diff options
Diffstat (limited to 'debian')
-rw-r--r-- | debian/patches/957_mkdtemp.patch | 35 | ||||
-rw-r--r-- | debian/patches/series | 1 |
2 files changed, 36 insertions, 0 deletions
diff --git a/debian/patches/957_mkdtemp.patch b/debian/patches/957_mkdtemp.patch new file mode 100644 index 0000000..7581a69 --- /dev/null +++ b/debian/patches/957_mkdtemp.patch @@ -0,0 +1,35 @@ +Subject: Make temporary directory safely when ~/.w3m is unwritable +From: Tatsuya Kinoshita <tats@debian.org> +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888097 [CVE-2018-6198] +Origin: https://salsa.debian.org/debian/w3m/commit/18dcbadf2771cdb0c18509b14e4e73505b242753 + +diff --git a/main.c b/main.c +index 85b0003..b99928c 100644 +--- a/main.c ++++ b/main.c +@@ -5972,6 +5972,11 @@ w3m_exit(int i) + #ifdef __MINGW32_VERSION + WSACleanup(); + #endif ++ if (no_rc_dir && tmp_dir != rc_dir) ++ if (rmdir(tmp_dir) != 0) { ++ fprintf(stderr, "Can't remove temporary directory (%s)!\n", tmp_dir); ++ exit(1); ++ } + exit(i); + } + +diff --git a/rc.c b/rc.c +index 7de87b8..428241c 100644 +--- a/rc.c ++++ b/rc.c +@@ -1330,6 +1330,9 @@ init_rc(void) + ((tmp_dir = getenv("TMP")) == NULL || *tmp_dir == '\0') && + ((tmp_dir = getenv("TEMP")) == NULL || *tmp_dir == '\0')) + tmp_dir = "/tmp"; ++ tmp_dir = mkdtemp(Strnew_m_charp(tmp_dir, "/w3m-XXXXXX", NULL)->ptr); ++ if (tmp_dir == NULL) ++ tmp_dir = rc_dir; + create_option_search_table(); + goto open_rc; + } diff --git a/debian/patches/series b/debian/patches/series index 3600e96..8cedc6a 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -2,3 +2,4 @@ 020_debian.patch 955_tbl-indent.patch 956_columnpos.patch +957_mkdtemp.patch |