From bbb70b9ed2ffa5d4ee98e94db0c8a0d19f60c5ed Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sl=C3=A1vek=20Banko?= <slavek.banko@axis.cz>
Date: Thu, 10 Dec 2015 20:42:13 +0100
Subject: [PATCH] Fix security issue CVE-2015-7543 [taken from Debian arts
 patches]

---
 mcop/mcoputils.cc | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/mcop/mcoputils.cc b/mcop/mcoputils.cc
index 790927f..52eb78f 100644
--- a/mcop/mcoputils.cc
+++ b/mcop/mcoputils.cc
@@ -307,7 +307,8 @@ int build_link(string tmp_prefix, const char *kde_prefix)
      unlink(kde_tmp_dir.c_str());
      user_tmp_dir += "XXXXXX";
      tmp_buf = strdup(user_tmp_dir.c_str());
-     mktemp(tmp_buf); /* We want a directory, not a file, so using mkstemp makes no sense and is wrong */
+     if (mkdtemp(tmp_buf) == NULL)
+	 return 1;
      result = create_link(kde_tmp_dir.c_str(), tmp_buf);
      free(tmp_buf);
      return result;
@@ -347,7 +348,8 @@ int build_link(string tmp_prefix, const char *kde_prefix)
      unlink(kde_tmp_dir.c_str());
      user_tmp_dir += "XXXXXX";
      tmp_buf = strdup(user_tmp_dir.c_str());
-     mktemp(tmp_buf); /* We want a directory, not a file, so using mkstemp makes no sense and is wrong */
+     if (mkdtemp(tmp_buf) == NULL)
+	 return 1;
      result = create_link(kde_tmp_dir.c_str(), tmp_buf);
      free(tmp_buf);
      return result;
@@ -358,7 +360,8 @@ int build_link(string tmp_prefix, const char *kde_prefix)
   unlink(kde_tmp_dir.c_str());
   user_tmp_dir += "XXXXXX";
   tmp_buf = strdup(user_tmp_dir.c_str());
-  mktemp(tmp_buf); /* We want a directory, not a file, so using mkstemp makes no sense and is wrong */
+  if (mkdtemp(tmp_buf) == NULL)
+      return 1;
   result = create_link(kde_tmp_dir.c_str(), tmp_buf);
   free(tmp_buf);
   return result;