Bug#496379: konwert: diff for NMU version 1.8-11.2

Sat, 06 Sep 2008 09:56:01 -0700 

Hi,

The attached file is the diff for my konwert 1.8-11.2 NMU. The associated
changelog entry is:

 konwert (1.8-11.2) unstable; urgency=medium

   * Non-maintainer upload.
   * Use File::Temp in place of pid-based temporary filenames to prevent
     against symlink-based attacks. (Closes: #496379)


Regards,

-- 
Chris Lamb, UK                                       [EMAIL PROTECTED]
                                                            GPG: 0x634F9A20

diff -Nru konwert-1.8/bin/konwert konwert-1.8/bin/konwert
--- konwert-1.8/bin/konwert     1998-07-31 08:08:57.000000000 +0100
+++ konwert-1.8/bin/konwert     2008-09-06 17:50:27.000000000 +0100
@@ -1,5 +1,7 @@
 #!/usr/bin/perl
 
+use File::Temp qw(tempfile);
+
 ######## STA£E ################################################################
 
 $wersja = "1.8";
@@ -152,7 +154,8 @@
     {
        if ($wy eq "=")
        {
-           $temp = "/tmp/konwert-$$";
+           ($fh, $temp) = tempfile();
+           close $fh;
            open STDOUT, ">$temp" or die "$ja: $temp: $!\n"
        }
        elsif (-d _)
diff -Nru konwert-1.8/debian/changelog konwert-1.8/debian/changelog
--- konwert-1.8/debian/changelog        2008-09-06 17:50:27.000000000 +0100
+++ konwert-1.8/debian/changelog        2008-09-06 17:50:27.000000000 +0100
@@ -1,3 +1,11 @@
+konwert (1.8-11.2) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Use File::Temp in place of pid-based temporary filenames to prevent
+    against symlink-based attacks. (Closes: #496379)
+
+ -- Chris Lamb <[EMAIL PROTECTED]>  Sat, 06 Sep 2008 17:15:01 +0100
+
 konwert (1.8-11.1) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru konwert-1.8/debian/control konwert-1.8/debian/control
--- konwert-1.8/debian/control  2008-09-06 17:50:27.000000000 +0100
+++ konwert-1.8/debian/control  2008-09-06 17:50:27.000000000 +0100
@@ -22,7 +22,7 @@
 
 Package: konwert-filters
 Architecture: all
-Depends: ${perl:Depends}, ${misc:Depends}
+Depends: ${perl:Depends}, ${misc:Depends}, libfile-temp-perl
 Recommends: konwert
 Description: Filters used by konwert for charset conversion
  These files are needed by konwert.
diff -Nru konwert-1.8/filters/any-UTF8 konwert-1.8/filters/any-UTF8
--- konwert-1.8/filters/any-UTF8        1998-07-31 08:09:27.000000000 +0100
+++ konwert-1.8/filters/any-UTF8        2008-09-06 17:50:27.000000000 +0100
@@ -1,5 +1,7 @@
 #!/usr/bin/perl
 
+use File::Temp qw(tempfile);
+
 ($katalog = $0) =~ s|/[^/]*$||;
 
 # Konwersja any-test wypisuje tylko oznaczenie rozpoznanego standardu zamiast
@@ -61,8 +63,10 @@
        # Musimy przelecieæ tekst dwa razy - raz, ¿eby zliczyæ znaki, i drugi
        # raz, ¿eby go skonwertowaæ. Podczas pierwszego przebiegu zapamiêtujemy
        # wiêc test w tymczasowym pliku:
-       open TEMP, "+>/tmp/any-$$";
-       unlink "/tmp/any-$$";
+       ($fh, $filename) = tempfile();
+       close $fh;
+       open TEMP, "+>$filename";
+       unlink $filename;
 }
 # Zliczamy wyst±pienia poszczególnych bajtów (w @ile) i znaków d³u¿szych ni¿
 # jeden bajt (w %ile):

Attachment: signature.asc
Description: PGP signature

Reply via email to