From 297919ae6189af3db9eb8b16488102fd0d2f5a43 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Wed, 5 Jan 2011 19:10:43 +0000 Subject: [PATCH 3/3] cmake/cross-compile.sh: use mktemp(1) to avoid a symlink attack in /tmp --- cmake/cross-compile.sh | 15 ++++++++++----- 1 files changed, 10 insertions(+), 5 deletions(-) diff --git a/cmake/cross-compile.sh b/cmake/cross-compile.sh index c1821bd..49e66e5 100755 --- a/cmake/cross-compile.sh +++ b/cmake/cross-compile.sh @@ -28,8 +28,13 @@ else exit 1 fi +if ! TEMP=`mktemp --tmpdir -d dbus-cross-compile.XXXXXX`; then + echo "mktemp failed, try with coreutils 6.10 or later?" >&2 + exit 1 +fi + # make cmake happy -export TEMP=/tmp +export TEMP HOST_CC=gcc; export HOST_CC; @@ -67,10 +72,10 @@ done; unset x i ; if ! test -f "$cross_root/lib/libexpat.dll.a"; then - (cd /tmp; wget http://www.winkde.org/pub/kde/ports/win32/repository/win32libs/expat-2.0.1-bin.zip) - (cd /tmp; wget http://www.winkde.org/pub/kde/ports/win32/repository/win32libs/expat-2.0.1-lib.zip) - (cd $cross_root; unzip -x /tmp/expat-2.0.1-bin.zip) - (cd $cross_root; unzip -x /tmp/expat-2.0.1-lib.zip) + (cd $TEMP && wget http://www.winkde.org/pub/kde/ports/win32/repository/win32libs/expat-2.0.1-bin.zip) + (cd $TEMP && wget http://www.winkde.org/pub/kde/ports/win32/repository/win32libs/expat-2.0.1-lib.zip) + (cd $cross_root && unzip -x $TMP/expat-2.0.1-bin.zip) + (cd $cross_root && unzip -x $TMP/expat-2.0.1-lib.zip) fi if test -f "$cross_root/lib/libexpat.dll.a"; then -- 1.7.2.3