dev-libs/kpathsea: fix insecure use of /tmp, bug #536454

Package-Manager: portage-2.3.2

2 files changed, 18 insertions, 0 deletions

diff --git a/dev-libs/kpathsea/files/insecure_tmp_mktexlsr.patch b/dev-libs/kpathsea/files/insecure_tmp_mktexlsr.patch
new file mode 100644
index 000000000000..36d2094cddf0
--- /dev/null
+++ b/dev-libs/kpathsea/files/insecure_tmp_mktexlsr.patch
@@ -0,0 +1,17 @@
+https://bugzilla.redhat.com/show_bug.cgi?id=1181167
+https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775139
+https://bugs.gentoo.org/show_bug.cgi?id=536454
+
+Index: kpathsea/mktexlsr
+===================================================================
+--- kpathsea.orig/mktexlsr
++++ kpathsea/mktexlsr
+@@ -73,7 +73,7 @@ if tty -s; then verbose=true; else verbo
+ dry_run=false
+ trees=
+ 
+-treefile="${TMPDIR-/tmp}/mktexlsrtrees$$.tmp"
++treefile=`mktemp --tmpdir mktexlsrtrees.XXXXXXXXXX` || exit 1
+ trap 'cd /; rm -f $treefile; test -z "$db_dir_tmp" || rm -rf "$db_dir_tmp"; 
+       exit' 0 1 2 3 7 13 15
+ 
diff --git a/dev-libs/kpathsea/kpathsea-6.2.1_p20150521-r1.ebuild b/dev-libs/kpathsea/kpathsea-6.2.1_p20150521-r2.ebuild
index 7829ed52bf18..a678e172f4d2 100644
--- a/dev-libs/kpathsea/kpathsea-6.2.1_p20150521-r1.ebuild
+++ b/dev-libs/kpathsea/kpathsea-6.2.1_p20150521-r2.ebuild
@@ -41,6 +41,7 @@ SRC_URI="${SRC_URI} ) "
 TEXMF_PATH=/usr/share/texmf-dist
 
 src_prepare() {
+	epatch "${FILESDIR}/insecure_tmp_mktexlsr.patch"
 	cd "${WORKDIR}/texlive-${PV#*_p}-source"
 	S="${WORKDIR}/texlive-${PV#*_p}-source" elibtoolize #sane .so versionning on gfbsd
 	cp "${FILESDIR}/texmf-update-r2" "${S}"/texmf-update