From: Simon McVittie <simon.mcvittie@collabora.co.uk>
Date: Wed, 5 Jan 2011 19:10:43 +0000 (+0000)
Subject: cmake/cross-compile.sh: use mktemp(1) to avoid a symlink attack in /tmp
X-Git-Tag: dbus-1.4.4~40^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=297919ae6189af3db9eb8b16488102fd0d2f5a43;p=thirdparty%2Fdbus.git

cmake/cross-compile.sh: use mktemp(1) to avoid a symlink attack in /tmp
---

diff --git a/cmake/cross-compile.sh b/cmake/cross-compile.sh
index c1821bdbf..49e66e500 100755
--- a/cmake/cross-compile.sh
+++ b/cmake/cross-compile.sh
@@ -28,8 +28,13 @@ else
     exit 1
 fi
 
+if ! TEMP=`mktemp --tmpdir -d dbus-cross-compile.XXXXXX`; then
+    echo "mktemp failed, try with coreutils 6.10 or later?" >&2
+    exit 1
+fi
+
 # make cmake happy 
-export TEMP=/tmp
+export TEMP
 
 HOST_CC=gcc; export HOST_CC;
 
@@ -67,10 +72,10 @@ done;
 unset x i ;
 
 if ! test -f "$cross_root/lib/libexpat.dll.a"; then
-    (cd /tmp; wget http://www.winkde.org/pub/kde/ports/win32/repository/win32libs/expat-2.0.1-bin.zip)
-    (cd /tmp; wget http://www.winkde.org/pub/kde/ports/win32/repository/win32libs/expat-2.0.1-lib.zip)
-    (cd $cross_root; unzip -x /tmp/expat-2.0.1-bin.zip)
-    (cd $cross_root; unzip -x /tmp/expat-2.0.1-lib.zip)
+    (cd $TEMP && wget http://www.winkde.org/pub/kde/ports/win32/repository/win32libs/expat-2.0.1-bin.zip)
+    (cd $TEMP && wget http://www.winkde.org/pub/kde/ports/win32/repository/win32libs/expat-2.0.1-lib.zip)
+    (cd $cross_root && unzip -x $TMP/expat-2.0.1-bin.zip)
+    (cd $cross_root && unzip -x $TMP/expat-2.0.1-lib.zip)
 fi 
 
 if test -f "$cross_root/lib/libexpat.dll.a"; then