Hi, The attached file is the diff for my impose+ 0.2-11.1 NMU. The associated changelog entry is:
impose+ (0.2-11.1) unstable; urgency=medium
* Non-maintainer upload.
* Replace usage of temporary files based on $ENV{'USER'} to prevent the
possibility of a symlink-based attack. (Closes: #496435)
Regards,
--
Chris Lamb, UK [EMAIL PROTECTED]
GPG: 0x634F9A20
diff -Nru impose+-0.2/debian/changelog impose+-0.2/debian/changelog
--- impose+-0.2/debian/changelog 2008-09-06 16:46:48.000000000 +0100
+++ impose+-0.2/debian/changelog 2008-09-06 16:46:48.000000000 +0100
@@ -1,3 +1,11 @@
+impose+ (0.2-11.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Replace usage of temporary files based on $ENV{'USER'} to prevent the
+ possibility of a symlink-based attack. (Closes: #496435)
+
+ -- Chris Lamb <[EMAIL PROTECTED]> Sat, 06 Sep 2008 16:19:43 +0100
+
impose+ (0.2-11) unstable; urgency=low
* Moving under git from CVS/SVN. Restoring proper upstream branch
diff -Nru impose+-0.2/debian/control impose+-0.2/debian/control
--- impose+-0.2/debian/control 2008-09-06 16:46:48.000000000 +0100
+++ impose+-0.2/debian/control 2008-09-06 16:46:48.000000000 +0100
@@ -11,7 +11,7 @@
Package: impose+
Architecture: all
-Depends: psutils, ${perl:Depends}
+Depends: psutils, libfile-temp-perl, libfile-homedir-perl, ${perl:Depends}
Suggests: gs
Description: Postscript utilities for two-up printing, bbox, etc
A set of utilities for manipulating DSC compliant postscript. The
diff -Nru impose+-0.2/impose impose+-0.2/impose
--- impose+-0.2/impose 2008-09-06 16:46:48.000000000 +0100
+++ impose+-0.2/impose 2008-09-06 16:46:48.000000000 +0100
@@ -25,11 +25,13 @@
my $VERSION = 0.2;
use strict;
+use File::Temp qw(tempfile);
+use File::HomeDir;
my($height,$width,$rtl,$scaling,$pages,$rotdir,$xright,$xleft,$ytop,$ybot);
-my($no_tumble, $gutter, $do_stdout, $noglue, $noevenodd, $bboxfile);
+my($no_tumble, $gutter, $do_stdout, $noglue, $noevenodd, $bboxfile,
$bboxfile_temp);
my(@bbox,@oddbbox, @evenbbox, $lastbbox);
-my($filename, $path, $do_erase_tmp);
+my($filename, $TMP, $path, $do_erase_tmp);
my($evenwidth, $evenheight);
my($oddwidth, $oddheight);
my($verbose);
@@ -114,11 +116,12 @@
$pages=6 unless defined $pages;
$rotdir="L" unless $rotdir;
+$bboxfile_temp = File::HomeDir->my_home . "/.impose+_last_bboxx";
+
$filename = shift or do {
- $filename = "/tmp/$ENV{USER}-tmp.ps";
- open(TMP, ">$filename");
- while(<>) { print TMP; }
- close(TMP);
+ ($TMP, $filename) = tempfile();
+ while(<>) { print $TMP $_; }
+ close($TMP);
$do_stdout++;
$do_erase_tmp++;
};
@@ -141,8 +144,8 @@
@oddbbox = @evenbbox unless @evenbbox;
close(BB);
}
-elsif ($lastbbox && -e "/tmp/bboxx-$ENV{USER}") {
- open(BB,"/tmp/bboxx-$ENV{USER}");
+elsif ($lastbbox && -e "$bboxfile_temp") {
+ open(BB,"$bboxfile_temp");
$_=<BB>; @oddbbox=split;
$_=<BB>; @evenbbox=split;
close(BB);
@@ -162,7 +165,7 @@
@evenbbox = @oddbbox if $noevenodd;
# record the bboxx information
-open(BB, ">/tmp/bboxx-$ENV{USER}");
+open(BB, ">$bboxfile_temp");
print BB "@[EMAIL PROTECTED]";
close(BB);
signature.asc
Description: PGP signature
