commit storeBackup for openSUSE:Factory

[root]

Hello community,

here is the log from the commit of package storeBackup for openSUSE:Factory 
checked in at 2020-01-20 22:57:20
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/storeBackup (Old)
 and      /work/SRC/openSUSE:Factory/.storeBackup.new.26092 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "storeBackup"

Mon Jan 20 22:57:20 2020 rev:33 rq:765898 version:3.5

Changes:
--------
--- /work/SRC/openSUSE:Factory/storeBackup/storeBackup.changes  2019-08-22 
10:51:56.957703293 +0200
+++ /work/SRC/openSUSE:Factory/.storeBackup.new.26092/storeBackup.changes       
2020-01-20 22:57:28.295390298 +0100
@@ -1,0 +2,6 @@
+Mon Jan 20 18:00:00 UTC 2020 - Jan Ritzerfeld <s...@bugs.jan.ritzerfeld.org>
+
+- add fix-tmp-lock-file-race-condition.patch:
+  fix CVE-2020-7040 (bsc#1156767) 
+
+-------------------------------------------------------------------

New:
----
  fix-tmp-lock-file-race-condition.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ storeBackup.spec ++++++
--- /var/tmp/diff_new_pack.oC1CyF/_old  2020-01-20 22:57:29.783390870 +0100
+++ /var/tmp/diff_new_pack.oC1CyF/_new  2020-01-20 22:57:29.783390870 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package storeBackup
 #
-# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -30,6 +30,8 @@
 Patch1:         earlier_execute_precommand.patch
 # PATCH-FIX-OPENSUSE fix-rpmlint-env-script-interpreter.patch
 Patch2:         fix-rpmlint-env-script-interpreter.patch
+# PATCH-FIX-UPSTREAM fix-tmp-lock-file-race-condition.patch CVE-2020-7040 
bsc#1156767
+Patch3:         fix-tmp-lock-file-race-condition.patch
 Url:            http://storebackup.org/
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildArch:      noarch
@@ -62,6 +64,7 @@
 %patch0 -p 1
 %patch1 -p 0
 %patch2 -p 1
+%patch3 -p 1
 
 %build
 # make

++++++ fix-tmp-lock-file-race-condition.patch ++++++
Index: storeBackup/lib/fileDir.pl
===================================================================
--- storeBackup.orig/lib/fileDir.pl
+++ storeBackup/lib/fileDir.pl
@@ -21,7 +21,7 @@
 
 
 use Digest::MD5 qw(md5_hex);
-use Fcntl qw(O_RDWR O_CREAT);
+use Fcntl qw(O_RDWR O_CREAT O_WRONLY O_EXCL);
 use Fcntl ':mode';
 use POSIX;
 use Cwd 'abs_path';
@@ -482,7 +482,7 @@ sub checkLockFile
                  '-str' => ["creating lock file <$lockFile>"]);
 
     &::checkDelSymLink($lockFile, $prLog, 0x01);
-    open(FILE, '>', $lockFile) or
+    sysopen(FILE, $lockFile, O_WRONLY | O_CREAT | O_EXCL) or
        $prLog->print('-kind' => 'E',
                      '-str' => ["cannot create lock file <$lockFile>"],
                      '-exit' => 1);