Bug#915859: marked as done (uses a fixed filename in /tmp)

Thu, 13 Dec 2018 08:21:26 -0800 

Your message dated Thu, 13 Dec 2018 16:20:07 +0000
with message-id <e1gxtiz-0009du...@fasolo.debian.org>
and subject line Bug#915859: fixed in onionshare 1.3.2-1
has caused the Debian Bug report #915859,
regarding uses a fixed filename in /tmp
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
915859: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=915859
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: onionshare
Version: 1.3-1
Severity: grave
Tags: security

onionshare uses /tmp/onionshare_server.log as a logfile with --debug.

in onionshare/web.py:
| def debug_mode():
|     temp_dir = tempfile.gettempdir()
|     log_handler = logging.FileHandler(
|         os.path.join(temp_dir, 'onionshare_server.log'))

tempfile.gettempdir() returns /tmp.  It does not give you a
dedicated temp-directory.  It is not mkdtemp.

-- 
                            |  .''`.       ** Debian **
      Peter Palfrader       | : :' :      The  universal
 https://www.palfrader.org/ | `. `'      Operating System
                            |   `-    https://www.debian.org/

--- End Message ---
--- Begin Message --- 
Source: onionshare
Source-Version: 1.3.2-1

We believe that the bug you reported is fixed in the latest version of
onionshare, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 915...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ulrike Uhlig <ulr...@debian.org> (supplier of updated onionshare package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 13 Dec 2018 16:20:37 +0100
Source: onionshare
Binary: onionshare
Architecture: source all
Version: 1.3.2-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Privacy Tools Maintainers 
<pkg-privacy-maintain...@lists.alioth.debian.org>
Changed-By: Ulrike Uhlig <ulr...@debian.org>
Description:
 onionshare - Share a file over Tor Hidden Services anonymously and securely
Closes: 915859
Changes:
 onionshare (1.3.2-1) unstable; urgency=medium
 .
   * New upstream version. (Closes: #915859.)
     - In debug mode, stop saving flask debug log in /tmp, where all users can
       access it
     - Updated Tor to 0.2.3.10.
   * debian/README.source:
     - Improve instructions for updating and building this package.
   * debian/gbp.conf:
     - Improve rules.
   * debian/rules:
     - Adapt.
Checksums-Sha1:
 83ec2c6d3765cf4e59af5e0ba8d76a7150c41689 2170 onionshare_1.3.2-1.dsc
 e0ddce8e92ea21a745fe40998acdf01c94696657 436856 onionshare_1.3.2.orig.tar.gz
 86c5f0cd693d00b4477094e41005f79214bee566 5676 onionshare_1.3.2-1.debian.tar.xz
 0f9d47d1a3fd2917e2a73260f4c7e199665432be 104636 onionshare_1.3.2-1_all.deb
 a4bcdc442319cb9840baf5d37e05928136168169 12724 
onionshare_1.3.2-1_amd64.buildinfo
Checksums-Sha256:
 f94d730256a589d6430f8d5d8b6bd1f3b263509c416b14f5ee4c5af2e0c09865 2170 
onionshare_1.3.2-1.dsc
 deb6d2c25a9c0fdb0f37d9ab38a168b028256a4b6015fe6b678224bf33465042 436856 
onionshare_1.3.2.orig.tar.gz
 e2c5b6a0c94d7fffbe62b25d3ef3df3dd325a456d2d9dfd385b9f0bdf751961b 5676 
onionshare_1.3.2-1.debian.tar.xz
 65dbf0c079a084c2c649cd84cd20d472110fdced0690c90e36f640bb5176578f 104636 
onionshare_1.3.2-1_all.deb
 f45976b955b7af2bbaea1ea6f746f4a7168c64ffcea9f98f71f02306f1b5d329 12724 
onionshare_1.3.2-1_amd64.buildinfo
Files:
 0f60ecbae30490e0da13557ee9cb72c0 2170 net optional onionshare_1.3.2-1.dsc
 5316de2e366a9c9cd182742f995276f5 436856 net optional 
onionshare_1.3.2.orig.tar.gz
 0ed8aec88224caddad674438bf1e9c66 5676 net optional 
onionshare_1.3.2-1.debian.tar.xz
 900fbcd2e2673be0262533391f7a2c37 104636 net optional onionshare_1.3.2-1_all.deb
 b355a507e99549774af95e3c828e80d1 12724 net optional 
onionshare_1.3.2-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJGBAEBCgAwFiEE7eP0RD800mGVFNeQsUuww42GHPEFAlwSfuYSHHVscmlrZUBk
ZWJpYW4ub3JnAAoJELFLsMONhhzx8e0P+we2TO5xvW1gfcI5DVdqI5TtpklXxLmj
k5wRSCj9I+MxzoHfoqyxJIJ3psJQFG7mJBCMtvcTFq12YOPu7m2efckq/vzd5upu
VrQbnrytzPKkZAD7FXtH4CWQzXq2IKjsPJGehNyED+bzl6ATx8Oa4cbW0dv1n4jP
A7RaSdOZsko+FUuFUMMuodwHz3+XjQN7cw5mYOTiTDJXj/XaItVgo9M8Hb5R32vx
6fd9tEAITn9y7LFiUOzTmEbB2yyWSKg5zFXdM0HRnyWAZqirVqOvc1y5SMIygWe0
j+uGKx+GNaUrECQJExc0/zQEYPajmx8128ntIvFYdEdQLD4nsezV9JT3UQtcas6q
na6ETCFFI0pwrvmT/uIGDO1ugYPrReXRm5LpW7tpOgAcJ0TmdmoI9s7A9FYPmA9W
eJMtgMeCnwUdN8syb81PAb/Fk0QECIbm4FVPU+Vz/4TsqGSHZuDNMeXBFCKCccOt
N11HhdMBDSpn9acbB5XyBWvplSSNfc4sVSXBMdO1PaHGujKc/5mGNdaM4GJnDCZX
rpqafVBOgeVzcdDpevLxBBIht9vw+ZL4URq0nk6ZEmTgMcGaU5MTKBJutcKacziq
88YkiAtZPgNeNcS5fYMjhOPQbhR6iuSUvPkEKoOG/PS9t3gEr5sfbwsEmADXqMb4
DJP5F7WJPmK7
=BUFT
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to