuid_state_t {
138 typedef struct _uuid_context_t {
139 uuid_state_t state;
140 uuid_node_t nodeid;
141 - perl_uuid_time_t next_save;
142 } uuid_context_t;
144 static void format_uuid_v1(
145 diff --git a/UUID.xs b/UUID.xs
146 index c3496a8..8191727 100644
147 --- a/UUID.xs
148 +++ b/UUID.xs
149 @@ -356,29 +356,11 @@ PREINIT:
150 UV one = 1;
151 CODE:
152 RETVAL = (uuid_context_t *)PerlMemShared_malloc(sizeof(uuid_context_t));
153 - if ((fd = fopen(UUID_STATE_NV_STORE, "rb"))) {
154 - fread(&(RETVAL->state), sizeof(uuid_state_t), 1, fd);
155 - fclose(fd);
156 - get_current_time(&timestamp);
157 - RETVAL->next_save = timestamp;
159 - if ((fd = fopen(UUID_NODEID_NV_STORE, "rb"))) {
160 - pid_t *hate = (pid_t *) &(RETVAL->nodeid);
161 - fread(&(RETVAL->nodeid), sizeof(uuid_node_t), 1, fd );
162 - fclose(fd);
164 - *hate += getpid();
165 - } else {
167 get_random_info(seed);
168 seed[0] |= 0x80;
169 memcpy(&(RETVAL->nodeid), seed, sizeof(uuid_node_t));
170 - mask = umask(_DEFAULT_UMASK);
171 - if ((fd = fopen(UUID_NODEID_NV_STORE, "wb"))) {
172 - fwrite(&(RETVAL->nodeid), sizeof(uuid_node_t), 1, fd);
173 - fclose(fd);
174 - };
175 - umask(mask);
178 errno = 0;
179 #if DU_THREADSAFE
180 MUTEX_LOCK(&instances_mutex);
181 @@ -415,17 +397,6 @@ PPCODE:
182 self->state.node = self->nodeid;
183 self->state.ts = timestamp;
184 self->state.cs = clockseq;
185 - if (timestamp > self->next_save ) {
186 - mask = umask(_DEFAULT_UMASK);
187 - if((fd = fopen(UUID_STATE_NV_STORE, "wb"))) {
188 - LOCK(fd);
189 - fwrite(&(self->state), sizeof(uuid_state_t), 1, fd);
190 - UNLOCK(fd);
191 - fclose(fd);
193 - umask(mask);
194 - self->next_save = timestamp + (10 * 10 * 1000 * 1000);
196 ST(0) = make_ret(uuid, ix);
197 XSRETURN(1);
199 @@ -585,14 +556,6 @@ CODE:
200 MUTEX_UNLOCK(&instances_mutex);
201 if (count == 0) {
202 #endif
203 - mask = umask(_DEFAULT_UMASK);
204 - if ((fd = fopen(UUID_STATE_NV_STORE, "wb"))) {
205 - LOCK(fd);
206 - fwrite(&(self->state), sizeof(uuid_state_t), 1, fd);
207 - UNLOCK(fd);
208 - fclose(fd);
209 - };
210 - umask(mask);
211 PerlMemShared_free(self);
212 #if DU_THREADSAFE