[MacPorts] #47050: pass @1.6.3 update to 1.6.5
#47050: pass @1.6.3 update to 1.6.5 ---------------------+-------------------------------- Reporter: edwin@… | Owner: macports-tickets@… Type: update | Status: new Priority: Normal | Milestone: Component: ports | Version: 2.3.3 Keywords: | Port: pass ---------------------+-------------------------------- patch-getopt-path.diff and patch-use_apple_mktemp.diff seem to have become unnecessary also the post-patch instruction -- Ticket URL: <https://trac.macports.org/ticket/47050> MacPorts <https://www.macports.org/> Ports system for OS X
#47050: pass @1.6.3 update to 1.6.5 ----------------------+-------------------------------- Reporter: edwin@… | Owner: macports-tickets@… Type: update | Status: new Priority: Normal | Milestone: Component: ports | Version: 2.3.3 Resolution: | Keywords: Port: pass | ----------------------+-------------------------------- Comment (by john@…): Thanks for this! I'll take a look shortly. -- Ticket URL: <https://trac.macports.org/ticket/47050#comment:1> MacPorts <https://www.macports.org/> Ports system for OS X
#47050: pass @1.6.3 update to 1.6.5 ----------------------+-------------------------------- Reporter: edwin@… | Owner: macports-tickets@… Type: update | Status: new Priority: Normal | Milestone: Component: ports | Version: 2.3.3 Resolution: | Keywords: Port: pass | ----------------------+-------------------------------- Comment (by john@…): It looks as though upstream has changed to use a hard-coded prefix of `/opt/local` for `getopt` if Macports is installed. That'll work for a default installation, but not if Macports has been relocated to a different directory. `patch-getopt-path.diff` & the associated post-patch instruction are therefore still necessary, but will need to be updated to work with the new version. `patch-use_apple_mktemp.diff` was never required on a vanilla system, but is necessary if the unqualified `mktemp` invocation gets you the GNU version (say, from `/opt/local/libexec/gnubin/mktemp`) rather than the Apple provided `/usr/bin/mktemp`. I've not checked in detail, but from a quick glance that hasn't changed in the new version of pass. I'll prepare and upload a revised portfile & associated patches shortly. Thanks again for your help! -- Ticket URL: <https://trac.macports.org/ticket/47050#comment:2> MacPorts <https://www.macports.org/> Ports system for OS X
#47050: pass @1.6.3 update to 1.6.5 ----------------------+-------------------------------- Reporter: edwin@… | Owner: macports-tickets@… Type: update | Status: new Priority: Normal | Milestone: Component: ports | Version: 2.3.3 Resolution: | Keywords: Port: pass | ----------------------+-------------------------------- Comment (by john@…): So in fact upstream has fixed the issues with GNU mktemp ([http://git.zx2c4.com/password- store/commit/?id=4e6a49ebff535fdf5a07890af661ba7a2be6588a ages ago] it turns out), so the workaround there is no longer necessary. I'm a little nervous because upstream doesn't use absolute paths for anything, which I naively imagine means it would be easy for something incompatible (or even malicious) to sneak its way onto your `$PATH` and cause havoc. I think that's a problem for upstream, though, not something I want to address in a Macports-specific way. -- Ticket URL: <https://trac.macports.org/ticket/47050#comment:3> MacPorts <https://www.macports.org/> Ports system for OS X
#47050: pass @1.6.3 update to 1.6.5 ----------------------+-------------------------------- Reporter: edwin@… | Owner: macports-tickets@… Type: update | Status: new Priority: Normal | Milestone: Component: ports | Version: 2.3.3 Resolution: | Keywords: Port: pass | ----------------------+-------------------------------- Comment (by john@…): I've provided an updated Portfile which reinstates `patch-getopt-path`. I've also taken the opportunity to introduce a bin dependency on `gpg2`, thereby addressing #40751 in the process. Hopefully somebody with commit privileges will take care of this soon. Thanks for your help! -- Ticket URL: <https://trac.macports.org/ticket/47050#comment:4> MacPorts <https://www.macports.org/> Ports system for OS X
#47050: pass @1.6.3 update to 1.6.5 ----------------------+-------------------------- Reporter: edwin@… | Owner: ryandesign@… Type: update | Status: assigned Priority: Normal | Milestone: Component: ports | Version: 2.3.3 Resolution: | Keywords: haspatch Port: pass | ----------------------+-------------------------- Changes (by ryandesign@…): * owner: macports-tickets@… => ryandesign@… * keywords: => haspatch * status: new => assigned Comment: Replying to [comment:3 john@…]:
I'm a little nervous because upstream doesn't use absolute paths for anything, which I naively imagine means it would be easy for something incompatible (or even malicious) to sneak its way onto your `$PATH` and cause havoc.
MacPorts sanitizes PATH and other environment variables. The only way something weird could get into PATH is if the user deliberately modifies the binpath setting in their macports.conf, and there's a comment in that file discouraging that practice. -- Ticket URL: <https://trac.macports.org/ticket/47050#comment:5> MacPorts <https://www.macports.org/> Ports system for OS X
#47050: pass @1.6.3 update to 1.6.5 ----------------------+-------------------------- Reporter: edwin@… | Owner: ryandesign@… Type: update | Status: assigned Priority: Normal | Milestone: Component: ports | Version: 2.3.3 Resolution: | Keywords: haspatch Port: pass | ----------------------+-------------------------- Comment (by john@…): Note that pass is invoking `mktemp`, `gpg2`, `srm`, etc at ''run-time'', and will pick whatever happens to come first in the user's `$PATH`. This could be a problem if there's something unexpected in there that happens to share a name with one of the above, either maliciously or just through unfortunate coincidence. I don't think there's anything that MacPorts can do about this; as far as I know the 'sanitization' you refer to only happens at install-time. -- Ticket URL: <https://trac.macports.org/ticket/47050#comment:6> MacPorts <https://www.macports.org/> Ports system for OS X
#47050: pass @1.6.3 update to 1.6.5 ----------------------+-------------------------- Reporter: edwin@… | Owner: ryandesign@… Type: update | Status: assigned Priority: Normal | Milestone: Component: ports | Version: 2.3.3 Resolution: | Keywords: haspatch Port: pass | ----------------------+-------------------------- Comment (by ryandesign@…): That's right, MacPorts' precautions only help at build time. I didn't realize we were talking about runtime behaviors. -- Ticket URL: <https://trac.macports.org/ticket/47050#comment:7> MacPorts <https://www.macports.org/> Ports system for OS X
#47050: pass @1.6.3 update to 1.6.5 ----------------------+-------------------------- Reporter: edwin@… | Owner: ryandesign@… Type: update | Status: assigned Priority: Normal | Milestone: Component: ports | Version: 2.3.3 Resolution: | Keywords: haspatch Port: pass | ----------------------+-------------------------- Comment (by ryandesign@…): To guard against a weird PATH at runtime (and this can help at build time too), use the absolute path to each program, making sure to take the user's MacPorts prefix into account. -- Ticket URL: <https://trac.macports.org/ticket/47050#comment:8> MacPorts <https://www.macports.org/> Ports system for OS X
#47050: pass @1.6.3 update to 1.6.5 ----------------------+-------------------------- Reporter: edwin@… | Owner: ryandesign@… Type: update | Status: closed Priority: Normal | Milestone: Component: ports | Version: 2.3.3 Resolution: fixed | Keywords: haspatch Port: pass | ----------------------+-------------------------- Changes (by ionic@…): * cc: ionic@… (added) * status: assigned => closed * resolution: => fixed Comment: Committed in r138163. Thanks! -- Ticket URL: <https://trac.macports.org/ticket/47050#comment:9> MacPorts <https://www.macports.org/> Ports system for OS X
participants (1)
-
MacPorts