Package: postgresql Version: 7.4.6-6 Priority: important Tags: security patch
(Note to security team: even if this bug is tagged security it does not
apply to average users of PostgreSQL just to those building it and using
other extra tools which are not available in the Debian binary packages
but are present in the source code)
Hi postgresql maintainer,
I've been auditing postgresql as part of an auditing effort within the
work of the Debian Security Audit team [1] looking for security bugs
that might be used for symlink attacks in temporary directories.
Reviewin postgresql code I've found a lot of scripts which don't use
temporary directories safely:
- temporary files are created based on the $$ construct, which can be
known in advance by an attcker enabling him to construct a
symlink attack (either because it is used multiple times in
files that are created throughout the script or because the PID range
used can be estimated)
- scripts don't honor $TMPDIR and just drop their stuff in /tmp
directly
- scripts remove files in traps or on startup which might not have been
created by the script itself.
(Debian specific)
- scripts could use -t in mktemp calls instead of ${TMPDIR:-/tmp}
(the -t call adds additional checks, see the manpage)
- one script (debian/enable_lang.in) does not check mktemp's
return value and is not running with -e
- the postinst script makes temporary files world-readable when they
might contain sensitive information (such as database dumps)
As said above, I don't find these issues particularly troubling since
the tools are only used on build systems and that code is not
provided to end-users, that's why I'm labeling this bug as 'important'
and not a higher priority ('grave' is usually attached to these kind
of bugs)
Attached is a proposed patch to fix the above issues. It's not tested,
I'm just trying to provide insight at the code pieces which I
think should be fixed (even though they are easy to find just looking
for '/tmp' in the sources). The patch has been done against the
build-tree that the Debian package creates.
It's not included in the patch but I'm slightly worried about the
following file: build-tree/postgresql-7.4.6/src/pl/plperl/ppport.h
Shouldn't this one be modified to one that doesn't use $$ constructs
but File::Temp?
Hope this is useful, if you do think it's proper, please forward it
upstream.
Regards
Javier Fernandez-Sanguino
[1] http://www.nl.debian.org/security/audit/
diff -Nru
postgresql-7.4.6.orig/build-tree/postgresql-7.4.6/contrib/pg_upgrade/pg_upgrade
postgresql-7.4.6/build-tree/postgresql-7.4.6/contrib/pg_upgrade/pg_upgrade
---
postgresql-7.4.6.orig/build-tree/postgresql-7.4.6/contrib/pg_upgrade/pg_upgrade
2002-08-30 00:19:03.000000000 +0200
+++ postgresql-7.4.6/build-tree/postgresql-7.4.6/contrib/pg_upgrade/pg_upgrade
2005-01-23 02:23:25.000000000 +0100
@@ -29,7 +29,11 @@
fi
-trap "rm -f /tmp/$$.*" 0 1 2 3 15
+tmpsavedata=`mktemp -t savedata.XXXXXX` || { echo "$0: Cannot create temporary
file" >&2 ; exit 1 ; }
+tmppgdata=`mktemp -t pgtmpdata.XXXXXX` || { echo "$0: Cannot create temporary
file" >&2 ; exit 1 ; }
+tmpdboidmap=`mktemp -t dboidmap.XXXXXX` || { echo "$0: Cannot create temporary
file" >&2 ; exit 1 ; }
+tmpdbobjoidmap=`mktemp -t dbobjimap.XXXXXX` || { echo "$0: Cannot create
temporary file" >&2 ; exit 1 ; }
+trap "rm -f -- \"$tmpsavedata\" \"$tmppgdata\" \"$tmpdboidmap\"
\"$tmpdbobjoidmap\" " 0 1 2 3 13 15
BASENAME=`basename "$0"`
PHASE=""
@@ -328,9 +332,9 @@
# compare locales to make sure they match
-pg_resetxlog -n "$SAVEDATA" | grep "^LC_" > /tmp/$$.0
-pg_resetxlog -n "$PGDATA" | grep "^LC_" > /tmp/$$.1
-if ! diff /tmp/$$.0 /tmp/$$.1 > /dev/null
+pg_resetxlog -n "$SAVEDATA" | grep "^LC_" > $tmpsavedata
+pg_resetxlog -n "$PGDATA" | grep "^LC_" > $tmppgdata
+if ! diff $tmpsavedata $tmppgdata > /dev/null
then echo "Locales do not match between the two versions. Exiting." 1>&2
exit 1
fi
@@ -360,8 +364,8 @@
echo "Input script completed, fixing row commit statuses..."
# Generate mappings for new database
-make_dboidmap > /tmp/$$.dboidmap || exit "$?"
-make_dbobjoidmap > /tmp/$$.dbobjoidmap || exit "$?"
+make_dboidmap > $tmpdboidmap || exit "$?"
+make_dbobjoidmap > $tmpdbobjoidmap || exit "$?"
# we are done with SQL database access
# shutdown forces buffers to disk
@@ -391,8 +395,8 @@
SRC_OID=`echo "$LINE" | awk '{print $3}'`
SRC_DBOID=`grep "^$DB " "$INFODIR"/dboidmap | awk '{print $2}'`
- DST_DBOID=`grep "^$DB " /tmp/$$.dboidmap | awk '{print $2}'`
- DST_OID=`grep "^$DB $OBJ " /tmp/$$.dbobjoidmap | awk '{print
$3}'`
+ DST_DBOID=`grep "^$DB " $tmpdboidmap | awk '{print $2}'`
+ DST_OID=`grep "^$DB $OBJ " $tmpdbobjoidmap | awk '{print $3}'`
move_objfiles
@@ -405,13 +409,13 @@
SRC_OID=`grep "^$DB pg_toast_$SAVE_SRC_OID " \
"$INFODIR"/dbobjoidmap | awk '{print $3}'`
DST_OID=`grep "^$DB pg_toast_$SAVE_DST_OID " \
- /tmp/$$.dbobjoidmap | awk '{print $3}'`
+ $tmpdbobjoidmap | awk '{print $3}'`
move_objfiles
# toast index
SRC_OID=`grep "^$DB pg_toast_${SAVE_SRC_OID}_idx " \
"$INFODIR"/dbobjoidmap | awk '{print $3}'`
DST_OID=`grep "^$DB pg_toast_${SAVE_DST_OID}_idx " \
- /tmp/$$.dbobjoidmap | awk '{print $3}'`
+ $tmpdbobjoidmap | awk '{print $3}'`
move_objfiles
fi
done
diff -Nru
postgresql-7.4.6.orig/build-tree/postgresql-7.4.6/contrib/tools/add-emacs-variables
postgresql-7.4.6/build-tree/postgresql-7.4.6/contrib/tools/add-emacs-variables
---
postgresql-7.4.6.orig/build-tree/postgresql-7.4.6/contrib/tools/add-emacs-variables
1999-06-05 21:09:45.000000000 +0200
+++
postgresql-7.4.6/build-tree/postgresql-7.4.6/contrib/tools/add-emacs-variables
2005-01-24 09:10:28.000000000 +0100
@@ -4,12 +4,15 @@
#
# Usage: cd $PG_HOME && add-emacs-variables `find . -name \*.[chy] -print`
+tmpfile=`mktemp -t .add-local.XXXXXX` || { echo "$0: Cannot create temporary
file" >&2; exit 1; }
+trap " [ -f \"$tmpfile\" ] && /bin/rm -f -- \"$tmpfile\"" 0 1 2 3 13 15
+
for f in $*; do
if [ -L $f ] || grep -q '^ \* Local Variables:' $f; then
continue
fi
echo $f
- touch -r $f /tmp/.add-local-variables.$$
+ touch -r $f $tmpfile
cat <<- ' EOF' >> $f
/*
@@ -20,9 +23,8 @@
* End:
*/
EOF
- touch -r /tmp/.add-local-variables.$$ $f
+ touch -r $tmpfile $f
done
-rm -f /tmp/.add-local-variables.$$
-
+exit 0
# end of file
diff -Nru
postgresql-7.4.6.orig/build-tree/postgresql-7.4.6/src/backend/catalog/genbki.sh
postgresql-7.4.6/build-tree/postgresql-7.4.6/src/backend/catalog/genbki.sh
---
postgresql-7.4.6.orig/build-tree/postgresql-7.4.6/src/backend/catalog/genbki.sh
2003-07-29 16:12:50.000000000 +0200
+++ postgresql-7.4.6/build-tree/postgresql-7.4.6/src/backend/catalog/genbki.sh
2005-01-23 02:34:41.000000000 +0100
@@ -108,13 +108,8 @@
exit 1
fi
-if [ x"$TMPDIR" = x"" ] ; then
- TMPDIR=/tmp
-fi
-
-
-TMPFILE="$TMPDIR/genbkitmp$$.c"
-
+TMPFILE=`tempfile --prefix=genbk --suffix=.c` || {echo "$0: Cannot create
temporary file"
+>&2; exit 1; }
trap "rm -f $TMPFILE ${OUTPUT_PREFIX}.bki.$$ ${OUTPUT_PREFIX}.description.$$"
0 1 2 3 15
diff -Nru
postgresql-7.4.6.orig/build-tree/postgresql-7.4.6/src/include/catalog/duplicate_oids
postgresql-7.4.6/build-tree/postgresql-7.4.6/src/include/catalog/duplicate_oids
---
postgresql-7.4.6.orig/build-tree/postgresql-7.4.6/src/include/catalog/duplicate_oids
2002-09-17 03:28:36.000000000 +0200
+++
postgresql-7.4.6/build-tree/postgresql-7.4.6/src/include/catalog/duplicate_oids
2005-01-24 09:10:51.000000000 +0100
@@ -17,19 +17,21 @@
echo "uniq -d is not supported on your platform."
echo "Please report this to pgsql-hackers@postgresql.org"
+alloid=`mktemp -t alloids.XXXXXX` || { echo "$0: Cannot create temporary file"
>&2; exit 1; }
+uniqoid=`mktemp -t uniqoid.XXXXXX` || { echo "$0: Cannot create temporary
file" >&2; exit 1; }
+trap " /bin/rm -f -- \"$alloid\" \"$uniqoid\" " 0 1 2 3 13 15
+
egrep '^DATA' $FILES | \
sed -e 's/^.*OID[^=]*=[^0-9]*//' -e 's/[^0-9].*$//' | \
- sort -n >/tmp/alloids.$$
-uniq /tmp/alloids.$$ >/tmp/uniqoids.$$
+ sort -n >$alloid
+uniq $alloid >$uniqoid
-diff -u /tmp/alloids.$$ /tmp/uniqoids.$$ | \
+diff -u $alloid $uniqoid | \
grep -v '/tmp/' | \
grep '^-' | \
sed -e 's/^-//' | \
grep -v '^0$' | \
uniq
-rm /tmp/alloids.$$
-rm /tmp/uniqoids.$$
else
diff -Nru
postgresql-7.4.6.orig/build-tree/postgresql-7.4.6/src/test/bench/perquery
postgresql-7.4.6/build-tree/postgresql-7.4.6/src/test/bench/perquery
--- postgresql-7.4.6.orig/build-tree/postgresql-7.4.6/src/test/bench/perquery
1996-07-09 08:22:21.000000000 +0200
+++ postgresql-7.4.6/build-tree/postgresql-7.4.6/src/test/bench/perquery
2005-01-24 09:12:53.000000000 +0100
@@ -1,6 +1,9 @@
#!/bin/sh
-egrep 'x = "|elapse' > /tmp/foo$$
+foo=`mktemp -t foo.XXXXXX` || { echo "$0: Cannot create temporary file" >&2;
exit 1; }
+trap " [ -f \"$foo\" ] && /bin/rm -f -- \"$foo\"" 0 1 2 3 13 15
+
+egrep 'x = "|elapse' > $foo
awk 'BEGIN { x = 0; y = 0; z = 0; a = 0; } \
/.*elapse.*/ {x = $2 + x; y = $4 + y; z = $6 + z;} \
@@ -8,5 +11,5 @@
printf "query %2d: %7.3f real %7.3f user %7.3f sys\n", a, x, y, z; \
x = 0; y = 0; z = 0; a = a + 1; } \
END {printf("query %2d: %7.3f real %7.3f user %7.3f sys\n", a, x, y,
z);}' \
- < /tmp/foo$$
+ < $foo
diff -Nru postgresql-7.4.6.orig/build-tree/postgresql-7.4.6/src/tools/ccsym
postgresql-7.4.6/build-tree/postgresql-7.4.6/src/tools/ccsym
--- postgresql-7.4.6.orig/build-tree/postgresql-7.4.6/src/tools/ccsym
2003-10-24 23:28:52.000000000 +0200
+++ postgresql-7.4.6/build-tree/postgresql-7.4.6/src/tools/ccsym
2005-01-24 09:14:56.000000000 +0100
@@ -1,10 +1,16 @@
#!/bin/sh
-trap "rm -f /tmp/$$.*" 0 1 2 3 15
-cd /tmp
-cat >$$.c <<EOF
+
+tmpfile=`tempfile --suffix=.c` || { echo "$0: Cannot create temporary file"
>&2; exit 1; }
+trap " [ -f \"$tmpfile\" ] && /bin/rm -f -- \"$tmpfile\"" 0 1 2 3 13 15
+if [ -d "$TMPDIR" ]; then
+ cd $TMPDIR
+else
+ cd /tmp
+fi
+cat >$tmpfile <<EOF
extern int foo;
EOF
-for i in `cc -v -c $$.c 2>&1`
+for i in `cc -v -c $tempfile 2>&1`
do
case "$i" in
-D*) echo "$i" | sed 's/^-D//';;
diff -Nru
postgresql-7.4.6.orig/build-tree/postgresql-7.4.6/src/tools/find_static
postgresql-7.4.6/build-tree/postgresql-7.4.6/src/tools/find_static
--- postgresql-7.4.6.orig/build-tree/postgresql-7.4.6/src/tools/find_static
2000-06-09 00:38:00.000000000 +0200
+++ postgresql-7.4.6/build-tree/postgresql-7.4.6/src/tools/find_static
2005-01-24 09:15:49.000000000 +0100
@@ -1,5 +1,7 @@
#!/bin/sh
-trap "rm -f /tmp/$$" 0 1 2 3 15
+
+tmpfile=`tempfile` || { echo "$0: Cannot create temporary file" >&2; exit 1; }
+trap " [ -f \"$tmpfile\" ] && /bin/rm -f -- \"$tmpfile\"" 0 1 2 3 13 15
# This script finds functions that are either never called, or
# should be static.
@@ -15,13 +17,13 @@
find . -name '[a-z]*.o' -type f -print | while read FILE
do
nm $FILE | cut -c10-100 |awk '{printf "%s\t%s\t%s\n",
"'"$FILE"'",$1,$2}'
-done >/tmp/$$
+done >$tmpfile
dropdb debug
createdb debug
echo "
create table debug (file text, scope char, func text);
- copy debug from '/tmp/"$$"';
+ copy debug from '"$tmpfile"';
select *
into table debug2
diff -Nru
postgresql-7.4.6.orig/build-tree/postgresql-7.4.6/src/tools/make_ctags
postgresql-7.4.6/build-tree/postgresql-7.4.6/src/tools/make_ctags
--- postgresql-7.4.6.orig/build-tree/postgresql-7.4.6/src/tools/make_ctags
2003-01-18 07:06:51.000000000 +0100
+++ postgresql-7.4.6/build-tree/postgresql-7.4.6/src/tools/make_ctags
2005-01-24 09:16:37.000000000 +0100
@@ -1,5 +1,7 @@
#!/bin/sh
-trap "rm -f /tmp/$$" 0 1 2 3 15
+
+tmpfile=`tempfile` || { echo "$0: Cannot create temporary file" >&2; exit 1; }
+trap " [ -f \"$tmpfile\" ] && /bin/rm -f -- \"$tmpfile\"" 0 1 2 3 13 15
rm -f ./tags
if ctags --version 2>&1 | grep Exuberant >/dev/null
@@ -10,7 +12,7 @@
find `pwd`/ \( -name _deadcode -a -prune \) -o \
-type f -name '*.[chyl]' -print|xargs ctags "$FLAGS" -a -f tags
-sort tags >/tmp/$$ && mv /tmp/$$ tags
+sort tags >$tmpfile && mv $tmpfile tags
find . -name 'CVS' -prune -o -type d -print |while read DIR
do
diff -Nru
postgresql-7.4.6.orig/build-tree/postgresql-7.4.6/src/tools/make_etags
postgresql-7.4.6/build-tree/postgresql-7.4.6/src/tools/make_etags
--- postgresql-7.4.6.orig/build-tree/postgresql-7.4.6/src/tools/make_etags
2001-03-14 22:07:16.000000000 +0100
+++ postgresql-7.4.6/build-tree/postgresql-7.4.6/src/tools/make_etags
2005-01-24 09:16:54.000000000 +0100
@@ -1,5 +1,4 @@
#!/bin/sh
-trap "rm -f /tmp/$$" 0 1 2 3 15
rm -f ./TAGS
find `pwd`/ -type f -name '*.[chyl]' -print | \
xargs etags --append -o TAGS
diff -Nru
postgresql-7.4.6.orig/build-tree/postgresql-7.4.6/src/tools/pginclude/pgcompinclude
postgresql-7.4.6/build-tree/postgresql-7.4.6/src/tools/pginclude/pgcompinclude
---
postgresql-7.4.6.orig/build-tree/postgresql-7.4.6/src/tools/pginclude/pgcompinclude
2000-06-15 00:33:06.000000000 +0200
+++
postgresql-7.4.6/build-tree/postgresql-7.4.6/src/tools/pginclude/pgcompinclude
2005-01-24 09:19:14.000000000 +0100
@@ -2,22 +2,26 @@
# report which #include files can not compile on their own
# takes -v option to display compile failure message and line numbers
-trap "rm -f /tmp/$$.c /tmp/$$.o /tmp/$$ /tmp/$$a" 0 1 2 3 15
+ctmp=`tempfile --suffix=.c` || { echo "$0: Cannot create temporary file" >&2;
exit 1; }
+otmp=`tempfile --suffix=.o` || { echo "$0: Cannot create temporary file" >&2;
exit 1; }
+tmpfile=`tempfile` || { echo "$0: Cannot create temporary file" >&2; exit 1; }
+atmp=`tempfile --suffix=.a` || { echo "$0: Cannot create temporary file" >&2;
exit 1; }
+trap "rm -f $ctmp $otmp $tmpfile $atmp" 0 1 2 3 13 15
find . \( -name CVS -a -prune \) -o -name '*.[ch]' -type f -print | while read
FILE
do
- sed 's/->[a-zA-Z0-9_\.]*//g' "$FILE" >/tmp/$$a
- echo "#include \"postgres.h\"" >/tmp/$$.c
- echo "#include \"/tmp/$$a\"" >>/tmp/$$.c
- echo "void include_test(void);" >>/tmp/$$.c
- echo "void include_test() {" >>/tmp/$$.c
- pgdefine "$FILE" >>/tmp/$$.c
- echo "}" >>/tmp/$$.c
- cc -fsyntax-only -Werror -Wall -Wmissing-prototypes
-Wmissing-declarations -I/pg/include -I/pg/backend -c /tmp/$$.c -o /tmp/$$.o
>/tmp/$$ 2>&1
+ sed 's/->[a-zA-Z0-9_\.]*//g' "$FILE" >$atmp
+ echo "#include \"postgres.h\"" >$ctmp
+ echo "#include \"$atmp\"" >>$ctmp
+ echo "void include_test(void);" >>$ctmp
+ echo "void include_test() {" >>$ctmp
+ pgdefine "$FILE" >>$ctmp
+ echo "}" >>$ctmp
+ cc -fsyntax-only -Werror -Wall -Wmissing-prototypes
-Wmissing-declarations -I/pg/include -I/pg/backend -c $ctmp -o $otmp >$tmpfile
2>&1
if [ "$?" -ne 0 ]
then echo "$FILE"
if [ "$1" = "-v" ]
- then cat /tmp/$$
- nl /tmp/$$.c
+ then cat $tmpfile
+ nl $ctmp
echo
fi
fi
diff -Nru
postgresql-7.4.6.orig/build-tree/postgresql-7.4.6/src/tools/pginclude/pgdefine
postgresql-7.4.6/build-tree/postgresql-7.4.6/src/tools/pginclude/pgdefine
---
postgresql-7.4.6.orig/build-tree/postgresql-7.4.6/src/tools/pginclude/pgdefine
2000-06-15 00:28:16.000000000 +0200
+++ postgresql-7.4.6/build-tree/postgresql-7.4.6/src/tools/pginclude/pgdefine
2005-01-24 09:08:15.000000000 +0100
@@ -1,12 +1,14 @@
:
# create macro calls for all defines in the file
-trap "rm -f /tmp/$$" 0 1 2 3 15
+tmpfile=`mktemp -t pgdef.XXXXXX` || { echo "$0: Cannot create temporary file"
+>&2; exit 1; }
+trap " [ -f \"$tmpfile\" ] && /bin/rm -f -- \"$tmpfile\"" 0 1 2 3 13 15
for FILE
do
- cat "$FILE" | grep "^#define" >/tmp/$$
- cat /tmp/$$ | sed -n 's/^#define[ ][ ]*\([a-zA-Z0-9_]*\)[
][ ]*[^ ].*$/(void)\1;/p'
- cat /tmp/$$ | sed -n 's/^#define[ ][
]*\([a-zA-Z0-9_]*([^)]*)\).*$/(=void)\1;/p' |
+ cat "$FILE" | grep "^#define" >$tmpfile
+ cat $tmpfile | sed -n 's/^#define[ ][ ]*\([a-zA-Z0-9_]*\)[
][ ]*[^ ].*$/(void)\1;/p'
+ cat $tmpfile | sed -n 's/^#define[ ][
]*\([a-zA-Z0-9_]*([^)]*)\).*$/(=void)\1;/p' |
sed 's/([a-zA-Z0-9_ ][a-zA-Z0-9_ ]*)/(0)/g' |
sed 's/([a-zA-Z0-9_ ]*,/(0,/g' |
sed 's/,[a-zA-Z0-9_ ]*,/,0,/g' |
diff -Nru
postgresql-7.4.6.orig/build-tree/postgresql-7.4.6/src/tools/pginclude/pgfixinclude
postgresql-7.4.6/build-tree/postgresql-7.4.6/src/tools/pginclude/pgfixinclude
---
postgresql-7.4.6.orig/build-tree/postgresql-7.4.6/src/tools/pginclude/pgfixinclude
2000-06-15 00:28:16.000000000 +0200
+++
postgresql-7.4.6/build-tree/postgresql-7.4.6/src/tools/pginclude/pgfixinclude
2005-01-24 09:07:48.000000000 +0100
@@ -1,7 +1,8 @@
:
# change #include's to <> or ""
-trap "rm -f /tmp/$$.c /tmp/$$.o /tmp/$$ /tmp/$$a /tmp/$$b" 0 1 2 3 15
+tmpfile=`mktemp -t tempfile.XXXXXX` || { echo "$0: Cannot create temporary
file" >&2; exit 1; }
+trap " [ -f \"$tmpfile\" ] && /bin/rm -f -- \"$tmpfile\"" 0 1 2 3 13 15
find . \( -name CVS -a -prune \) -o -type f -print |
while read FILE
do
@@ -11,10 +12,10 @@
do
if [ -s /usr/include/"$INCLUDE" ]
then cat "$FILE" |
- sed 's;^#include[ ][
]*[<"]'"$INCLUDE"'[>"]$;#include <'"$INCLUDE"'>;g' >/tmp/$$
+ sed 's;^#include[ ][
]*[<"]'"$INCLUDE"'[>"]$;#include <'"$INCLUDE"'>;g' $tmpfile
else cat "$FILE" |
- sed 's;^#include[ ][
]*[<"]'"$INCLUDE"'[>"]$;#include "'"$INCLUDE"'";g' >/tmp/$$
+ sed 's;^#include[ ][
]*[<"]'"$INCLUDE"'[>"]$;#include "'"$INCLUDE"'";g' $tmpfile
fi
- cat /tmp/$$ > "$FILE"
+ cat $tmpfile > "$FILE"
done
done
diff -Nru
postgresql-7.4.6.orig/build-tree/postgresql-7.4.6/src/tools/pginclude/pgrminclude
postgresql-7.4.6/build-tree/postgresql-7.4.6/src/tools/pginclude/pgrminclude
---
postgresql-7.4.6.orig/build-tree/postgresql-7.4.6/src/tools/pginclude/pgrminclude
2001-08-24 16:07:50.000000000 +0200
+++
postgresql-7.4.6/build-tree/postgresql-7.4.6/src/tools/pginclude/pgrminclude
2005-01-24 09:21:31.000000000 +0100
@@ -1,7 +1,12 @@
:
# remove extra #include's
-trap "rm -f /tmp/$$.c /tmp/$$.o /tmp/$$ /tmp/$$a /tmp/$$b" 0 1 2 3 15
+ctmp=`tempfile --suffix=.c` || { echo "$0: Cannot create temporary file" >&2;
exit 1; }
+otmp=`tempfile --suffix=.o` || { echo "$0: Cannot create temporary file" >&2;
exit 1; }
+tmpfile=`tempfile` || { echo "$0: Cannot create temporary file" >&2; exit 1; }
+atmp=`tempfile --suffix=.a` || { echo "$0: Cannot create temporary file" >&2;
exit 1; }
+btmp=`tempfile --suffix=.b` || { echo "$0: Cannot create temporary file" >&2;
exit 1; }
+trap "rm -f $ctmp $otmp $tmpfile $atmp $btmp" 0 1 2 3 13 15
find . \( -name CVS -a -prune \) -o -type f -print |
grep -v '\./postgres.h' |
grep -v '\./pg_config.h' |
@@ -16,12 +21,12 @@
# remove defines
if [ "$IS_INCLUDE" = "Y" ]
then cat "$FILE" | grep -v "^#if" | grep -v "^#else" |
- grep -v "^#endif" | sed 's/->[a-zA-Z0-9_\.]*//g' >/tmp/$$a
- else cat "$FILE" >/tmp/$$a
+ grep -v "^#endif" | sed 's/->[a-zA-Z0-9_\.]*//g' >$atmp
+ else cat "$FILE" >$atmp
fi
# loop through all includes
- cat /tmp/$$a | grep "^#include" |
+ cat $atmp | grep "^#include" |
sed 's/^#include[ ]*[<"]\([^>"]*\).*$/\1/g' |
while read INCLUDE
do
@@ -37,29 +42,29 @@
grep -A1 '^#include[ ][ ]*[<"]'"$INCLUDE"'[>"]' "$FILE"
|
egrep -q '^#else|^#endif' && continue
- cat /tmp/$$a |
- grep -v '^#include[ ]*[<"]'"$INCLUDE"'[>"]' >/tmp/$$b
+ cat $atmp |
+ grep -v '^#include[ ]*[<"]'"$INCLUDE"'[>"]' >$btmp
if [ "$IS_INCLUDE" = "Y" ]
- then echo "#include \"postgres.h\"" >/tmp/$$.c
- else >/tmp/$$.c
+ then echo "#include \"postgres.h\"" >$ctmp
+ else >$ctmp
fi
- echo "#include \"/tmp/$$b\"" >>/tmp/$$.c
- echo "void include_test(void);" >>/tmp/$$.c
- echo "void include_test() {" >>/tmp/$$.c
+ echo "#include \"$btmp\"" >>$ctmp
+ echo "void include_test(void);" >>$ctmp
+ echo "void include_test() {" >>$ctmp
if [ "$IS_INCLUDE" = "Y" ]
- then pgdefine "$FILE" >>/tmp/$$.c
+ then pgdefine "$FILE" >>$ctmp
fi
- echo "}" >>/tmp/$$.c
- cc -fsyntax-only -Werror -Wall -Wmissing-prototypes
-Wmissing-declarations -I/pg/include -I/pg/backend -c /tmp/$$.c -o /tmp/$$.o
>/tmp/$$ 2>&1
+ echo "}" >>$ctmp
+ cc -fsyntax-only -Werror -Wall -Wmissing-prototypes
-Wmissing-declarations -I/pg/include -I/pg/backend -c $ctmp -o $otmp >$tmpfile
2>&1
if [ "$?" -eq 0 ]
then echo "$FILE $INCLUDE"
if [ "$IS_INCLUDE" = "N" ]
- then grep -v '^#include[ ][
]*[<"]'"$INCLUDE"'[>"]' "$FILE" >/tmp/$$b
- mv /tmp/$$b "$FILE"
+ then grep -v '^#include[ ][
]*[<"]'"$INCLUDE"'[>"]' "$FILE" >$btmp
+ mv $btmp "$FILE"
fi
if [ "$1" = "-v" ]
- then cat /tmp/$$
- cat /tmp/$$.c
+ then cat $tmpfile
+ cat $ctmp
fi
fi
done
diff -Nru
postgresql-7.4.6.orig/build-tree/postgresql-7.4.6/src/tools/pgindent/pgcppindent
postgresql-7.4.6/build-tree/postgresql-7.4.6/src/tools/pgindent/pgcppindent
---
postgresql-7.4.6.orig/build-tree/postgresql-7.4.6/src/tools/pgindent/pgcppindent
2002-06-15 21:13:04.000000000 +0200
+++ postgresql-7.4.6/build-tree/postgresql-7.4.6/src/tools/pgindent/pgcppindent
2005-01-24 09:23:01.000000000 +0100
@@ -1,6 +1,8 @@
#!/bin/sh
-trap "rm -f /tmp/$$ /tmp/$$a" 0 1 2 3 15
+tmpfile=`tempfile` || { echo "$0: Cannot create temporary file" >&2; exit 1; }
+atmp=`tempfile --suffix=.a` || { echo "$0: Cannot create temporary file" >&2;
exit 1; }
+trap "rm -f $tmpfile $atmp" 0 1 2 3 13 15
entab </dev/null >/dev/null
if [ "$?" -ne 0 ]
then echo "Go to the src/tools/entab directory and do a 'make' and 'make
install'." >&2
@@ -16,12 +18,12 @@
for FILE
do
- astyle --style=ansi -b -p -S < "$FILE" >/tmp/$$ 2>/tmp/$$a
- if [ "$?" -ne 0 -o -s /tmp/$$a ]
+ astyle --style=ansi -b -p -S < "$FILE" >$tmpfile 2>$atmp
+ if [ "$?" -ne 0 -o -s $atmp ]
then echo "$FILE"
- cat /tmp/$$a
+ cat $atmp
fi
- cat /tmp/$$ |
+ cat $tmpfile |
entab -t4 -qc |
- cat >/tmp/$$a && cat /tmp/$$a >"$FILE"
+ cat >$atmp && cat $atmp >"$FILE"
done
diff -Nru
postgresql-7.4.6.orig/build-tree/postgresql-7.4.6/src/tools/pgindent/pgindent
postgresql-7.4.6/build-tree/postgresql-7.4.6/src/tools/pgindent/pgindent
---
postgresql-7.4.6.orig/build-tree/postgresql-7.4.6/src/tools/pgindent/pgindent
2003-09-28 02:25:22.000000000 +0200
+++ postgresql-7.4.6/build-tree/postgresql-7.4.6/src/tools/pgindent/pgindent
2005-01-24 09:24:25.000000000 +0100
@@ -6,7 +6,9 @@
# after *:
# y = (int) x *y;
-trap "rm -f /tmp/$$ /tmp/$$a" 0 1 2 3 15
+tmpfile=`tempfile` || { echo "$0: Cannot create temporary file" >&2; exit 1; }
+atmp=`tempfile --suffix=.a` || { echo "$0: Cannot create temporary file" >&2;
exit 1; }
+trap "rm -f $tmpfile $atmp" 0 1 2 3 13 15
entab </dev/null >/dev/null
if [ "$?" -ne 0 ]
then echo "Go to the src/tools/entab directory and do a 'make' and 'make
install'." >&2
@@ -100,7 +102,7 @@
# protect backslashes in DATA()
sed 's;^DATA(.*$;/*&*/;' |
# protect wrapping in CATALOG()
- sed 's;^CATALOG(.*$;/*&*/;' >/tmp/$$a
+ sed 's;^CATALOG(.*$;/*&*/;' >$atmp
# We get the list of typedef's from /src/tools/find_typedef
indent -bad -bap -bc -bl -d0 -cdb -nce -nfc1 -di12 -i4 -l75 \
@@ -1667,13 +1669,13 @@
-Tyysigned_char \
-Tz_stream \
-Tz_streamp \
-/tmp/$$a >/tmp/$$ 2>&1
- if [ "$?" -ne 0 -o -s /tmp/$$ ]
+$atmp >$tmpfile 2>&1
+ if [ "$?" -ne 0 -o -s "$tmpfile" ]
then echo
echo "$FILE"
- cat /tmp/$$
+ cat $tmpfile
fi
- cat /tmp/$$a |
+ cat $atmp |
# restore DATA/CATALOG lines
sed 's;^/\*\(DATA(.*\)\*/$;\1;' |
sed 's;^/\*\(CATALOG(.*\)\*/$;\1;' |
@@ -1849,7 +1851,7 @@
}
else print $0;
}' |
- cat >/tmp/$$ && cat /tmp/$$ >"$FILE"
+ cat >$tmpfile && cat $tmpfile >"$FILE"
done
# The 'for' loop makes these backup files useless so delete them
diff -Nru
postgresql-7.4.6.orig/build-tree/postgresql-7.4.6/src/tools/pgindent/pgjindent
postgresql-7.4.6/build-tree/postgresql-7.4.6/src/tools/pgindent/pgjindent
---
postgresql-7.4.6.orig/build-tree/postgresql-7.4.6/src/tools/pgindent/pgjindent
2001-11-20 00:16:46.000000000 +0100
+++ postgresql-7.4.6/build-tree/postgresql-7.4.6/src/tools/pgindent/pgjindent
2005-01-24 09:25:51.000000000 +0100
@@ -1,6 +1,8 @@
#!/bin/sh
-trap "rm -f /tmp/$$ /tmp/$$a" 0 1 2 3 15
+tmpfile=`tempfile` || { echo "$0: Cannot create temporary file" >&2; exit 1; }
+atmp=`tempfile --suffix=.a` || { echo "$0: Cannot create temporary file" >&2;
exit 1; }
+trap "rm -f $tmpfile $atmp" 0 1 2 3 13 15
entab </dev/null >/dev/null
if [ "$?" -ne 0 ]
then echo "Go to the src/tools/entab directory and do a 'make' and 'make
install'." >&2
@@ -16,12 +18,12 @@
for FILE
do
- astyle --style=java -b -p -j -S < "$FILE" >/tmp/$$ 2>/tmp/$$a
- if [ "$?" -ne 0 -o -s /tmp/$$a ]
+ astyle --style=java -b -p -j -S < "$FILE" >$tmpfile 2>$atmp
+ if [ "$?" -ne 0 -o -s "$atmp" ]
then echo "$FILE"
- cat /tmp/$$a
+ cat $atmp
fi
- cat /tmp/$$ |
+ cat $tmpfile |
entab -t4 -qc |
- cat >/tmp/$$a && cat /tmp/$$a >"$FILE"
+ cat >$atmp && cat $atmp >"$FILE"
done
diff -Nru postgresql-7.4.6.orig/build-tree/postgresql-7.4.6/src/tools/pgtest
postgresql-7.4.6/build-tree/postgresql-7.4.6/src/tools/pgtest
--- postgresql-7.4.6.orig/build-tree/postgresql-7.4.6/src/tools/pgtest
2003-06-28 00:04:50.000000000 +0200
+++ postgresql-7.4.6/build-tree/postgresql-7.4.6/src/tools/pgtest
2005-01-24 09:00:30.000000000 +0100
@@ -10,9 +10,8 @@
[ ! -d src ] && echo "This must be run from the top of the PostgreSQL source
tree" 1>&2 && exit 1
-trap "rm -rf /tmp/$$" 0 1 2 3 15
-mkdir /tmp/$$
-TMP="/tmp/$$"
+TMP=`mktemp -d pgtest.XXXXXX` || { echo "$0: Cannot create temporary
directory" >&2; exit 1; }
+trap " [ -d \"$TMP\" ] && rm -rf \"$TMP\"" 0 1 2 3 13 15
[ "X$1" != "X-n" ] && PGCLEAN=clean
@@ -26,3 +25,5 @@
grep -v find_rule |
grep -v yy_flex_realloc |
grep -v '\[javac\] [0-9]* warning'
+
+exit
diff -Nru postgresql-7.4.6.orig/debian/enable_lang.in
postgresql-7.4.6/debian/enable_lang.in
--- postgresql-7.4.6.orig/debian/enable_lang.in 2005-01-21 01:42:11.000000000
+0100
+++ postgresql-7.4.6/debian/enable_lang.in 2005-01-24 09:27:34.000000000
+0100
@@ -46,8 +46,8 @@
exit
fi
-TMPFILE=`mktemp ${TMPDIR:=/tmp}/enable_lang.XXXXXX`
-TMPFIL2=`mktemp ${TMPDIR:=/tmp}/enable_lang.XXXXXX`
+TMPFILE=`mktemp -t enable_lang.XXXXXX` || { echo "$0: Cannot create temporary
file" >&2; exit 1; }
+TMPFIL2=`mktemp -t enable_lang.XXXXXX` || { echo "$0: Cannot create temporary
file" >&2; exit 1; }
trap "rm $TMPFILE $TMPFIL2" EXIT
if ! [ -r /etc/postgresql/postgresql.env ]
diff -Nru postgresql-7.4.6.orig/debian/postgresql-dump.in
postgresql-7.4.6/debian/postgresql-dump.in
--- postgresql-7.4.6.orig/debian/postgresql-dump.in 2005-01-21
01:42:11.000000000 +0100
+++ postgresql-7.4.6/debian/postgresql-dump.in 2005-01-24 09:26:41.000000000
+0100
@@ -105,7 +105,7 @@
## Start of execution ##
SHELL=/bin/sh
-TMPFILE=`mktemp ${TMPDIR:-/tmp}/pg.XXXXXX` || exit 1
+TMPFILE=`mktemp -t pg.XXXXXX` || exit 1
chmod a+rw $TMPFILE
trap recoverconfig 0
diff -Nru postgresql-7.4.6.orig/debian/postinst.in
postgresql-7.4.6/debian/postinst.in
--- postgresql-7.4.6.orig/debian/postinst.in 2005-01-21 01:42:11.000000000
+0100
+++ postgresql-7.4.6/debian/postinst.in 2005-01-24 09:28:49.000000000 +0100
@@ -238,13 +238,13 @@
exit
esac
-SCRIPTFILE=`mktemp ${TMPDIR:-/tmp}/pg.XXXXXX` || exit 1
-chmod 755 $SCRIPTFILE
-TMPFILE=`mktemp ${TMPDIR:-/tmp}/pg.XXXXXX` || exit 1
+SCRIPTFILE=`mktemp -t pg.XXXXXX` || exit 1
+chmod 750 $SCRIPTFILE
+TMPFILE=`mktemp -t pg.XXXXXX` || exit 1
chown postgres:postgres $TMPFILE
-chmod 644 $TMPFILE
-MAILFILE=`mktemp ${TMPDIR:-/tmp}/pg.XXXXXX` || exit 1
-chmod 644 $MAILFILE
+chmod 640 $TMPFILE
+MAILFILE=`mktemp -t pg.XXXXXX` || exit 1
+chmod 640 $MAILFILE
MAILSUBJECT="Postgresql installation"
# arrange to delete the temporary files and mail output to root
diff -Nru postgresql-7.4.6.orig/debian/preinst.in
postgresql-7.4.6/debian/preinst.in
--- postgresql-7.4.6.orig/debian/preinst.in 2005-01-21 01:42:11.000000000
+0100
+++ postgresql-7.4.6/debian/preinst.in 2005-01-24 09:30:33.000000000 +0100
@@ -28,7 +28,7 @@
current=%PG_VERSION%
SHELL=/bin/sh
-TMPFILE=$(mktemp ${TMPDIR:-/tmp}/postgresql.XXXXXX || exit 1)
+TMPFILE=$(mktemp -t postgresql.XXXXXX || exit 1)
chmod a+rw $TMPFILE
trap "rm -f $TMPFILE" 0
signature.asc
Description: Digital signature
