package gv
tags 583668 + security lenny
fixed 583668 3.6.5.90-1
thanks
This bug was fixed upstream in 3.6.5.90-1, the first version
after lenny. :-(
Attached is a simplified version (without the configure changes
as Debian has mkstemp) that should fix this in lenny.
Bernhard R. Link
--- a/src/file.c
+++ b/src/file.c
@@ -198,6 +198,12 @@ file_getTmpFilename(baseDirectory,baseFilename)
int no_such_file;
int i=1;
do {
+#if 1
+ sprintf(tempFilename,"%sgv_%s.%s.XXXXXX",tmpDirBuf,tmpName,tmpExt);
+ file_translateTildeInPath(tempFilename);
+ no_such_file = 1;
+ close(mkstemp(tempFilename));
+#else
#ifdef VMS
sprintf(tempFilename,"%sgv_%lx_%x_%s_%s.tmp",tmpDirBuf,time(NULL),i,tmpName,tmpExt);
#else
@@ -205,6 +215,7 @@ file_getTmpFilename(baseDirectory,baseFilename)
#endif
file_translateTildeInPath(tempFilename);
no_such_file = stat(tempFilename,&s);
+#endif
i++;
} while (!no_such_file);
}
