Bug#861987: a patch fixing #861987

[Thomas Pierson]

tags 861987 patch
thanks

Hi,

I think this patch fix this issue by using a random and unique temporary
directory directly at the root of the `tmp/` directory.

I get something like this `/tmp/xxxxx-xxxxx-xxxxx-xxxx-xxxx/…` instead
of `/tmp/flightcrew/…`.

Regards,
Thomas Pierson

diff -Nru flightcrew-0.7.2+dfsg/debian/changelog flightcrew-0.7.2+dfsg/debian/changelog
--- flightcrew-0.7.2+dfsg/debian/changelog	2016-11-24 12:36:34.000000000 +0100
+++ flightcrew-0.7.2+dfsg/debian/changelog	2017-05-14 11:51:40.000000000 +0200
@@ -1,3 +1,11 @@
+flightcrew (0.7.2+dfsg-8.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Add a patch to fix an insecure use of temporary files in /tmp/.
+    (closes: #861987).
+
+ -- Thomas Pierson <cont...@thomaspierson.fr>  Sun, 14 May 2017 11:51:40 +0200
+
 flightcrew (0.7.2+dfsg-8) unstable; urgency=medium
 
   * Bump debhelper compat level to 10.
diff -Nru flightcrew-0.7.2+dfsg/debian/patches/series flightcrew-0.7.2+dfsg/debian/patches/series
--- flightcrew-0.7.2+dfsg/debian/patches/series	2016-11-24 12:05:07.000000000 +0100
+++ flightcrew-0.7.2+dfsg/debian/patches/series	2017-05-14 11:51:40.000000000 +0200
@@ -2,3 +2,4 @@
 disable_filesystem3_overload
 modify_cmake_for_debian
 reproducible-build
+use_random_unique_tmp_path
diff -Nru flightcrew-0.7.2+dfsg/debian/patches/use_random_unique_tmp_path flightcrew-0.7.2+dfsg/debian/patches/use_random_unique_tmp_path
--- flightcrew-0.7.2+dfsg/debian/patches/use_random_unique_tmp_path	1970-01-01 01:00:00.000000000 +0100
+++ flightcrew-0.7.2+dfsg/debian/patches/use_random_unique_tmp_path	2017-05-14 11:51:40.000000000 +0200
@@ -0,0 +1,20 @@
+Description: use a random and unique temporary folder
+Author: Thomas Pierson <cont...@thomaspierson.fr>
+Forwarded: no
+Last-Update: 2017-05-14
+
+--- a/src/FlightCrew/Misc/TempFolder.cpp
++++ b/src/FlightCrew/Misc/TempFolder.cpp
+@@ -63,10 +63,10 @@
+     // that on Win because it points to the drive root there
+     // instead of the system temp folder
+     // http://www.delorie.com/gnu/docs/glibc/libc_295.html
+-    fs::path main_temp_folder = fs::path( P_tmpdir );
++    fs::path main_temp_folder = fs::temp_directory_path();
+ #endif    
+ 
+-    return main_temp_folder / fs::path( FC_TEMP_FOLDER ) / fs::unique_path( UNIQUE_PATH_MODEL );
++    return main_temp_folder / fs::unique_path( UNIQUE_PATH_MODEL );
+ }
+ 
+ 

signature.asc
Description: OpenPGP digital signature