Hi, The attached file is the diff for my gdrae 0.1-1.1 NMU. The associated changelog entry is:
gdrae (0.1-1.1) unstable; urgency=medium
* Non-maintainer upload.
* Use File::Temp in place of hard-coded temporary filename to prevent
against symlink-based attacks. (Closes: #496378)
Regards,
--
Chris Lamb, UK [EMAIL PROTECTED]
GPG: 0x634F9A20
diff -Nru gdrae-0.1/debian/changelog gdrae-0.1/debian/changelog
--- gdrae-0.1/debian/changelog 2008-09-09 02:04:24.000000000 +0100
+++ gdrae-0.1/debian/changelog 2008-09-09 02:04:24.000000000 +0100
@@ -1,3 +1,11 @@
+gdrae (0.1-1.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Use File::Temp in place of hard-coded temporary filename to prevent against
+ symlink-based attacks. (Closes: #496378)
+
+ -- Chris Lamb <[EMAIL PROTECTED]> Tue, 09 Sep 2008 01:55:53 +0100
+
gdrae (0.1-1) unstable; urgency=low
* Initial release. (Closes: #381087)
diff -Nru gdrae-0.1/debian/control gdrae-0.1/debian/control
--- gdrae-0.1/debian/control 2008-09-09 02:04:24.000000000 +0100
+++ gdrae-0.1/debian/control 2008-09-09 02:04:24.000000000 +0100
@@ -7,7 +7,7 @@
Package: gdrae
Architecture: all
-Depends: libglib-perl(>= 1:1.081-1), libgtk2-gladexml-perl(>= 1.003-1) ,
libgtk2-perl(>= 1:1.081-1), lynx (>= 2.8.5-2)
+Depends: libglib-perl(>= 1:1.081-1), libgtk2-gladexml-perl(>= 1.003-1) ,
libgtk2-perl(>= 1:1.081-1), lynx (>= 2.8.5-2), libfile-temp-perl
Description: A Real Academia Espanola dictinoary interface
This is a standalone graphical application to query the
"Real Academia Espanola" Dictionary. An internet connection
diff -Nru gdrae-0.1/gdrae gdrae-0.1/gdrae
--- gdrae-0.1/gdrae 2008-09-09 02:04:24.000000000 +0100
+++ gdrae-0.1/gdrae 2008-09-09 02:04:24.000000000 +0100
@@ -2,8 +2,9 @@
use strict;
use Gtk2 -init;
use Gtk2::GladeXML;
+use File::Temp qw(tempfile);
-my($ventana, $main_window, $boton_salir, $resultado, $buscar,
$etiqueta_a_buscar, $acerca, $guardar);
+my($ventana, $main_window, $boton_salir, $resultado, $buscar,
$etiqueta_a_buscar, $acerca, $guardar, $fh, $tempfile);
$ventana = Gtk2::GladeXML->new('/usr/share/gdrae/rae.glade');
#$ventana = Gtk2::GladeXML->new('glade/rae.glade');
$main_window = $ventana->get_widget('ventana_principal');
@@ -29,15 +30,16 @@
sub buscar {
my (@texto, $palabra);
$palabra = $etiqueta_a_buscar->get_text();
- unless(-e '/tmp/gdrae'){
- mkdir('/tmp/gdrae', 0777) or die;
- }
- system("lynx -dump --nolist
\"http://buscon.rae.es/draeI/SrvltGUIBusUsual?LEMA=$palabra\"; >
/tmp/gdrae/palabra");
- open(RESULTADO, '/tmp/gdrae/palabra') or die("No pude crear/abrir el
archivo, el terminal devolvió $!");
+
+ ($fh, $tempfile) = tempfile();
+ close($fh);
+
+ system("lynx -dump --nolist
\"http://buscon.rae.es/draeI/SrvltGUIBusUsual?LEMA=$palabra\"; > $tempfile");
+ open(RESULTADO, $tempfile) or die("No pude crear/abrir el archivo, el
terminal devolvió $!");
while(<RESULTADO>){
push(@texto, $_);
}
close(RESULTADO);
- chmod(0777, '/tmp/gdrae/palabra');
+ unlink($tempfile);
$resultado->set_markup("@texto");
}
signature.asc
Description: PGP signature
