reopen 496393 thanks Hi,
Maybe I'm completely missing something, but the patch you added just seems to
make matters much worse. Perhaps I don't understand it, but you remove use of
the safe "mktemp" function and replace it with tempfiles based on PID? It
looks to me like this change just introduced a new tempfile vulnerability.
And perhaps Dmytri can tell us what the original bug was that he found in his
file, so the real issue can be addressed.
By the way, you are aware that you're using NMU-style versioning for your
package while making maintainer uploads?
cheers,
Thijs
--- pscal/pscal.script 2008-08-24 21:06:51.000000000 +0000
+++ pscal/pscal.script.orig 2008-08-24 21:05:08.000000000 +0000
@@ -161,7 +161,6 @@
xc\*$MONTHNAME$YEAR)
;;
*)
- PSCAL_TEMPFILE=$(mktemp -t pscal.XXXXXXXXXX)
for file in $list
do
day=`expr $file : 'xc\([0-9]*\)'`
@@ -172,9 +171,9 @@
s/^/$day ( /
s/\$/ )/
p"
- done > ${PSCAL_TEMPFILE}
- holidays=`cat ${PSCAL_TEMPFILE}`
- rm -f ${PSCAL_TEMPFILE}
+ done > /tmp/pscal$$
+ holidays=`cat /tmp/pscal$$`
+ rm -f /tmp/pscal$$
esac
fi
pgpG6qoMDWTOS.pgp
Description: PGP signature
