Description: correct unsafe usage of temporary files (git-changelog,
 git-effort)
Author: Jonathan Wiltshire <jmw@debian.org>
Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698490
Forwarded: no
Last-Update: 2013-01-20

Index: git-extras-1.9.0/bin/git-changelog
===================================================================
--- git-extras-1.9.0/bin/git-changelog
+++ git-extras-1.9.0/bin/git-changelog
@@ -40,7 +40,8 @@ if test "$CHANGELOG" = ""; then
     CHANGELOG='History.md';
   fi
 fi
-tmp="/tmp/changelog"
+tmp="$(mktemp --suffix=git-changelog)"
+trap "rm -rf '$tmp'" EXIT
 printf "$HEAD" > $tmp
 git-changelog --list >> $tmp
 printf '\n' >> $tmp

Index: git-extras-1.7.0/bin/git-effort
===================================================================
--- git-extras-1.7.0.orig/bin/git-effort	2013-01-20 18:15:00.000000000 +0000
+++ git-extras-1.7.0/bin/git-effort	2013-01-20 18:05:35.402409644 +0000
@@ -1,9 +1,11 @@
 #!/bin/bash
 
-tmp=/tmp/.git-effort
+tmp="$(mktemp --suffix=-git-effort)"
 above='0'
 color=
 
+trap "rm -rf '$tmp'" EXIT
+
 #
 # get date for the given <commit>
 #
