Debian Bug report logs - #496380
The possibility of attack with the help of symlinks in some Debian packages

version graph

Package: cdrw-taper; Maintainer for cdrw-taper is (unknown);

Reported by: "Dmitry E. Oboukhov" <dimka@uvw.ru>

Date: Sun, 24 Aug 2008 18:09:54 UTC

Severity: grave

Tags: patch, security

Fixed in version cdrw-taper/0.4-2.1

Done: Sebastien Delafond <seb@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian QA Group <packages@qa.debian.org>:
Bug#496380; Package cdrw-taper. Full text and rfc822 format available.

Acknowledgement sent to "Dmitry E. Oboukhov" <dimka@uvw.ru>:
New Bug report received and forwarded. Copy sent to Debian QA Group <packages@qa.debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: "Dmitry E. Oboukhov" <dimka@uvw.ru>
To: submit@bugs.debian.org
Cc: dimka@uvw.ru
Subject: The possibility of attack with the help of symlinks in some Debian packages
Date: Sun, 24 Aug 2008 22:05:30 +0400
Package: cdrw-taper
Severity: grave

Hi, maintainer!

This message about the error concerns a few packages  at  once.   I've
tested all the packages (for Lenny) on my Debian mirror.  All  scripts
of packages (marked as executable) were tested.

In some packages I've discovered scripts with errors which may be used
by a user for damaging important system files or user's files.

For example if a script uses in its work a temp file which is  created
in /tmp directory, then every user can create symlink  with  the  same
name in this directory in order to  destroy  or  rewrite  some  system
or user file.  Symlink attack may also  lead  not  only  to  the  data
desctruction but to denial of service as well.

Even if you create files or directories with help of function 'RANDOM'
or pid(), then your system is not protected. Attacker can create many
symlinks in order to destroy your data or create 'denial  of  service'
for your package scripts.

Even if you make rm(dir) for files/directories, then  your  system  is
not protected. Attacker can permanently create symlinks.

This list is created with the help of script.  This list is sorted  by
hand. Howewer in some cases mistake is possible.

Please, Be understanding to possible mistakes. :)

I set Severity into grave for this bug. The table of discovered
problems is below.

Discussion of this bug you can see in debian-devel@:
    http://lists.debian.org/debian-devel/2008/08/msg00271.html

Binary-package: r-base-core-ra (1.1.1-1)
    file: /usr/lib/Ra/lib/R/bin/javareconf
Binary-package: rccp (0.9-2)
    file: /usr/lib/rccp/delqueueask
Binary-package: mafft (6.240-1)
    file: /usr/bin/mafft-homologs
Binary-package: openoffice.org-common (1:2.4.1-6)
    file: /usr/lib/openoffice/program/senddoc
Binary-package: crossfire-maps (1.11.0-1)
    file: /usr/share/games/crossfire/maps/Info/combine.pl
Binary-package: sgml2x (1.0.0-11.1)
    file: /usr/bin/rlatex
Binary-package: liguidsoap (0.3.6-4)
    file: /var/lib/liguidsoap/liguidsoap.py
Binary-package: citadel-server (7.37-1)
    file: /usr/lib/citadel-server/migrate_aliases.sh
Binary-package: ampache (3.4.1-1)
    file: /usr/share/ampache/www/locale/base/gather-messages.sh
Binary-package: xen-utils-3.2-1 (3.2.1-2)
    file: /usr/lib/xen-3.2-1/bin/qemu-dm.debug
Binary-package: dtc-common (0.29.6-1)
    file: /usr/share/dtc/admin/accesslog.php
    file: /usr/share/dtc/admin/sa-wrapper
Binary-package: honeyd-common (1.5c-3)
    file: /usr/share/honeyd/scripts/test.sh
Binary-package: lustre-tests (1.6.5-1)
    file: /usr/lib/lustre/tests/runiozone
Binary-package: linuxtrade (3.65-8+b4)
    file: /usr/share/linuxtrade/bin/linuxtrade.bwkvol
    file: /usr/share/linuxtrade/bin/linuxtrade.wn
    file: /usr/share/linuxtrade/bin/moneyam.helper
Binary-package: freevo (1.8.1-0)
    file: /usr/bin/freevo.real
Binary-package: fml (4.0.3.dfsg-2)
    file: /usr/share/fml/libexec/mead.pl
Binary-package: rkhunter (1.3.2-3)
    file: /usr/bin/rkhunter
Binary-package: openswan (1:2.4.12+dfsg-1.1)
    file: /usr/lib/ipsec/livetest
Binary-package: linux-patch-openswan (1:2.4.12+dfsg-1.1)
    file: /usr/src/kernel-patches/all/openswan/packaging/utils/maysnap
    file: /usr/src/kernel-patches/all/openswan/packaging/utils/maytest
Binary-package: aptoncd (0.1-1.1)
    file: /usr/share/aptoncd/xmlfile.py
Binary-package: cdcontrol (1.90-1.1)
    file: /usr/lib/cdcontrol/writtercontrol
Binary-package: newsgate (1.6-23)
    file: /usr/bin/mkmailpost
Binary-package: gpsdrive-scripts (2.10~pre4-3)
    file: /usr/bin/geo-code
Binary-package: impose+ (0.2-11)
    file: /usr/bin/impose
Binary-package: mgt (2.31-5)
    file: /usr/games/mailgo
Binary-package: audiolink (0.05-1)
    file: /usr/bin/audiolink
Binary-package: ibackup (2.27-4.1)
    file: /usr/bin/ibackup
Binary-package: emacspeak (26.0-3)
    file: /usr/share/emacs/site-lisp/emacspeak/etc/extract-table.pl
Binary-package: bk2site (1:1.1.9-3.1)
    file: /usr/lib/cgi-bin/bk2site/redirect.pl
Binary-package: datafreedom-perl (0.1.7-1)
    file: /usr/bin/dfxml-invoice
Binary-package: emacs-jabber (0.7.91-1)
    file: /usr/lib/emacsen-common/packages/install/emacs-jabber
Binary-package: lmbench (3.0-a7-1)
    file: /usr/lib/lmbench/scripts/rccs
    file: /usr/lib/lmbench/scripts/STUFF
Binary-package: rancid-util (2.3.2~a8-1)
    file: /var/lib/rancid/getipacctg
Binary-package: ogle (0.9.2-5.2)
    file: /usr/lib/ogle/ogle_audio_debug
    file: /usr/lib/ogle/ogle_cli_debug
    file: /usr/lib/ogle/ogle_ctrl_debug
    file: /usr/lib/ogle/ogle_gui_debug
    file: /usr/lib/ogle/ogle_mpeg_ps_debug
    file: /usr/lib/ogle/ogle_mpeg_vs_debug
    file: /usr/lib/ogle/ogle_nav_debug
    file: /usr/lib/ogle/ogle_vout_debug
Binary-package: firehol (1.256-4)
    file: /sbin/firehol
Binary-package: aview (1.3.0rc1-8)
    file: /usr/bin/asciiview
Binary-package: radiance (3R9+20080530-3)
    file: /usr/bin/optics2rad
    file: /usr/bin/pdelta
    file: /usr/bin/dayfact
    file: /usr/bin/raddepend
Binary-package: vdr-dbg (1.6.0-5)
    file: /usr/bin/vdrleaktest
Binary-package: ogle-mmx (0.9.2-5.2)
    file: /usr/lib/ogle/ogle_audio_debug
    file: /usr/lib/ogle/ogle_cli_debug
    file: /usr/lib/ogle/ogle_ctrl_debug
    file: /usr/lib/ogle/ogle_gui_debug
    file: /usr/lib/ogle/ogle_mpeg_ps_debug
    file: /usr/lib/ogle/ogle_mpeg_vs_debug
    file: /usr/lib/ogle/ogle_nav_debug
    file: /usr/lib/ogle/ogle_vout_debug
Binary-package: convirt (0.8.2-3)
    file: /usr/share/convirt/image_store/_template_/provision.sh
    file: /usr/share/convirt/image_store/Linux_CD_Install/provision.sh
    file: /usr/share/convirt/image_store/Fedora_PV_Install/provision.sh
    file: /usr/share/convirt/image_store/CentOS_PV_Install/provision.sh
    file: /usr/share/convirt/image_store/common/provision.sh
    file: /usr/share/convirt/image_store/example/provision.sh
    file: /usr/share/convirt/image_store/Windows_CD_Install/provision.sh
Binary-package: printfilters-ppd (2.13-9)
    file: /usr/lib/printfilters/master-filter
Binary-package: r-base-core (2.7.1-1)
    file: /usr/lib/R/bin/javareconf
    file: /usr/lib/R/bin/javareconf.orig
Binary-package: xmcd (2.6-19.3)
    file: /usr/share/xmcd/scripts/ncsarmt
    file: /usr/share/xmcd/scripts/ncsawrap
Binary-package: tiger (1:3.2.2-3.1)
    file: /usr/lib/tiger/util/genmsgidx
Binary-package: scilab-bin (4.1.2-5)
    file: /usr/lib/scilab-4.1.2/bin/scilink
    file: /usr/lib/scilab-4.1.2/util/scidoc
    file: /usr/lib/scilab-4.1.2/util/scidem
Binary-package: dpkg-cross (2.3.0)
    file: /usr/share/dpkg-cross/bin/gccross
Binary-package: ltp-network-test (20060918-2.1)
    file: /usr/lib/debian-test/tests/linux/testcases/bin/ftp_setup_vsftp_conf
    file: /usr/lib/debian-test/tests/linux/testcases/bin/nfs_fsstress.sh
Binary-package: cman (2.20080629-1)
    file: /usr/sbin/fence_egenera
Binary-package: scratchbox2 (1.99.0.24-1)
    file: /usr/share/scratchbox2/scripts/dpkg-checkbuilddeps
    file: /usr/share/scratchbox2/scripts/sb2-check-pkg-mappings
Binary-package: sendmail-base (8.14.3-5)
    file: /usr/sbin/checksendmail
    file: /usr/bin/expn
Binary-package: fwbuilder (2.1.19-3)
    file: /usr/bin/fwb_install
Binary-package: sng (1.0.2-5)
    file: /usr/bin/sng_regress
Binary-package: dist (1:3.5-17-1)
    file: /usr/bin/patcil
    file: /usr/bin/patdiff
Binary-package: sympa (5.3.4-5)
    file: /usr/lib/cgi-bin/sympa/wwsympa.fcgi
    file: /usr/lib/sympa/bin/sympa.pl
Binary-package: postfix (2.5.2-2)
    file: /usr/lib/postfix_groups.pl
Binary-package: caudium (3:1.4.12-11)
    file: /usr/share/caudium/configvar
Binary-package: mgetty-fax (1.1.36-1.2)
    file: /usr/bin/faxspool
Binary-package: aegis (4.24-3)
    file: /usr/share/doc/aegis/examples/remind/bng_dvlpd.sh
    file: /usr/share/doc/aegis/examples/remind/bng_rvwd.sh
    file: /usr/share/doc/aegis/examples/remind/awt_dvlp.sh
    file: /usr/share/doc/aegis/examples/remind/awt_intgrtn.sh
Binary-package: aegis-web (4.24-3)
    file: /usr/lib/cgi-bin/aegis.cgi
Binary-package: digitaldj (0.7.5-6+b1)
    file: /usr/share/digitaldj/fest.pl
Binary-package: mon (0.99.2-12)
    file: /usr/lib/mon/alert.d/test.alert
Binary-package: feta (1.4.16)
    file: /usr/share/feta/plugins/to-upgrade
Binary-package: arb-common (0.0.20071207.1-4)
    file: /usr/lib/arb/SH/arb_fastdnaml
    file: /usr/lib/arb/SH/dszmconnect.pl
Binary-package: qemu (0.9.1-5)
    file: /usr/sbin/qemu-make-debian-root
Binary-package: apertium (3.0.7+1-1+b1)
    file: /usr/bin/apertium-gen-deformat
    file: /usr/bin/apertium-gen-reformat
    file: /usr/bin/apertium
Binary-package: xcal (4.1-18.3)
    file: /usr/bin/pscal
Binary-package: myspell-tools (1:3.1-20)
    file: /usr/bin/i2myspell
Binary-package: gccxml (0.9.0+cvs20080525-1)
    file: /usr/share/gccxml-0.9/MIPSpro/find_flags
Binary-package: freeradius-dialupadmin (2.0.4+dfsg-4)
    file: /usr/share/freeradius-dialupadmin/bin/backup_radacct
    file: /usr/share/freeradius-dialupadmin/bin/clean_radacct
    file: /usr/share/freeradius-dialupadmin/bin/monthly_tot_stats
    file: /usr/share/freeradius-dialupadmin/bin/tot_stats
    file: /usr/share/freeradius-dialupadmin/bin/truncate_radacct
Binary-package: dhis-server (5.3-1)
    file: /usr/lib/dhis-server/dhis-dummy-log-engine
Binary-package: wims (3.62-13)
    file: /var/lib/wims/public_html/bin/coqweb
    file: /var/lib/wims/bin/account.sh
Binary-package: initramfs-tools (0.92f)
    file: /usr/share/initramfs-tools/init
Binary-package: realtimebattle-common (1.0.8-7)
    file: /usr/lib/realtimebattle/Robots/perl.robot
Binary-package: netmrg (0.20-1)
    file: /usr/bin/rrdedit
Binary-package: bulmages-servers (0.11.1-2)
    file: /usr/share/bulmages/examples/scripts/actualizabulmacont
    file: /usr/share/bulmages/examples/scripts/installbulmages-db
    file: /usr/share/bulmages/examples/scripts/creabulmafact
    file: /usr/share/bulmages/examples/scripts/creabulmacont
    file: /usr/share/bulmages/examples/scripts/actualizabulmafact
Binary-package: xastir (1.9.2-1)
    file: /usr/lib/xastir/get-maptools.sh
    file: /usr/lib/xastir/get_shapelib.sh
Binary-package: plait (1.5.2-1)
    file: /usr/bin/plaiter
    file: /usr/bin/plait
Binary-package: cdrw-taper (0.4-2)
    file: /usr/sbin/amlabel-cdrw
Binary-package: konwert-filters (1.8-11.1)
    file: /usr/share/konwert/filters/any-UTF8
Binary-package: gdrae (0.1-1)
    file: /usr/bin/gdrae
Binary-package: lazarus-src (0.9.24-0-9)
    file: /usr/lib/lazarus/tools/install/create_lazarus_export_tgz.sh




Tags added: Request was from "Dmitry E. Oboukhov" <dimka@uvw.ru> to control@bugs.debian.org. (Tue, 26 Aug 2008 08:45:24 GMT) Full text and rfc822 format available.

Tags added: security Request was from "Dmitry E. Oboukhov" <dimka@uvw.ru> to control@bugs.debian.org. (Tue, 26 Aug 2008 08:57:16 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian QA Group <packages@qa.debian.org>:
Bug#496380; Package cdrw-taper. Full text and rfc822 format available.

Acknowledgement sent to Sebastien Delafond <seb@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian QA Group <packages@qa.debian.org>. Full text and rfc822 format available.

Message #14 received at 496380@bugs.debian.org (full text, mbox):

From: Sebastien Delafond <seb@debian.org>
To: 496380@bugs.debian.org, 497743@bugs.debian.org
Cc: control@bugs.debian.org
Subject: Patch
Date: Thu, 4 Sep 2008 09:50:02 -0700
tag 496380 + patch
tag 497743 + patch 
thanks

The attached debdiff fixes both #497743 and #496380. I will NMU it on
Friday 9/5 unless someone sees a problem with that patch.

Cheers,

--Seb




Tags added: patch Request was from Sebastien Delafond <seb@debian.org> to control@bugs.debian.org. (Thu, 04 Sep 2008 16:55:43 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian QA Group <packages@qa.debian.org>:
Bug#496380; Package cdrw-taper. Full text and rfc822 format available.

Acknowledgement sent to "Xavier Lüthi" <xavier@caroxav.be>:
Extra info received and forwarded to list. Copy sent to Debian QA Group <packages@qa.debian.org>. Full text and rfc822 format available.

Message #21 received at 496380@bugs.debian.org (full text, mbox):

From: "Xavier Lüthi" <xavier@caroxav.be>
To: 496380@bugs.debian.org, "Sebastien Delafond" <seb@debian.org>
Subject: patch review
Date: Fri, 5 Sep 2008 16:56:27 +0200
[Message part 1 (text/plain, inline)]
Hi Seb,

I cannot find your patch attached to your email.  Can you please send it as
I want might be interested in reviewing it!


Thanks,
Xavier
[Message part 2 (text/html, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian QA Group <packages@qa.debian.org>:
Bug#496380; Package cdrw-taper. Full text and rfc822 format available.

Acknowledgement sent to Sebastien Delafond <seb@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian QA Group <packages@qa.debian.org>. Full text and rfc822 format available.

Message #26 received at 496380@bugs.debian.org (full text, mbox):

From: Sebastien Delafond <seb@debian.org>
To: Xavier Lüthi <xavier@caroxav.be>
Cc: 496380@bugs.debian.org, 497743@bugs.debian.org
Subject: Re: patch review
Date: Fri, 5 Sep 2008 15:19:16 -0700
[Message part 1 (text/plain, inline)]
On Fri, Sep 05, 2008 at 04:56:27PM +0200, Xavier Lüthi wrote:
> I cannot find your patch attached to your email.  Can you please
> send it as I want might be interested in reviewing it!

There it is...

--Cheers,

--Seb
[cdrw-taper.debdiff (text/plain, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian QA Group <packages@qa.debian.org>:
Bug#496380; Package cdrw-taper. Full text and rfc822 format available.

Acknowledgement sent to "Xavier Lüthi" <xavier@caroxav.be>:
Extra info received and forwarded to list. Copy sent to Debian QA Group <packages@qa.debian.org>. Full text and rfc822 format available.

Message #31 received at 496380@bugs.debian.org (full text, mbox):

From: "Xavier Lüthi" <xavier@caroxav.be>
To: "Sebastien Delafond" <seb@debian.org>
Cc: 496380@bugs.debian.org, 497743@bugs.debian.org
Subject: Re: patch review
Date: Wed, 10 Sep 2008 10:49:39 +0200
[Message part 1 (text/plain, inline)]
Hi Seb,

Perhaps I'm wrong, but to my knowledge and following the man page of
File::Temp, the function to use in order to create a temporary folder is
"tempdir" and not "mktempdir" (line 65 in your debdiff file).

Cheers,

Xavier


2008/9/6 Sebastien Delafond <seb@debian.org>

> On Fri, Sep 05, 2008 at 04:56:27PM +0200, Xavier Lüthi wrote:
> > I cannot find your patch attached to your email.  Can you please
> > send it as I want might be interested in reviewing it!
>
> There it is...
>
> --Cheers,
>
> --Seb
>
[Message part 2 (text/html, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian QA Group <packages@qa.debian.org>:
Bug#496380; Package cdrw-taper. Full text and rfc822 format available.

Acknowledgement sent to Sebastien Delafond <seb@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian QA Group <packages@qa.debian.org>. Full text and rfc822 format available.

Message #36 received at 496380@bugs.debian.org (full text, mbox):

From: Sebastien Delafond <seb@debian.org>
To: Xavier Lüthi <xavier@caroxav.be>
Cc: 496380@bugs.debian.org, 497743@bugs.debian.org
Subject: Re: patch review
Date: Wed, 10 Sep 2008 09:10:27 -0700
[Message part 1 (text/plain, inline)]
On Wed, Sep 10, 2008 at 10:49:39AM +0200, Xavier Lüthi wrote:
> Perhaps I'm wrong, but to my knowledge and following the man page of
> File::Temp, the function to use in order to create a temporary
> folder is "tempdir" and not "mktempdir" (line 65 in your debdiff
> file).

you're entirely right; somehow all my attempts at doing Perl seem
bound to utter failure :)

Attached is the new diff.

Cheers,

--Seb
[cdrw-taper.debdiff (text/plain, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian QA Group <packages@qa.debian.org>:
Bug#496380; Package cdrw-taper. Full text and rfc822 format available.

Acknowledgement sent to Sebastien Delafond <seb@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian QA Group <packages@qa.debian.org>. Full text and rfc822 format available.

Message #41 received at 496380@bugs.debian.org (full text, mbox):

From: Sebastien Delafond <seb@debian.org>
To: Xavier Lüthi <xavier@caroxav.be>
Cc: 496380@bugs.debian.org, 497743@bugs.debian.org
Subject: Re: patch review
Date: Wed, 10 Sep 2008 11:13:11 -0700
[Message part 1 (text/plain, inline)]
cdrw-taper depends on the obsoleted mkisofs and cdrecrod, and that
constitutes a lintian error, preventing my from NMUing it.

I changed it to use genisoimage and wodim instead.

Cheers,

--Seb

On Wed, Sep 10, 2008 at 09:10:27AM -0700, Sebastien Delafond wrote:
> On Wed, Sep 10, 2008 at 10:49:39AM +0200, Xavier Lüthi wrote:
> > Perhaps I'm wrong, but to my knowledge and following the man page of
> > File::Temp, the function to use in order to create a temporary
> > folder is "tempdir" and not "mktempdir" (line 65 in your debdiff
> > file).
> 
> you're entirely right; somehow all my attempts at doing Perl seem
> bound to utter failure :)
> 
> Attached is the new diff.
> 
> Cheers,
> 
> --Seb

> Only in .: amlabel-cdrw.8
> Only in ./debian: cdrw-taper
> Only in ./debian: cdrw-taper.debhelper.log
> Only in ./debian: cdrw-taper.substvars
> diff -u -r ../cdrw-taper-0.4.bak/debian/changelog ./debian/changelog
> --- ../cdrw-taper-0.4.bak/debian/changelog	2008-09-03 15:50:40.000000000 -0700
> +++ ./debian/changelog	2008-09-04 09:46:39.000000000 -0700
> @@ -1,3 +1,12 @@
> +cdrw-taper (0.4-2.1) unstable; urgency=low
> +
> +  * Non-maintainer upload.
> +  * Use File:Temp to generate a temporary file (Closes: #496380).
> +  * Use either . or /usr/share/cdrw-taper to find taperlib.pm
> +    (Closes: #497743).
> +
> + -- Sebastien Delafond <seb@debian.org>  Wed, 03 Sep 2008 16:32:21 -0700
> +
>  cdrw-taper (0.4-2) unstable; urgency=low
>  
>    * QA upload.
> Only in ./debian: changelog~
> diff -u -r ../cdrw-taper-0.4.bak/debian/control ./debian/control
> --- ../cdrw-taper-0.4.bak/debian/control	2008-09-03 15:50:40.000000000 -0700
> +++ ./debian/control	2008-09-03 16:26:25.000000000 -0700
> @@ -8,7 +8,7 @@
>  
>  Package: cdrw-taper
>  Architecture: all
> -Depends: amanda-server (>= 1:2.4.4p1-1), perl-base (>= 5.6.0-16), mkisofs (>= 2.0), cdrecord (>= 2.0)
> +Depends: amanda-server (>= 1:2.4.4p1-1), perl-base (>= 5.6.0-16), mkisofs (>= 2.0), cdrecord (>= 2.0), libfile-temp-perl
>  Suggests: dvd+rw-tools (>= 5.5.4.3.4)
>  Description: taper replacement for amanda to support backups to CD-RW or DVD+RW
>   The Amanda CDRW-Taper is a drop-in replacement for the taper component of the
> Only in ./debian: files
> Only in ./doc: changelog
> Only in ../cdrw-taper-0.4.bak/doc: CHANGES
> diff -u -r ../cdrw-taper-0.4.bak/src/amlabel-cdrw ./src/amlabel-cdrw
> --- ../cdrw-taper-0.4.bak/src/amlabel-cdrw	2008-09-03 15:50:40.000000000 -0700
> +++ ./src/amlabel-cdrw	2008-09-10 09:08:21.000000000 -0700
> @@ -8,11 +8,13 @@
>  # intended for use with cdrw-taper
>  
>  use strict;
> +use File::Temp qw/tempdir/;
>  
>  # Path to taperlib.pm
> -push @INC, "/usr/lib/amanda";
> -
> -require "taperlib.pm";
> +my $dir = $0;
> +$dir =~ s/[^\/]*$//;
> +push @INC, $dir;
> +require "/usr/share/cdrw-taper/taperlib.pm";
>  
>  ##
>  ## No user editable settings below here
> @@ -69,16 +71,17 @@
>      error("Won't label non-erasable media!");
>  }
>  
> -# Write the label file to a temporary directory
> -mkdir("/tmp/amlabel-cdrw.$$", 0755) || error("Cannot make directory /tmp/amlabelcd.$$: $!");
> -open LABEL, ">/tmp/amlabel-cdrw.$$/AMANDA_LABEL" or error("Cannot create label: $!");
> +# Write the label file to a temporary file
> +my $tmpDir = tempdir("amlabel-cdrw-XXXXXXXXXXXX", CLEANUP => 1);
> +my $amandaLabel = "$tmpDir/AMANDA_LABEL";
> +open LABEL, ">$amandaLabel" or error("Cannot create label: $!");
>  print LABEL "$NEW_LABEL\n";
>  close LABEL;
>  
>  if ($mediaInfo->getType() eq "CDRW") {
>      # Exit silently on errors. mkisofs/cdrecord already generate
>      # appropriate messages
> -    my $result = system("$taper->{MKISOFS} -J -R -pad -quiet /tmp/amlabel-cdrw.$$ | $taper->{CDRECORD} dev=$writeDev -data blank=fast -");
> +    my $result = system("$taper->{MKISOFS} -J -R -pad -quiet '$amandaLabel' | $taper->{CDRECORD} dev=$writeDev -data blank=fast -");
>      error("Error writing CD-RW") if ($result / 256 != 0);
>  } else { # DVD
>      my $result;
> @@ -88,20 +91,12 @@
>  	    error("Error formatting ".$mediaInfo->getType());
>          }
>      }
> -    $result = system("$taper->{GROWISOFS} -Z $mountDev -J -R -pad -quiet /tmp/amlabel-cdrw.$$");
> +    $result = system("$taper->{GROWISOFS} -Z $mountDev -J -R -pad -quiet '$amandaLabel'");
>      if ($result / 256 != 0) {
>  	error("Error writing ".$mediaInfo->getType());
>      }
>  }
>  
> -# Clean up temporary files
> -if (-e "/tmp/amlabel-cdrw.$$/AMANDA_LABEL") {
> -    unlink "/tmp/amlabel-cdrw.$$/AMANDA_LABEL";
> -}
> -if (-d "/tmp/amlabel-cdrw.$$") {
> -    rmdir "/tmp/amlabel-cdrw.$$";
> -}
> -
>  if ($WRITE_TAPELIST) {
>      # Finally, append the new entry to the media list
>      open(ML, ">>$taper->{AMANDA_CONF}->{tapelist}")
> @@ -114,9 +109,6 @@
>  
>  # print an error message and exit
>  sub error {
> -  # Clean up temporary files
> -  unlink "/tmp/amlabel-cdrw.$$/AMANDA_LABEL" if -e "/tmp/amlabel-cdrw.$$/AMANDA_LABEL";
> -  rmdir "/tmp/amlabel-cdrw.$$" if -d "/tmp/amlabel-cdrw.$$";
>    print STDERR "amlabel-cdrw: $_[0]\n" if $_[0];
>    exit 1;
>  }
> Only in ./src: amlabel-cdrw~

[cdrw-taper.debdiff (text/plain, attachment)]

Reply sent to Sebastien Delafond <seb@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to "Dmitry E. Oboukhov" <dimka@uvw.ru>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #46 received at 496380-close@bugs.debian.org (full text, mbox):

From: Sebastien Delafond <seb@debian.org>
To: 496380-close@bugs.debian.org
Subject: Bug#496380: fixed in cdrw-taper 0.4-2.1
Date: Wed, 10 Sep 2008 18:17:11 +0000
Source: cdrw-taper
Source-Version: 0.4-2.1

We believe that the bug you reported is fixed in the latest version of
cdrw-taper, which is due to be installed in the Debian FTP archive:

cdrw-taper_0.4-2.1.diff.gz
  to pool/main/c/cdrw-taper/cdrw-taper_0.4-2.1.diff.gz
cdrw-taper_0.4-2.1.dsc
  to pool/main/c/cdrw-taper/cdrw-taper_0.4-2.1.dsc
cdrw-taper_0.4-2.1_all.deb
  to pool/main/c/cdrw-taper/cdrw-taper_0.4-2.1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 496380@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sebastien Delafond <seb@debian.org> (supplier of updated cdrw-taper package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 10 Sep 2008 11:10:49 -0700
Source: cdrw-taper
Binary: cdrw-taper
Architecture: source all
Version: 0.4-2.1
Distribution: unstable
Urgency: low
Maintainer: Debian QA Group <packages@qa.debian.org>
Changed-By: Sebastien Delafond <seb@debian.org>
Description: 
 cdrw-taper - taper replacement for amanda to support backups to CD-RW or DVD+R
Closes: 496380 497743
Changes: 
 cdrw-taper (0.4-2.1) unstable; urgency=low
 .
   * Non-maintainer upload.
   * Use File:Temp to generate a temporary file (Closes: #496380).
   * Use either . or /usr/share/cdrw-taper to find taperlib.pm
     (Closes: #497743).
   * Depend on genisoimage and wodim instead of the obsoleted mkisofs and
     cdrecord.
Checksums-Sha1: 
 0e44fb1916da8dfc9797af78b5c8ecbd9c9a19ea 1001 cdrw-taper_0.4-2.1.dsc
 789cd09c88fe71cd67cd5a05eec41256ddbd887b 7260 cdrw-taper_0.4-2.1.diff.gz
 6953e409dee9986ae4ca8b5b9bb9b25f23d6d3eb 26518 cdrw-taper_0.4-2.1_all.deb
Checksums-Sha256: 
 7c4fde210b39377cbb774eb8497ada64aa0371de2c0ce604f731e4a9c1b609da 1001 cdrw-taper_0.4-2.1.dsc
 2e2f66281b72cb3305b69287eda8e06aee52f417d9b2e3af5ad343e79e7054a9 7260 cdrw-taper_0.4-2.1.diff.gz
 164eeb407472523e8706481480494ca5208d59ce15557992f07002382420f24d 26518 cdrw-taper_0.4-2.1_all.deb
Files: 
 4783e0fbccf98a0890887a157bf7f771 1001 utils optional cdrw-taper_0.4-2.1.dsc
 8b994cbd695435a583fdf69db1b3692c 7260 utils optional cdrw-taper_0.4-2.1.diff.gz
 8a5d2236a8239970415ab926324027a5 26518 utils optional cdrw-taper_0.4-2.1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFIyA3RiZgNKcDdyD8RAj0pAJ0YWnU6C0SnfxVt61uact5DVMAlugCgqecY
FEgJpQMzuSVjEOphdpiSlNQ=
=f/eT
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 16 Mar 2009 10:09:53 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Apr 16 10:48:32 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.