reopen 496393 thanks Hi,
Maybe I'm completely missing something, but the patch you added just seems to make matters much worse. Perhaps I don't understand it, but you remove use of the safe "mktemp" function and replace it with tempfiles based on PID? It looks to me like this change just introduced a new tempfile vulnerability. And perhaps Dmytri can tell us what the original bug was that he found in his file, so the real issue can be addressed. By the way, you are aware that you're using NMU-style versioning for your package while making maintainer uploads? cheers, Thijs --- pscal/pscal.script 2008-08-24 21:06:51.000000000 +0000 +++ pscal/pscal.script.orig 2008-08-24 21:05:08.000000000 +0000 @@ -161,7 +161,6 @@ xc\*$MONTHNAME$YEAR) ;; *) - PSCAL_TEMPFILE=$(mktemp -t pscal.XXXXXXXXXX) for file in $list do day=`expr $file : 'xc\([0-9]*\)'` @@ -172,9 +171,9 @@ s/^/$day ( / s/\$/ )/ p" - done > ${PSCAL_TEMPFILE} - holidays=`cat ${PSCAL_TEMPFILE}` - rm -f ${PSCAL_TEMPFILE} + done > /tmp/pscal$$ + holidays=`cat /tmp/pscal$$` + rm -f /tmp/pscal$$ esac fi
pgpG6qoMDWTOS.pgp
Description: PGP signature