blob: 227935df19714d28e46203a7d5d511ca0c86f55e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
Fix insecure use of temporary files.
Patch from upstream bzr, backported to Emacs 24.3.
https://bugs.gentoo.org/509830
CVE-2014-3421
revno: 117066
fixes bug: http://bugs.debian.org/747100
committer: Glenn Morris <rgm@gnu.org>
branch nick: emacs-24
timestamp: Mon 2014-05-05 20:50:51 -0700
message:
* gnus-fun.el (gnus-grab-cam-face): Do not use predictable temp-file name.
--- emacs-24.3-orig/lisp/gnus/gnus-fun.el
+++ emacs-24.3/lisp/gnus/gnus-fun.el
@@ -250,20 +250,21 @@
(interactive)
(shell-command "xawtv-remote snap ppm")
(let ((file nil)
+ (tempfile (make-temp-file "gnus-face-" nil ".ppm"))
result)
(while (null (setq file (directory-files "/tftpboot/sparky/tmp"
t "snap.*ppm")))
(sleep-for 1))
(setq file (car file))
(shell-command
- (format "pnmcut -left 110 -top 30 -width 144 -height 144 '%s' | pnmscale -width 48 -height 48 | ppmtopgm > /tmp/gnus.face.ppm"
- file))
+ (format "pnmcut -left 110 -top 30 -width 144 -height 144 '%s' | pnmscale -width 48 -height 48 | ppmtopgm >> %s"
+ file tempfile))
(let ((gnus-convert-image-to-face-command
(format "cat '%%s' | ppmquant %%d | ppmchange %s | pnmtopng"
(gnus-fun-ppm-change-string))))
- (setq result (gnus-face-from-file "/tmp/gnus.face.ppm")))
+ (setq result (gnus-face-from-file tempfile)))
(delete-file file)
- ;;(delete-file "/tmp/gnus.face.ppm")
+ ;;(delete-file tempfile) ; FIXME why are we not deleting it?!
result))
(defun gnus-fun-ppm-change-string ()
|
GitWeb
