Okay, the temporary files I believe are now secure. Any files created in /tmp are made using mktemp (in bash scripts) or tempfile (in python scripts). The playable_text file is created (owned) by root and chmod 700 prior to writing if it will be run from root's cron.
I've made a new release on launchpad, with the source tarball. The changelog now reflects that this is now responding also to bug 912762 (see below). Debdiff is attached. wakeup (1.2-0ubuntu1) precise; urgency=low * New upstream release (LP: #909189). - Changed weather source to google using python-pywapi - Added location.py in wakeup directory as plugin helper - Added plugin "Commands" which allows arbitrary user dataitems - Changed HebrewCalendar to use location from location.py - fixed problems to do with hard-coded DISPLAY variable - fixed issues with stopping the alarm - removed calls to os.system and commands.get(status)output - use secure temp files (LP: #912762) - root-owned chmod 700 playable_text file for boot alarms - small bug fixes * Updated packaging - Removed all perl dependencies - wrap-and-sort debian/ - converted copyright to dep5 format - use dh_python2 instead of pysupport ** Patch added: "wakeup_1.2.debdiff" https://bugs.launchpad.net/ubuntu/+source/wakeup/+bug/909189/+attachment/2665654/+files/wakeup_1.2.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/909189 Title: Request for new upstream version 1.2 upgrade. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wakeup/+bug/909189/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
