diff options
Diffstat (limited to 'media-gfx/aview/files/aview-1.3.0_rc1-tmp_creation.patch')
| -rw-r--r-- | media-gfx/aview/files/aview-1.3.0_rc1-tmp_creation.patch | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/media-gfx/aview/files/aview-1.3.0_rc1-tmp_creation.patch b/media-gfx/aview/files/aview-1.3.0_rc1-tmp_creation.patch new file mode 100644 index 000000000000..f792e8bfebbb --- /dev/null +++ b/media-gfx/aview/files/aview-1.3.0_rc1-tmp_creation.patch @@ -0,0 +1,46 @@ +Fix insecure temporary file creation, see: +https://bugs.gentoo.org/show_bug.cgi?id=235808 + +Index: aview-1.3.0/asciiview +=================================================================== +--- aview-1.3.0.orig/asciiview ++++ aview-1.3.0/asciiview +@@ -3,11 +3,11 @@ + clear() + { + kill $! 2>/dev/null +- rm -f /tmp/aview$$.pgm 2>/dev/null ++ rm -rf $tmpdir 2>/dev/null + } + myconvert() + { +- if anytopnm "$1" >/tmp/aview$$.pgm 2>/dev/null ; then ++ if anytopnm "$1" >"$2" 2>/dev/null ; then + exit + elif convert -colorspace gray "$1" pgm:- 2>/dev/null ; then + exit +@@ -56,8 +56,9 @@ while [ "$1" != "" ]; do + esac + done + trap clear 0 +-mkfifo /tmp/aview$$.pgm +-outfile=/tmp/aview$$.pgm ++tmpdir=`mktemp -t -d` ++outfile=$tmpdir/aview.pgm ++mkfifo $outfile + IFS=$(echo -e "\000") + echo $filenames | while read name; do + if test -r "$name" ; then +@@ -67,10 +68,10 @@ case "$name" in + aaflip $options "$name" + ;; + *) +- myconvert "$name" >/tmp/aview$$.pgm & ++ myconvert "$name" "$outfile" >"$outfile" & + pid=$! + PATH="$PATH:." +- aview $options /tmp/aview$$.pgm ++ aview $options $outfile + kill $pid 2>/dev/null + esac + else |