1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
#! /bin/sh /usr/share/dpatch/dpatch-run
## shtool_tempfile.dpatch by Samuel Mimram <smimram@debian.org>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: shtool creates temporary files in an insecure manner, which can be
## DP: exploited through symlink attacks. Please see these URLs for details:
## DP: http://www.zataz.net/adviso/shtool-05252005.txt
## DP: http://bugs.gentoo.org/show_bug.cgi?id=93782
@DPATCH@
diff -urNad --exclude=CVS --exclude=.svn ./etc/shtool /tmp/dpep-work.f6mb29/mysql-ocaml-1.0.3/etc/shtool
--- ./etc/shtool 2004-01-27 20:46:36.000000000 +0100
+++ /tmp/dpep-work.f6mb29/mysql-ocaml-1.0.3/etc/shtool 2005-07-18 23:52:08.000000000 +0200
@@ -378,7 +378,13 @@
tmpdir="$TEMPDIR"
fi
fi
- tmpfile="$tmpdir/.shtool.$$"
+ if mkdir "$tmpdir/.shtool.$$"; then
+ tmpfile="$tmpdir/.shtool.$$/shtool.tmp"
+ else
+ echo "$msgprefix:Error: failed to create temporary file" 1>&2
+ exit 1
+ fi
+ tmpfile="$tmpdir/.shtool.$$/shtool.tmp"
rm -f $tmpfile >/dev/null 2>&1
touch $tmpfile
fi
|
