From bork@rocky.cc.rsu.ru  Thu Nov 20 00:52:41 2003
Return-Path: <bork@rocky.cc.rsu.ru>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 750A816A4CE
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 20 Nov 2003 00:52:41 -0800 (PST)
Received: from rocky.cc.rsu.ru (rocky.cc.rsu.ru [195.208.252.128])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 07CFF43FBF
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 20 Nov 2003 00:52:40 -0800 (PST)
	(envelope-from bork@rocky.cc.rsu.ru)
Received: from rocky.cc.rsu.ru (localhost [127.0.0.1])
	by rocky.cc.rsu.ru (8.12.9/8.12.9) with ESMTP id hAK8vv9S039278
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 20 Nov 2003 11:57:57 +0300 (MSK)
	(envelope-from bork@rocky.cc.rsu.ru)
Received: (from bork@localhost)
	by rocky.cc.rsu.ru (8.12.9/8.12.9/Submit) id hAK8vvAf039277;
	Thu, 20 Nov 2003 11:57:57 +0300 (MSK)
Message-Id: <200311200857.hAK8vvAf039277@rocky.cc.rsu.ru>
Date: Thu, 20 Nov 2003 11:57:57 +0300 (MSK)
From: Konstantin Oznobihin <bork@rsu.ru>
Reply-To: Konstantin Oznobihin <bork@rsu.ru>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: [patch] openFile function opens files for reading and writing instead of reading only
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         59499
>Category:       ports
>Synopsis:       [patch] textproc/xerces-c2: openFile function opens files for reading and writing instead of reading only
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    pav
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Nov 20 01:00:33 PST 2003
>Closed-Date:    Fri Jan 02 12:12:49 PST 2004
>Last-Modified:  Fri Jan 02 12:12:49 PST 2004
>Originator:     Konstantin Oznobihin
>Release:        FreeBSD 5.1-RELEASE-p8 i386
>Organization:
Computer Center of Rostov State University
>Environment:
System: FreeBSD  5.1-RELEASE-p8 FreeBSD 5.1-RELEASE-p8 #2: Sat Oct 4 18:24:23 MSD 2003 bork@rsu.ru:/usr/obj/usr/src/sys/KERNEL i386


>Description:
	The XMLPlatformUtils::openFile function opens files with fopen and
	passes it "r+" string as mode argument. This makes(according to
	fopen(3)) it try to open file for reading and writing while it
	should be opened for reading only. As a result you can't
	work with files not owned by you which is rather common case
	for dtd files.
>How-To-Repeat:
	Try "SAX2Pint somefile.xml" where somefile.xml belongs to
	other user and has access rights rw-r--r--.
>Fix:
	Just change mode from "r+" to "r", here is the patch:

--- patch begins here ---
--- xerces-c-src_2_3_0/src/xercesc/util/Platforms/FreeBSD/FreeBSDPlatformUtils.cpp	Wed Nov 12 20:32:33 2003
+++ FreeBSDPlatformUtils.cpp	Wed Nov 12 20:31:16 2003
@@ -298,7 +298,7 @@
 		 XMLExcepts::CPtr_PointerIsZero);
     const char* tmpFileName = XMLString::transcode(fileName, fgMemoryManager);
     ArrayJanitor<char> janText((char*)tmpFileName, fgMemoryManager);
-    FileHandle retVal = (FileHandle)fopen( tmpFileName , "r+" );
+    FileHandle retVal = (FileHandle)fopen( tmpFileName , "r" );
     return retVal;
 }
 
@@ -307,7 +307,7 @@
     if (fileName == NULL)
 	ThrowXML(XMLPlatformUtilsException,
 		 XMLExcepts::CPtr_PointerIsZero);
-    FileHandle retVal = (FileHandle)fopen( fileName , "r+" );
+    FileHandle retVal = (FileHandle)fopen( fileName , "r" );
     return retVal;
 }
 
--- patch ends here ---


>Release-Note:
>Audit-Trail:

From: Mark Linimon <linimon@lonesome.com>
To: freebsd-gnats-submit@FreeBSD.org, bork@rsu.ru
Cc:  
Subject: Re: ports/59499: [patch] openFile function opens files for reading and writing instead of reading only
Date: Thu, 20 Nov 2003 05:36:54 -0600

 I'm sorry, I'm finding it a little bit difficult to figure out which port this
 PR applies to.
 

From: Oznobihin Konstantin <bork@rsu.ru>
To: freebsd-gnats-submit@FreeBSD.org, bork@rsu.ru?subject=Re
Cc:  
Subject: Re: ports/59499: [patch] openFile function opens files for reading
	and writing instead of reading only
Date: Fri, 21 Nov 2003 17:55:34 +0300

 I'm sorry, it is textproc/xerces-c2. It seems that I hastened :-)
 
 -- 
 Konstantin Oznobihin <bork@rsu.ru>
 Systems programmer and administrator
 Computer Center of Rostov State University.
 

From: Oznobihin Konstantin <bork@rsu.ru>
To: freebsd-gnats-submit@FreeBSD.org, bork@rsu.ru
Cc:  
Subject: Re: ports/59499: [patch] openFile function opens files for reading
	and writing instead of reading only
Date: Fri, 21 Nov 2003 17:57:47 +0300

 I'm sorry, it is textproc/xerces-c2. It seems that I hastened :-)
 
 -- 
 Konstantin Oznobihin <bork@rsu.ru>
 Systems programmer and administrator
 Computer Center of Rostov State University.
 
State-Changed-From-To: open->feedback 
State-Changed-By: pav 
State-Changed-When: Fri Jan 2 10:43:39 PST 2004 
State-Changed-Why:  
Asked maintainer about it. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=59499 
Responsible-Changed-From-To: freebsd-ports-bugs->pav 
Responsible-Changed-By: pav 
Responsible-Changed-When: Fri Jan 2 10:43:56 PST 2004 
Responsible-Changed-Why:  
Watch. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=59499 

From: Pav Lucistnik <pav@FreeBSD.org>
To: freebsd-gnats-submit@FreeBSD.org, bork@rsu.ru,
	bzeeb+freebsdports@zabbadoz.net
Cc:  
Subject: Re: ports/59499: [patch] textproc/xerces-c2: openFile function
	opens files for reading and writing instead of reading only
Date: Fri, 02 Jan 2004 19:43:35 +0100

 Dear maintainer of port textproc/xerces-c2, please take a look at change
 proposed at:
 
 http://www.freebsd.org/cgi/query-pr.cgi?pr=59499
 
 Do you approve or reject this change?
 
 -- 
 Pav Lucistnik <pav@oook.cz>
               <pav@FreeBSD.org>
 
 What do you mean? An African or a European swallow?

From: "Bjoern A. Zeeb" <bzeeb+freebsdports@zabbadoz.net>
To: Pav Lucistnik <pav@FreeBSD.org>
Cc: freebsd-gnats-submit@FreeBSD.org,
	"Bjoern A. Zeeb" <bzeeb+freebsdports@zabbadoz.net>, bork@rsu.ru
Subject: Re: ports/59499: [patch] textproc/xerces-c2: openFile function opens
 files for reading and writing instead of reading only
Date: Fri, 2 Jan 2004 19:13:18 +0000 (UTC)

 On Fri, 2 Jan 2004, Pav Lucistnik wrote:
 
 > Dear maintainer of port textproc/xerces-c2, please take a look at change
 > proposed at:
 >
 > http://www.freebsd.org/cgi/query-pr.cgi?pr=59499
 >
 > Do you approve or reject this change?
 
 looks good; is already fixed in apache cvs and 2.4 but I hadn't had the
 time to update the port due to kernel hacking.
 
 please commit.
 
 -- 
 Bjoern A. Zeeb				bzeeb at Zabbadoz dot NeT
 56 69 73 69 74				http://www.zabbadoz.net/
State-Changed-From-To: feedback->closed 
State-Changed-By: pav 
State-Changed-When: Fri Jan 2 12:12:42 PST 2004 
State-Changed-Why:  
Committed, thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=59499 
>Unformatted:
