Hi,
I've created a patch, fixing:
#321057 "FTBFS: elmo.inc: No such file or directory"
#318291 "CAN-2005-2230 temporary file vulnerability"
#349191 "elmo: potential segfault"
I had to fix the 3rd bug since elmo *always* segfaulted on my box, so I
was not able to test my bugfixes 1 and 2.
The patch is attached. I also plan to NMU this package. Please drop me a
line if you intend to upload it yourself.
Kind regards
Bastian
diff -ruN elmo-1.3.0/debian/changelog
../../_nmu/elmo/elmo-1.3.0/debian/changelog
--- elmo-1.3.0/debian/changelog 2006-03-15 15:45:34.000000000 +0100
+++ ../../_nmu/elmo/elmo-1.3.0/debian/changelog 2006-03-15 15:34:47.000000000
+0100
@@ -1,3 +1,18 @@
+elmo (1.3.0-1.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+
+ * Fixed makefile.am
+ (closes: #321057 "FTBFS: elmo.inc: No such file or directory")
+
+ * Fixed stats.c to use mkstemp instead of fopen (thanks gentoo)
+ (closes: #318291 "CAN-2005-2230 temporary file vulnerability")
+
+ * Fixed elmo always segfaulting at startup
+ (closes: #349191 "potential segfault")
+
+ -- Bastian Venthur <[EMAIL PROTECTED]> Wed, 15 Mar 2006 14:32:01 +0100
+
elmo (1.3.0-1) unstable; urgency=low
* New upstream release
diff -ruN elmo-1.3.0/src/ask.c ../../_nmu/elmo/elmo-1.3.0/src/ask.c
--- elmo-1.3.0/src/ask.c 2004-06-13 22:07:54.000000000 +0200
+++ ../../_nmu/elmo/elmo-1.3.0/src/ask.c 2006-03-15 15:33:22.000000000
+0100
@@ -143,7 +143,6 @@
result->cd = confhold_open (name);
if (result->cd == -1){
- confhold_close (result->cd);
xfree (result);
return NULL;
}
diff -ruN elmo-1.3.0/src/Makefile.am ../../_nmu/elmo/elmo-1.3.0/src/Makefile.am
--- elmo-1.3.0/src/Makefile.am 2004-06-13 17:49:22.000000000 +0200
+++ ../../_nmu/elmo/elmo-1.3.0/src/Makefile.am 2006-03-15 15:03:40.000000000
+0100
@@ -90,6 +90,8 @@
compose.c: compose.l
$(SHELL) $(YLWRAP) $< lex.cm.c $@ -- $(LEX) -Pcm -s -p
+elmo.c: elmo.inc
+
full-clean: clean
rm -f *~ debug.log xmalloc.log core* confread.c mlex.c compose.c \
exec_table.t $(PLIKI_INC)
diff -ruN elmo-1.3.0/src/Makefile.in ../../_nmu/elmo/elmo-1.3.0/src/Makefile.in
--- elmo-1.3.0/src/Makefile.in 2004-06-15 20:23:36.000000000 +0200
+++ ../../_nmu/elmo/elmo-1.3.0/src/Makefile.in 2006-03-15 15:03:40.000000000
+0100
@@ -740,6 +740,8 @@
compose.c: compose.l
$(SHELL) $(YLWRAP) $< lex.cm.c $@ -- $(LEX) -Pcm -s -p
+elmo.c: elmo.inc
+
full-clean: clean
rm -f *~ debug.log xmalloc.log core* confread.c mlex.c compose.c \
exec_table.t $(PLIKI_INC)
diff -ruN elmo-1.3.0/src/stats.c ../../_nmu/elmo/elmo-1.3.0/src/stats.c
--- elmo-1.3.0/src/stats.c 2004-04-29 10:04:06.000000000 +0200
+++ ../../_nmu/elmo/elmo-1.3.0/src/stats.c 2006-03-15 15:02:56.000000000
+0100
@@ -24,6 +24,7 @@
****************************************************************************/
#include <errno.h>
+#include <stdlib.h>
#include "stats.h"
#include "wrapbox.h"
@@ -181,7 +182,8 @@
void
stats_dump (void)
{
- int i;
+ int i, fd;
+ char template[] = "/tmp/elmostatsXXXXXX";
FILE *fp;
mail_t *mail;
struct estats stats;
@@ -200,9 +202,10 @@
process_mail (& stats, mail);
}
- fp = fopen ("/tmp/elmostats", "w");
+ fd = mkstemp(template);
+ fp = fdopen (fd, "w");
if (fp == NULL){
- error_ (errno, _("couldn't open %s"), "/tmp/elmostats");
+ error_ (errno, _("couldn't open %s"), template);
destroy_stats (& stats);
return;
}
