Upstream: https://anonscm.debian.org/cgit/collab-maint/tardiff.git/tree/debian/patches/CVE-2015-0858.diff

Description: Fix race condition when creating temporary files (CVE-2015-0858)
 Reported by Florian Weimer <fw@deneb.enyo.de>. Implemented using
 File::Temp instead of just using the process ID inside the directory
 name as suggested by Florian.
Author: Axel Beckert <abe@debian.org>
Bug-CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0858

Index: tardiff
===================================================================
--- tardiff	2016-04-28 20:24:06.913565891 +0200
+++ tardiff	2016-04-28 20:24:06.909565907 +0200
@@ -7,12 +7,13 @@
 
 use strict;
 use Text::Diff;
+use File::Temp qw(tempdir);
 
 my $VERSION = '0.1';
 
 my ($tarball1, $tarball2);
 my ($opt_list, $opt_modified, $opt_autoskip, $opt_stats);
-my $tempdir;
+my $tempdir = tempdir( CLEANUP => 1 );
 
 $SIG{'__DIE__'} = 'cleanup';
 $SIG{'TERM'} = 'cleanup';
@@ -173,9 +174,6 @@
 sub tardiff{
 	my $error = 0;
 
-	$tempdir = "/tmp/tardiff-$$";
-	mkdir $tempdir;
-
 	my $filelist1 = untar($tarball1) or die "Error: Could not unpack $tarball1.";
 	my $filelist2 = untar($tarball2) or die "Error: Could not unpack $tarball2.";
 
@@ -216,10 +214,6 @@
 sub cleanup{
 	my $handler = shift(@_);
 
-	if($tempdir){
-		system("rm -rf $tempdir");
-	}
-
 	if($handler eq "INT" or $handler eq "TERM"){
 		exit 1;
 	}