From: Romain Francoise <romain@orebokech.com>
Date: Fri, 18 Apr 2008 18:24:29 +0000 (+0000)
Subject: 2008-04-18  Steve Grubb  <sgrubb@redhat.com>  (tiny change)
X-Git-Tag: emacs-pretest-23.0.90~6194
X-Git-Url: http://git.eshelyaron.com/gitweb/?a=commitdiff_plain;h=95de358c3050d1e0162238bbafe05cd598193640;p=emacs.git

2008-04-18  Steve Grubb  <sgrubb@redhat.com>  (tiny change)

	* vcdiff: Use mktemp (CVE-2008-1694).
---

diff --git a/lib-src/ChangeLog b/lib-src/ChangeLog
index f03217b662d..86448ddbde6 100644
--- a/lib-src/ChangeLog
+++ b/lib-src/ChangeLog
@@ -1,3 +1,7 @@
+2008-04-18  Steve Grubb  <sgrubb@redhat.com>  (tiny change)
+
+	* vcdiff: Use mktemp (CVE-2008-1694).
+
 2008-04-09  Jason Rumney  <jasonr@gnu.org>
 
 	* makefile.w32-in (distclean, maintainer-clean): New targets.
diff --git a/lib-src/vcdiff b/lib-src/vcdiff
index 86b80bcdacd..cb977709db0 100755
--- a/lib-src/vcdiff
+++ b/lib-src/vcdiff
@@ -84,14 +84,14 @@ do
 	case $f in
 	s.* | */s.*)
 		if
-			rev1=/tmp/geta$$
+			rev1=`mktemp /tmp/geta.XXXXXXXX`
 			get -s -p -k $sid1 "$f" > $rev1 &&
 			case $sid2 in
 			'')
 				workfile=`expr " /$f" : '.*/s.\(.*\)'`
 				;;
 			*)
-				rev2=/tmp/getb$$
+				rev2=`mktemp /tmp/getb.XXXXXXXX`
 				get -s -p -k $sid2 "$f" > $rev2
 				workfile=$rev2
 			esac