+perltidy (20160302-1) unstable; urgency=medium
+
+ * New upstream release
+ * Die if an existing perltidy.ERR cannot be removed to block overwriting
+ of arbitrary files by a symlink attack. (closes: #862667) Thanks to
+ Jakub Wilk for identifying this issue.
+
+ --
+
perltidy (20140328-1) unstable; urgency=medium
* New upstream release
--- /dev/null
+Description: die if perltidy.ERR and other temporary files cannot be unlinked
+Origin: vendor, https://bugs.debian.org/862667
+Author: Don Armstrong <don@debian.org>
+--- a/lib/Perl/Tidy.pm
++++ b/lib/Perl/Tidy.pm
+@@ -3692,7 +3692,9 @@
+ # now wish for luck...
+ my $msg = qx/perl $flags $quoted_stream_filename $error_redirection/;
+
+- unlink $stream_filename if ($is_tmpfile);
++ unlink $stream_filename or
++ Perl::Tidy::Die("couldn't unlink stream ${stream_filename}: $!\n")
++ if ($is_tmpfile);
+ return $stream_filename, $msg;
+ }
+
+@@ -4128,7 +4130,10 @@
+
+ # remove any old error output file if we might write a new one
+ unless ( $fh_warnings || ref($warning_file) ) {
+- if ( -e $warning_file ) { unlink($warning_file) }
++ if ( -e $warning_file ) {
++ unlink($warning_file) or
++ Perl::Tidy::Die("couldn't unlink warning file ${warning_file}: $!\n");
++ }
+ }
+
+ my $logfile_gap =
projects / perltidy.git / commitdiff