From: Dennis Braun <d_braun@kabelmail.de>
Date: Wed, 26 May 2021 20:26:01 +0000 (+0200)
Subject: Sets permission rights to 700 on /var/tmp user dirs
X-Git-Tag: archive/raspbian/3.6.3+dfsg-1+rpi1~1^2^2^2~2
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=e9e34f5ae7ebb5ca522e1bbacb9ace70448beba3;p=audacity.git

Sets permission rights to 700 on /var/tmp user dirs

Forwarded: yes

Fixes CVE-2020-11867

Gbp-Pq: Name 0006-Fix_CVE-2020-11867.patch
---

diff --git a/src/AudacityApp.cpp b/src/AudacityApp.cpp
index 3c29ac70..338db3f3 100644
--- a/src/AudacityApp.cpp
+++ b/src/AudacityApp.cpp
@@ -1695,7 +1695,7 @@ bool AudacityApp::InitTempDir()
    // The permissions don't always seem to be set on
    // some platforms.  Hopefully this fixes it...
    #ifdef __UNIX__
-   chmod(OSFILENAME(temp), 0755);
+   chmod(OSFILENAME(temp), 0700);
    #endif
 
    bool bSuccess = gPrefs->Write(wxT("/Directories/TempDir"), temp) && gPrefs->Flush();