[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

gEDA-cvs: gaf.git: branch: master updated (1.5.0-20080706-323-g5bf1263)

To: geda-cvs@xxxxxxxx
Subject: gEDA-cvs: gaf.git: branch: master updated (1.5.0-20080706-323-g5bf1263)
From: git@xxxxxxxxxx
Date: Thu, 27 Nov 2008 03:52:06 -0800
Delivered-to: archiver@xxxxxxxx
Delivered-to: geda-cvs@xxxxxxxx
Delivery-date: Thu, 27 Nov 2008 06:52:18 -0500
List-archive: <http://www.seul.org/pipermail/geda-cvs>
List-help: <mailto:geda-cvs-request@moria.seul.org?subject=help>
List-id: gEDA CVS commits mailing list <geda-cvs.moria.seul.org>
List-post: <mailto:geda-cvs@moria.seul.org>
List-subscribe: <http://www.seul.org/cgi-bin/mailman/listinfo/geda-cvs>, <mailto:geda-cvs-request@moria.seul.org?subject=subscribe>
List-unsubscribe: <http://www.seul.org/cgi-bin/mailman/listinfo/geda-cvs>, <mailto:geda-cvs-request@moria.seul.org?subject=unsubscribe>
Reply-to: gEDA CVS commits mailing list <geda-cvs@xxxxxxxxxxxxxx>
Sender: geda-cvs-bounces@xxxxxxxxxxxxxx

The branch, master has been updated
       via  5bf126369c5f5a60f5ae039170c33ff4c767a4ee (commit)
      from  62229e7d56bcc698a86e52e75d3ab274e0ffbe75 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.


=========
 Summary
=========

 gnetlist/scripts/sch2eaglepos.sh |   14 +++++++++++---
 1 files changed, 11 insertions(+), 3 deletions(-)


=================
 Commit Messages
=================

commit 5bf126369c5f5a60f5ae039170c33ff4c767a4ee
Author: Dan McMahill <dan@xxxxxxxxxxxx>
Date:   Wed Nov 26 22:48:08 2008 -0500

    Avoid insecure temp file usage.
    
    Fixes the security vulnerability noted in http://secunia.com/advisories/32806/
    The issue is insecure temp file usage.  The fix is to create a private directory
    and keep temp files in there.

:100755 100755 08afb67... f38ef5d... M	gnetlist/scripts/sch2eaglepos.sh

=========
 Changes
=========

commit 5bf126369c5f5a60f5ae039170c33ff4c767a4ee
Author: Dan McMahill <dan@xxxxxxxxxxxx>
Date:   Wed Nov 26 22:48:08 2008 -0500

    Avoid insecure temp file usage.
    
    Fixes the security vulnerability noted in http://secunia.com/advisories/32806/
    The issue is insecure temp file usage.  The fix is to create a private directory
    and keep temp files in there.

diff --git a/gnetlist/scripts/sch2eaglepos.sh b/gnetlist/scripts/sch2eaglepos.sh
index 08afb67..f38ef5d 100755
--- a/gnetlist/scripts/sch2eaglepos.sh
+++ b/gnetlist/scripts/sch2eaglepos.sh
@@ -20,8 +20,15 @@ YOFFSET=33000
 XSCALE=9000
 YSCALE=9000
 
-TMP=/tmp/$$
-grep -B1 refdes= "$FNAME" |sed 's/=/ /' | cut -d" " -f2,3 |grep -v '^--' >/tmp/$$
+tmpdir=/tmp/$$
+mkdir -m 0700 -p $tmpdir
+rc=$?
+if test $rc -ne 0 ; then
+	echo "Failed to create $tmpdir with 0700 permissions.  mkdir returned $rc."
+	exit 1
+fi
+TMP=${tmpdir}/tmpf
+grep -B1 refdes= "$FNAME" |sed 's/=/ /' | cut -d" " -f2,3 |grep -v '^--' >${TMP}
 
 3<$TMP
 while read -u 3; do
@@ -34,4 +41,5 @@ while read -u 3; do
     Y=`echo "scale=5; ($Y - $YOFFSET) / $YSCALE" |bc`
     echo "MOVE '$PART' ($X $Y);"
 done
-rm "$TMP"
+rm -fr "${tmpdir}"
+




_______________________________________________
geda-cvs mailing list
geda-cvs@xxxxxxxxxxxxxx
http://www.seul.org/cgi-bin/mailman/listinfo/geda-cvs

Prev by Author: gEDA-cvs: gaf.git: branch: master updated (1.5.0-20080706-322-g62229e7)
Next by Author: gEDA-cvs: gaf.git: branch: master updated (1.5.0-20080706-324-g1d6a204)
Previous by thread: gEDA-cvs: gaf.git: branch: master updated (1.5.0-20080706-322-g62229e7)
Next by thread: gEDA-cvs: gaf.git: branch: master updated (1.5.0-20080706-324-g1d6a204)
Index(es):
- Author
- Thread