Mirrors/fish-shell
2
0
Fork 0
mirror of https://github.com/fish-shell/fish-shell synced 2024-11-10 15:14:44 +00:00
Code Issues Projects Releases Packages Wiki Activity

avoid symlink attacks in __fish_print_packages

Browse source 
* use $XDG_CACHE_HOME for __fish_print_packages completion caches

Fix for CVE-2014-3219.

Closes #1440.
This commit is contained in:
David Adam 2014-04-28 23:37:02 +08:00
parent fd70ae0b61
commit 9c78295a9a
1 changed files with 8 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
share/functions/__fish_print_packages.fish
View file

@ -12,6 +12,12 @@ function __fish_print_packages
#Get the word 'Package' in the current language
set -l package (_ Package)
# Set up cache directory
if test -z "$XDG_CACHE_HOME"
set XDG_CACHE_HOME $HOME/.cache
end
mkdir -m 700 -p $XDG_CACHE_HOME
if type -f apt-cache >/dev/null
# Do not generate the cache as apparently sometimes this is slow.
# http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=547550
@ -35,7 +41,7 @@ function __fish_print_packages
# If the cache is less than six hours old, we do not recalculate it
set cache_file /tmp/.yum-cache.$USER
set cache_file $XDG_CACHE_HOME/.yum-cache.$USER
if test -f $cache_file
cat $cache_file
set age (math (date +%s) - (stat -c '%Y' $cache_file))
@ -56,7 +62,7 @@ function __fish_print_packages
# If the cache is less than five minutes old, we do not recalculate it
set cache_file /tmp/.rpm-cache.$USER
set cache_file $XDG_CACHE_HOME/.rpm-cache.$USER
if test -f $cache_file
cat $cache_file
set age (math (date +%s) - (stat -c '%Y' $cache_file))