Sophie: wml-2.0.11-7mdv2010.1 src

wml-2.0.11-7mdv2010.1.src.rpm

--- ./wml_contrib/wmg.cgi.CVE-2008-0665_CVE-2008-0666	2005-12-01 19:50:13.000000000 +0200
+++ ./wml_contrib/wmg.cgi	2008-03-22 22:38:40.781355117 +0200
@@ -367,14 +367,7 @@
         ($w, $h, $t) = Image::Size::imgsize(\$contents);
         if ($w*$h == 1) {
             #   read image into GD
-            $tmpfile = "/tmp/pe.tmp.$$";
-            unlink($tmpfile);
-            open(TMP, ">$tmpfile");
-            print TMP $contents;
-            close(TMP);
-            open(TMP, "<$tmpfile");
-            $tmpimg = newFromGif GD::Image(TMP);
-            close(TMP);
+            $tmpimg = newFromGif GD::Image($contents);
             unlink($tmpfile);
             if ($tmpimg->transparent != -1) {
                 my $im = new GD::Image($w, $h);
--- ./wml_backend/p1_ipp/ipp.src.CVE-2008-0665_CVE-2008-0666	2005-12-01 19:50:13.000000000 +0200
+++ ./wml_backend/p1_ipp/ipp.src	2008-03-22 22:38:40.780354378 +0200
@@ -17,6 +17,7 @@
 use Getopt::Long 2.13;
 use IO::Handle 1.15;
 use IO::File 1.06;
+use File::Temp;
 
 #
 #   help functions
@@ -565,6 +566,8 @@
 #   process the pre-loaded include files
 #
 $tmpdir = $ENV{'TMPDIR'} || '/tmp';
+my $tmpldir = ($ENV{'TMPDIR'} || '/tmp') . '/ipp.XXXXXX';
+$tmpdir = mkdtemp($tmpldir) or die "Unable to create temporary directory: $!\n";
 $tmpfile = $tmpdir . "/ipp.$$.tmp";
 unlink($tmpfile);
 $tmp = new IO::File;
--- ./wml_backend/p3_eperl/eperl_sys.c.CVE-2008-0665_CVE-2008-0666	2005-12-01 19:50:13.000000000 +0200
+++ ./wml_backend/p3_eperl/eperl_sys.c	2008-03-22 22:41:48.681350598 +0200
@@ -211,13 +211,20 @@
 {
     char ca[1024];
     char *cp, *tmpdir;
+    char tmpfile[]="eperl_sourceXXXXXX";
     int i;
+    int fd=-1;
 
     tmpdir = getenv ("TMPDIR");
     if (tmpdir == (char *) NULL)
         tmpdir="/tmp";
 
-    snprintf(ca, sizeof(ca), "%s/%s.%d.tmp%d", tmpdir, id, (int)getpid(), mytmpfilecnt++);
+    snprintf(ca, sizeof(ca), "%s/%s", tmpdir, tmpfile);
+    if((fd = mkstemp(ca)) == -1){
+        perror("can not create tmpfile");
+        return NULL;
+    }
+    close(fd);
     ca[sizeof(ca)-1] = NUL;
     cp = strdup(ca);
     for (i = 0; mytmpfiles[i] != NULL; i++)