Blame SOURCES/libffi-3.1-libffi_tmpdir.patch

0159ab
Most temp file directories need to be hardened against execution, but
0159ab
libffi needs execute privileges.  Add a libffi-specific temp directory
0159ab
that can be set up by sysadmins as needed with suitable permissions.
0159ab
This both ensures that libffi will have a valid temp directory to use
0159ab
as well as preventing attempts to access other directories.
0159ab
0159ab
diff -rup a/src/closures.c b/src/closures.c
0159ab
--- a/src/closures.c	2014-05-11 09:54:19.000000000 -0400
0159ab
+++ b/src/closures.c	2020-04-29 20:50:00.454853909 -0400
0159ab
@@ -362,6 +362,7 @@ static struct
0159ab
   const char *arg;
0159ab
   int repeat;
0159ab
 } open_temp_exec_file_opts[] = {
0159ab
+  { open_temp_exec_file_env, "LIBFFI_TMPDIR", 0 },
0159ab
   { open_temp_exec_file_env, "TMPDIR", 0 },
0159ab
   { open_temp_exec_file_dir, "/tmp", 0 },
0159ab
   { open_temp_exec_file_dir, "/var/tmp", 0 },