Bug#496399: digitaldj: diff for NMU version 0.7.5-6.1

Chris Lamb Sat, 06 Sep 2008 07:59:21 -0700

Hi,

The attached file is the diff for my digitaldj 0.7.5-6.1 NMU. The associated
changelog entry is:


 digitaldj (0.7.5-6.1) unstable; urgency=medium

   * Non-maintainer upload.
   * Use File::Temp in place of a hard-coded temporary filename in fest.pl
     to prevent against symlink-based attacks. (Closes: #496399)


Regards,

-- 
Chris Lamb, UK                                       [EMAIL PROTECTED]
                                                            GPG: 0x634F9A20

diff -Nru digitaldj-0.7.5/debian/changelog digitaldj-0.7.5/debian/changelog
--- digitaldj-0.7.5/debian/changelog    2008-09-06 15:51:10.000000000 +0100
+++ digitaldj-0.7.5/debian/changelog    2008-09-06 15:51:11.000000000 +0100
@@ -1,3 +1,11 @@
+digitaldj (0.7.5-6.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Use File::Temp in place of a hard-coded temporary filename in fest.pl
+    to prevent against symlink-based attacks. (Closes: #496399)
+
+ -- Chris Lamb <[EMAIL PROTECTED]>  Sat, 06 Sep 2008 15:44:57 +0100
+
 digitaldj (0.7.5-6) unstable; urgency=low
 
   * Use CLOCKS_PER_SEC instead of deprecated CLK_TCK (closes: 376772, 420943)
diff -Nru digitaldj-0.7.5/debian/control digitaldj-0.7.5/debian/control
--- digitaldj-0.7.5/debian/control      2008-09-06 15:51:10.000000000 +0100
+++ digitaldj-0.7.5/debian/control      2008-09-06 15:51:11.000000000 +0100
@@ -7,7 +7,7 @@
 
 Package: digitaldj
 Architecture: any
-Depends: mpg123 | vorbis-tools, ${shlibs:Depends} ${misc:Depends}
+Depends: mpg123 | vorbis-tools, libfile-temp-perl, ${shlibs:Depends} 
${misc:Depends}
 Recommends: grip
 Suggests: mysql-server
 Description: An SQL based mp3 player front-end
diff -Nru digitaldj-0.7.5/perl/fest.pl digitaldj-0.7.5/perl/fest.pl
--- digitaldj-0.7.5/perl/fest.pl        2004-03-30 21:19:48.000000000 +0100
+++ digitaldj-0.7.5/perl/fest.pl        2008-09-06 15:51:11.000000000 +0100
@@ -21,6 +21,9 @@
 #  Usage is: perl fest.pl "<song title>" "<song artist>"
 #
 
+use File::Temp qw(tempfile);
+my ($FILE,$filename)=tempfile();
+
 my ($title,$artist)[EMAIL PROTECTED];
 
 my $string="The current song is $title, by $artist.";
@@ -35,15 +38,13 @@
 
 my ($blah,$chan,$blah)=split ' ',$esdinfo,3;
 
-open FILE,">/tmp/ddj_fest.tmp";
-
-print FILE "(SayText \"$string\")";
+print $FILE "(SayText \"$string\")";
 
-close FILE;
+close $FILE;
 
 #`esdctl panstream $chan 70 70`;
 #`esddsp festival --batch /tmp/ddj_fest.tmp`;
-`festival --batch /tmp/ddj_fest.tmp`;
+`festival --batch $filename`;
 
 #while(1) {
 #  my $esdinfo=`esdctl allinfo | grep festival`;
@@ -52,3 +53,5 @@
 #}
 
 #`esdctl panstream $chan 256 256`;
+
+unlink($filename);

signature.asc
Description: PGP signature

Bug#496399: digitaldj: diff for NMU version 0.7.5-6.1

Reply via email to