46 lines
1.1 KiB
Diff
46 lines
1.1 KiB
Diff
Fix insecure temporary file creation, see:
|
|
https://bugs.gentoo.org/show_bug.cgi?id=235808
|
|
|
|
Index: aview-1.3.0/asciiview
|
|
===================================================================
|
|
--- aview-1.3.0.orig/asciiview
|
|
+++ aview-1.3.0/asciiview
|
|
@@ -3,11 +3,11 @@
|
|
clear()
|
|
{
|
|
kill $! 2>/dev/null
|
|
- rm -f /tmp/aview$$.pgm 2>/dev/null
|
|
+ rm -rf $tmpdir 2>/dev/null
|
|
}
|
|
myconvert()
|
|
{
|
|
- if anytopnm "$1" >/tmp/aview$$.pgm 2>/dev/null ; then
|
|
+ if anytopnm "$1" >"$2" 2>/dev/null ; then
|
|
exit
|
|
elif convert -colorspace gray "$1" pgm:- 2>/dev/null ; then
|
|
exit
|
|
@@ -56,8 +56,9 @@ while [ "$1" != "" ]; do
|
|
esac
|
|
done
|
|
trap clear 0
|
|
-mkfifo /tmp/aview$$.pgm
|
|
-outfile=/tmp/aview$$.pgm
|
|
+tmpdir=`mktemp -t -d`
|
|
+outfile=$tmpdir/aview.pgm
|
|
+mkfifo $outfile
|
|
IFS=$(echo -e "\000")
|
|
echo $filenames | while read name; do
|
|
if test -r "$name" ; then
|
|
@@ -67,10 +68,10 @@ case "$name" in
|
|
aaflip $options "$name"
|
|
;;
|
|
*)
|
|
- myconvert "$name" >/tmp/aview$$.pgm &
|
|
+ myconvert "$name" "$outfile" >"$outfile" &
|
|
pid=$!
|
|
PATH="$PATH:."
|
|
- aview $options /tmp/aview$$.pgm
|
|
+ aview $options $outfile
|
|
kill $pid 2>/dev/null
|
|
esac
|
|
else
|