casa-mp-base

Upstream: https://anonscm.debian.org/cgit/collab-maint/tardiff.git/tree/debian/patches/CVE-2015-0858.diff

​

Description: Fix race condition when creating temporary files (CVE-2015-0858)

 Reported by Florian Weimer <fw@deneb.enyo.de>. Implemented using

 File::Temp instead of just using the process ID inside the directory

 name as suggested by Florian.

Author: Axel Beckert <abe@debian.org>

Bug-CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0858

​

Index: tardiff

===================================================================

--- tardiff 2016-04-28 20:24:06.913565891 +0200

+++ tardiff 2016-04-28 20:24:06.909565907 +0200

@@ -7,12 +7,13 @@

 use strict;

 use Text::Diff;

+use File::Temp qw(tempdir);

 my $VERSION = '0.1';

 my ($tarball1, $tarball2);

 my ($opt_list, $opt_modified, $opt_autoskip, $opt_stats);

-my $tempdir;

+my $tempdir = tempdir( CLEANUP => 1 );

 $SIG{'__DIE__'} = 'cleanup';

 $SIG{'TERM'} = 'cleanup';

@@ -173,9 +174,6 @@

 sub tardiff{

    my $error = 0;

-   $tempdir = "/tmp/tardiff-$$";

-   mkdir $tempdir;

-

    my $filelist1 = untar($tarball1) or die "Error: Could not unpack $tarball1.";

    my $filelist2 = untar($tarball2) or die "Error: Could not unpack $tarball2.";

@@ -216,10 +214,6 @@

 sub cleanup{

    my $handler = shift(@_);

-   if($tempdir){

-       system("rm -rf $tempdir");

-   }

-

    if($handler eq "INT" or $handler eq "TERM"){

        exit 1;

    }