pool/bash-git-prompt
SHA256
17
0
Fork 3
Code Issues Pull Requests Activity

use-safe-tempfile.diff: fixes bsc#1247489, an insecure predictable /tmp file usage #1

Manually merged
anag_factory merged 4 commits from michals/bash-git-prompt:leap-16.0 into leap-16.0 2025-11-28 14:29:28 +01:00
Conversation 25 Commits 4 Files Changed 3 +36 -1
3 changed files with 36 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
bash-git-prompt.changes
View File

@@ -1,3 +1,9 @@
-------------------------------------------------------------------
Mon Sep 22 13:59:46 UTC 2025 - Matthias Gerstner <matthias.gerstner@suse.com>
- add use-safe-tempfile.diff: this fixes bsc#1247489 CVE-2025-61659, an
insecure predictable /tmp file usage in bash-git-prompt.
-------------------------------------------------------------------
Sun May 10 08:51:18 UTC 2020 - Michal Suchanek <msuchanek@suse.com>

4
bash-git-prompt.spec
View File

@@ -1,7 +1,7 @@
#
# spec file for package bash-git-prompt
#
# Copyright (c) 2020 SUSE LLC
# Copyright (c) 2025 SUSE LLC and contributors
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -28,6 +28,7 @@ License: BSD-2-Clause
Group: Development/Tools/Version Control
URL: https://github.com/magicmonty/bash-git-prompt
Source0: https://github.com/magicmonty/%{name}/archive/%{version}/%{name}-%{version}.tar.gz
Patch0: use-safe-tempfile.diff
Requires: git-core
Requires(post): %fillup_prereq
BuildArch: noarch
@@ -40,6 +41,7 @@ install. It will disable the prompt accordingly after uninstall.
%prep
%setup -q
%autopatch -p1
%build
sed -i -e 's,#!/usr/bin/env bash,#!/bin/bash,' $(find . -name \*.sh)

27
use-safe-tempfile.diff Normal file
View File

@@ -0,0 +1,27 @@
Index: bash-git-prompt-2.7.1/gitprompt.sh
===================================================================
--- bash-git-prompt-2.7.1.orig/gitprompt.sh
+++ bash-git-prompt-2.7.1/gitprompt.sh
@@ -466,8 +466,11 @@ function createPrivateIndex {
else
__GIT_INDEX_FILE="$GIT_INDEX_FILE"
fi
- __GIT_INDEX_PRIVATE="/tmp/git-index-private$$"
+ __GIT_INDEX_PRIVATE=`mktemp "/tmp/git-index-private-$$.XXXX"`
command cp "$__GIT_INDEX_FILE" "$__GIT_INDEX_PRIVATE" 2>/dev/null
+ if [ $? -ne 0 ]; then
+ return
+ fi
echo "$__GIT_INDEX_PRIVATE"
}
@@ -500,6 +503,9 @@ function updatePrompt() {
local GIT_INDEX_PRIVATE="$(createPrivateIndex)"
#important to define GIT_INDEX_FILE as local: This way it only affects this function (and below) - even with the export afterwards
local GIT_INDEX_FILE
+ if [ -z "$GIT_INDEX_PRIVATE" ]; then
+ return
+ fi
export GIT_INDEX_FILE="$GIT_INDEX_PRIVATE"
local -a git_status_fields