Package: git-extras / 1.7.0-1.2

unsafe-tmp Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
Description: correct unsafe usage of temporary files (git-changelog,
 git-effort)
Author: Jonathan Wiltshire <jmw@debian.org>
Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698490
Forwarded: no
Last-Update: 2013-01-20


Index: git-extras-1.7.0/bin/git-changelog
===================================================================
--- git-extras-1.7.0.orig/bin/git-changelog	2013-01-20 18:15:00.000000000 +0000
+++ git-extras-1.7.0/bin/git-changelog	2013-01-20 18:04:22.692229726 +0000
@@ -19,7 +19,8 @@
       CHANGELOG=`ls | egrep 'change|history' -i`
       if test "$CHANGELOG" = ""; then CHANGELOG='History.md'; fi
     fi
-    tmp="/tmp/changelog"
+    tmp="$(mktemp --suffix=git-changelog)"
+    trap "rm -rf '$tmp'" EXIT
     printf "$HEAD" > $tmp
     git-changelog --list >> $tmp
     printf '\n' >> $tmp
@@ -27,4 +28,4 @@
     mv $tmp $CHANGELOG
     test -n "$EDITOR" && $EDITOR $CHANGELOG
     ;;
-esac
\ No newline at end of file
+esac
Index: git-extras-1.7.0/bin/git-effort
===================================================================
--- git-extras-1.7.0.orig/bin/git-effort	2013-01-20 18:15:00.000000000 +0000
+++ git-extras-1.7.0/bin/git-effort	2013-01-20 18:05:35.402409644 +0000
@@ -1,9 +1,11 @@
 #!/bin/bash
 
-tmp=/tmp/.git-effort
+tmp="$(mktemp --suffix=-git-effort)"
 above='0'
 color=
 
+trap "rm -rf '$tmp'" EXIT
+
 #
 # get date for the given <commit>
 #