guix/gnu/packages/patches/pcmanfm-CVE-2017-8934.patch

From bc8c3d871e9ecc67c47ff002b68cf049793faf08 Mon Sep 17 00:00:00 2001
From: Andriy Grytsenko <andrej@rep.kiev.ua>
Date: Sun, 14 May 2017 21:35:40 +0300
Subject: [PATCH] Fix potential access violation, use runtime user dir instead
 of tmp dir.

---
 NEWS              | 4 ++++
 src/single-inst.c | 7 ++++++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index 8c2049a..876f7f3 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,7 @@
+* Fixed potential access violation, use runtime user dir instead of tmp dir
+    for single instance socket.
+
+
 Changes on 1.2.5 since 1.2.4:
 
 * Removed options to Cut, Remove and Rename from context menu on mounted
diff --git a/src/single-inst.c b/src/single-inst.c
index 62c37b3..aaf84ab 100644
--- a/src/single-inst.c
+++ b/src/single-inst.c
@@ -2,7 +2,7 @@
  *      single-inst.c: simple IPC mechanism for single instance app
  *
  *      Copyright 2010 Hong Jen Yee (PCMan) <pcman.tw@gmail.com>
- *      Copyright 2012 Andriy Grytsenko (LStranger) <andrej@rep.kiev.ua>
+ *      Copyright 2012-2017 Andriy Grytsenko (LStranger) <andrej@rep.kiev.ua>
  *
  *      This program is free software; you can redistribute it and/or modify
  *      it under the terms of the GNU General Public License as published by
@@ -404,11 +404,16 @@ static void get_socket_name(SingleInstData* data, char* buf, int len)
     }
     else
         dpynum = 0;
+#if GLIB_CHECK_VERSION(2, 28, 0)
+    g_snprintf(buf, len, "%s/%s-socket-%s-%d", g_get_user_runtime_dir(),
+               data->prog_name, host ? host : "", dpynum);
+#else
     g_snprintf(buf, len, "%s/.%s-socket-%s-%d-%s",
                 g_get_tmp_dir(),
                 data->prog_name,
                 host ? host : "",
                 dpynum,
                 g_get_user_name());
+#endif
 }
 
-- 
2.1.4