[patchlogo]

Debian patch tracking system

- pmake - pmake/1.111-2+squeeze1 - series patch CVE-2011-1920.diff

pmake (1.111-2+squeeze1) CVE-2011-1920.diff

Summary

 mk/bsd.lib.mk  |    2 +-
 mk/bsd.prog.mk |    2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)
download this patch

Patch contents

Description: insecure temporary files
Origin: http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;bug=626673
Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=626673
Author: Matej Vela <vela@debian.org>
Reviewed-by: Jonathan Wiltshire <jmw@debian.org>
Last-Update: 2011-08-03

--- pmake-1.111.orig/mk/bsd.lib.mk
+++ pmake-1.111/mk/bsd.lib.mk
@@ -291,7 +291,7 @@
 
 .if defined(SRCS)
 afterdepend: .depend
-	@(TMP=/tmp/_depend$$$$; \
+	@(TMP=`mktemp -t _dependXXXXXXXXXX` || exit $$?; \
 	    sed -e 's/^\([^\.]*\).o[ ]*:/\1.o \1.po \1.so \1.ln:/' \
 	      < .depend > $$TMP; \
 	    mv $$TMP .depend)
--- pmake-1.111.orig/mk/bsd.prog.mk
+++ pmake-1.111/mk/bsd.prog.mk
@@ -124,7 +124,7 @@
 
 .if defined(SRCS)
 afterdepend: .depend
-	@(TMP=/tmp/_depend$$$$; \
+	@(TMP=`mktemp -t _dependXXXXXXXXXX` || exit $$?; \
 	    sed -e 's/^\([^\.]*\).o[ ]*:/\1.o \1.ln:/' \
 	      < .depend > $$TMP; \
 	    mv $$TMP .depend)
page code/design/content is copyright (c) 2008 sean finney <seanius@debian.org>.
patches viewed/retrieved through this system are copyrighted by their respective authors.
browse git repo - clone git repo