Bug#809085: marked as done (RFS: sxiv/1.3.2-1)
Your message dated Fri, 1 Jan 2016 12:59:24 +0100
with message-id <20160101115924.GA6945@jwilk.net>
and subject line Re: Bug#809085: RFS: sxiv/1.3.2-1
has caused the Debian Bug report #809085,
regarding RFS: sxiv/1.3.2-1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
809085: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809085
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: RFS: sxiv/1.3.2-1
- From: Daniel Echeverry <epsilon77@gmail.com>
- Date: Sat, 26 Dec 2015 23:56:58 -0500
- Message-id: <CAJi_FcjKn8RTf-aztQHhURzSytEo0CwBD4jhYtC1DTM5mkJ2fg@mail.gmail.com>
Package: sponsorship-requests
Severity: normal
Dear mentors,
I am looking for a sponsor for my package "sxiv"
* Package name : sxiv
Version : 1.3.2-1
Upstream Author : Bert Munnich <be.muennich@googlemail.com>
* URL : https://github.com/muennich/sxiv
* License : GPL-2.0+
Section : graphics
It builds those binary packages:
sxiv - simple X image viewer
To access further information about this package, please visit the
following URL:
http://mentors.debian.net/package/sxiv
Alternatively, one can download the package with dget using this command:
dget -x http://mentors.debian.net/debian/pool/main/s/sxiv/sxiv_1.3.2-1.dsc
More information about sxiv can be obtained from
https://github.com/muennich/sxiv
Changes since the last upload:
* New upstream release.
* debian/patches
+ Refresh install_icons.diff patch.
+ Refresh not_install_examples.diff patch.
+ Add fix_undefined_behaivor.diff patch.
+ Fix undefined behavior/uninitialised variables. (Closes: #795290)
+ Thanks to George Bradshaw for the patch
* debian/sxiv.install
+ Install desktop file. (Closes: #796720)
* remove sxiv.menu file.
+ Now is prohibited install both files (desktop and menu file).
* debian/copyright
+ Extend copyright holders years.
Regards,
Daniel Echeverry
--
Daniel Echeverry
http://wiki.debian.org/DanielEcheverry
Linux user: #477840
Debian user
Software libre
--- End Message ---
--- Begin Message ---
- To: 809085-done@bugs.debian.org
- Subject: Re: Bug#809085: RFS: sxiv/1.3.2-1
- From: Jakub Wilk <jwilk@debian.org>
- Date: Fri, 1 Jan 2016 12:59:24 +0100
- Message-id: <20160101115924.GA6945@jwilk.net>
- In-reply-to: <CAJi_Fcgja1R+zqBS1W6ogmGtkQHHbd0hRw_==mya7gfY-x0yzQ@mail.gmail.com>
- References: <CAJi_FcjKn8RTf-aztQHhURzSytEo0CwBD4jhYtC1DTM5mkJ2fg@mail.gmail.com> <20151227114133.GA855@jwilk.net> <CAJi_Fcgja1R+zqBS1W6ogmGtkQHHbd0hRw_==mya7gfY-x0yzQ@mail.gmail.com>
* Daniel Echeverry <epsilon77@gmail.com>, 2015-12-27, 12:50:
exec/key-handler uses temporary files insecurely.
Could you give me some info about this? I am confused, please point me
out to some useful url, thanks
The code in question does:
readonly TMPFILE="/tmp/sxiv.$$"
# ...
cat >"$TMPFILE"
So the file name is predictable, which means another local user could
easily create file with the same name. Moreover, contrary to Policy
§10.4, the script doesn't fail when the file already exist.
The correct way to create temporary files in shell scripts is to use
mktemp(1).
This is only an example script, which doesn't work out of the
box on Debian systems anyway (because we don't have iptckwed packaged),
so I uploaded the package. But please bring this issue upstream.
--
Jakub Wilk
--- End Message ---
Reply to: