Fix an insecure temp file creation vulnerability in zsh's difflog.pl

(CVE-2007-6209).
author: tonnerre <tonnerre@pkgsrc.org> 2008-07-13 18:22:01 +0000
committer: tonnerre <tonnerre@pkgsrc.org> 2008-07-13 18:22:01 +0000
commit: 31a3e0d33ef018166c175c06ec1b680fd8cccce8 (patch)
tree: 797adee0d3752f9c3d0c7958e7653a4a36b083d1 /shells/zsh/patches/patch-aa
parent: 8ced111013a7984e261b3cc78e97ae402b849c2c (diff)
download: pkgsrc-31a3e0d33ef018166c175c06ec1b680fd8cccce8.tar.gz
1 files changed, 20 insertions, 0 deletions
diff --git a/shells/zsh/patches/patch-aa b/shells/zsh/patches/patch-aa
new file mode 100644
index 00000000000..40ed01d4823
--- /dev/null
+++ b/shells/zsh/patches/patch-aa
@@ -0,0 +1,20 @@
+$NetBSD: patch-aa,v 1.7 2008/07/13 18:22:01 tonnerre Exp $
+
+--- Util/difflog.pl.orig	2002-04-18 16:35:17.000000000 +0200
++++ Util/difflog.pl
+@@ -2,10 +2,13 @@
+ 
+ use strict;
+ use IO::File;
++use File::Temp;
+ 
+ my @differ = qw(diff -bw);
+-my $oldtmp = "/tmp/difflog$$.old";
+-my $newtmp = "/tmp/difflog$$.new";
++my $oldf = new File::Temp(TEMPLATE => 'difflogXXXXX', DIR => '/tmp/', SUFFIX => '.old');
++my $newf = new File::Temp(TEMPLATE => 'difflogXXXXX', DIR => '/tmp/', SUFFIX => '.new');
++my $oldtmp = $oldf->filename;
++my $newtmp = $newf->filename;
+ 
+ my $newfn = pop(@ARGV);
+ my $oldfn = pop(@ARGV);
author	tonnerre <tonnerre@pkgsrc.org>	2008-07-13 18:22:01 +0000
committer	tonnerre <tonnerre@pkgsrc.org>	2008-07-13 18:22:01 +0000
commit	31a3e0d33ef018166c175c06ec1b680fd8cccce8 (patch)
tree	797adee0d3752f9c3d0c7958e7653a4a36b083d1 /shells/zsh/patches/patch-aa
parent	8ced111013a7984e261b3cc78e97ae402b849c2c (diff)
download	pkgsrc-31a3e0d33ef018166c175c06ec1b680fd8cccce8.tar.gz