From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1KcGyV-0005tB-V4 for garchives@archives.gentoo.org; Sun, 07 Sep 2008 09:54:32 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id E0EE6E05B0; Sun, 7 Sep 2008 09:54:31 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id BADEBE05B0 for ; Sun, 7 Sep 2008 09:54:31 +0000 (UTC) Received: from stork.gentoo.org (stork.gentoo.org [64.127.104.133]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTP id A6F4B67265 for ; Sun, 7 Sep 2008 09:54:30 +0000 (UTC) Received: from mrness by stork.gentoo.org with local (Exim 4.69) (envelope-from ) id 1KcGyT-0002rq-Lg for gentoo-commits@lists.gentoo.org; Sun, 07 Sep 2008 09:54:29 +0000 From: "Alin Nastac (mrness)" To: gentoo-commits@lists.gentoo.org Reply-To: gentoo-dev@lists.gentoo.org, mrness@gentoo.org Subject: [gentoo-commits] gentoo-x86 commit in net-dialup/mgetty/files: mgetty-1.1.36-tmpfile.patch X-VCS-Repository: gentoo-x86 X-VCS-Files: mgetty-1.1.36-tmpfile.patch X-VCS-Directories: net-dialup/mgetty/files X-VCS-Committer: mrness X-VCS-Committer-Name: Alin Nastac Content-Type: text/plain; charset=utf8 Message-Id: Sender: Alin Nastac Date: Sun, 07 Sep 2008 09:54:29 +0000 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: quoted-printable X-Archives-Salt: 8ce4eef9-1e5a-41a1-b4ea-f1d4576f000a X-Archives-Hash: 75bcadf7b5f5f91a3182687652b705a7 mrness 08/09/07 09:54:29 Added: mgetty-1.1.36-tmpfile.patch Log: Fix insecure temporary file usage (#235806). (Portage version: 2.1.4.4) Revision Changes Path 1.1 net-dialup/mgetty/files/mgetty-1.1.36-tmpfile.patch file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-dialup/mgetty/= files/mgetty-1.1.36-tmpfile.patch?rev=3D1.1&view=3Dmarkup plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-dialup/mgetty/= files/mgetty-1.1.36-tmpfile.patch?rev=3D1.1&content-type=3Dtext/plain Index: mgetty-1.1.36-tmpfile.patch =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D diff -Nru mgetty-1.1.36.orig/fax/faxspool.in mgetty-1.1.36/fax/faxspool.i= n --- mgetty-1.1.36.orig/fax/faxspool.in 2008-08-31 13:06:48.000000000 +000= 0 +++ mgetty-1.1.36/fax/faxspool.in 2008-09-07 09:44:01.000000000 +0000 @@ -675,9 +675,7 @@ if [ x$file =3D x- ] then $echo "spooling $file (stdin)..." - trap "rm /tmp/faxsp.$$" 0 - cat - >/tmp/faxsp.$$ - file=3D/tmp/faxsp.$$ + file=3D$spooldir/faxsp else $echo "spooling $file..." fi @@ -924,7 +922,7 @@ then $echo "\nnothing to do (no cover page, no data)." >&2 cd $FAX_SPOOL_OUT - rmdir $spooldir + rm -rf $spooldir exit 52 fi =20 @@ -965,7 +963,7 @@ # clean up rm $job.q cd .. -rmdir $spooldir +rm -rf $spooldir =20 if [ -z "`find $LAST_RUN -ctime -1 -print 2>/dev/null`" ] then