1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
|
#! /bin/sh /usr/share/dpatch/dpatch-run
## security-fixes.dpatch by Ryan Niebur <ryanryan52@gmail.com>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: CVE-2008-5376: insecure temp file handling
@DPATCH@
--- a/crip
+++ b/crip
@@ -193,7 +193,9 @@
$cddbsubmitaddr = "freedb-submit\@freedb.org";
# Directory to write the cddb submit entry file (need to have write
# permissions to this directory).
-$cddbsubmitdir = "/tmp";
+use File::Spec;
+$cddbsubmitdir = File::Spec->tmpdir();
+
# The following is the charset for the freedb-submit e-mail:
$charset = "iso-8859-1";
@@ -219,6 +221,9 @@
# Default is to use cddb protocol to access cddb server without proxy.
$cddbproxy = {};
+use File::Temp;
+$cddbsubmitdir = File::Temp::tempdir(CLEANUP => 1, DIR => $cddbsubmitdir);
+
# End of Defaults Section -----------------------------------------------------
# Allow the user to override the defaults from the command line...
--- a/criprc_example
+++ b/criprc_example
@@ -168,7 +168,7 @@
# Directory to write the cddb submit entry file (need to have write
# permissions to this directory).
-cddbsubmitdir = /tmp
+# cddbsubmitdir = /home/user/tmp/
# The following is the charset for the freedb-submit e-mail:
charset = iso-8859-1
--- a/editcomment
+++ b/editcomment
@@ -11,8 +11,11 @@
die "File \"$file\" does not exist.\n";
}
+use File::Temp;
+$tempdir = File::Temp::tempdir(CLEANUP => 1);;
+
if (-e "$file.tag.tmp") {
- die "WTF is \"$file.tag.tmp\" already doing in /tmp ?!\n";
+ die "WTF is \"$file.tag.tmp\" already doing in $tempdir?!\n";
}
# Escape certain characters from $file
@@ -32,16 +35,16 @@
die "Cannot find `vorbiscomment` for tagging the Ogg Vorbis files!\n";
}
- system "vorbiscomment -l $file > /tmp/$file.tag.tmp";
+ system "vorbiscomment -l $file > $tempdir/$file.tag.tmp";
- system "$editor /tmp/$file.tag.tmp";
+ system "$editor $tempdir/$file.tag.tmp";
print "Writing new tag info...\n";
- system "vorbiscomment -w -c /tmp/$file.tag.tmp $file";
+ system "vorbiscomment -w -c $tempdir/$file.tag.tmp $file";
print "Done.\n";
- print "Deleting temporary file /tmp/$file.tag.tmp\n";
- system "rm /tmp/$file.tag.tmp";
+ print "Deleting temporary file $tempdir/$file.tag.tmp\n";
+ system "rm $tempdir/$file.tag.tmp";
print "\nTag info now reads:\n";
system "vorbiscomment -l $file";
@@ -57,23 +60,23 @@
}
if ($mfver lt "1.1.1") {
- system "metaflac --export-vc-to=/tmp/$file.tag.tmp $file";
+ system "metaflac --export-vc-to=$tempdir/$file.tag.tmp $file";
} else {
- system "metaflac --export-tags-to=/tmp/$file.tag.tmp $file";
+ system "metaflac --export-tags-to=$tempdir/$file.tag.tmp $file";
}
- system "$editor /tmp/$file.tag.tmp";
+ system "$editor $tempdir/$file.tag.tmp";
print "Writing new tag info...\n";
if ($mfver lt "1.1.1") {
- system "metaflac --remove-vc-all --import-vc-from=/tmp/$file.tag.tmp $file";
+ system "metaflac --remove-vc-all --import-vc-from=$tempdir/$file.tag.tmp $file";
} else {
- system "metaflac --remove-all-tags --import-tags-from=/tmp/$file.tag.tmp $file";
+ system "metaflac --remove-all-tags --import-tags-from=$tempdir/$file.tag.tmp $file";
}
print "Done.\n";
- print "Deleting temporary file /tmp/$file.tag.tmp\n";
- system "rm /tmp/$file.tag.tmp";
+ print "Deleting temporary file $tempdir/$file.tag.tmp\n";
+ system "rm $tempdir/$file.tag.tmp";
print "\nTag info now reads:\n";
if ($mfver lt "1.1.1") {
--- a/editfilenames
+++ b/editfilenames
@@ -7,7 +7,9 @@
$editor = "sensible-editor";
# Temporary filename
-$tmpfile = "/tmp/filelist.txt";
+use File::Temp;
+$tempdir = File::Temp::tempdir(CLEANUP => 1);;
+$tmpfile = "$tempdir/filelist.txt";
# Substitute spaces with an underscore (on/off - default="on")
$subsp = "on";
|
