Okay, the temporary files I believe are now secure. Any files created in /tmp are made using mktemp (in bash scripts) or tempfile (in python scripts). The playable_text file is created (owned) by root and chmod 700 prior to writing if it will be run from root's cron.
I've made a new release on launchpad, with the source tarball. The changelog now reflects that this is now responding also to bug 912762 (see below). Debdiff is attached.
wakeup (1.2-0ubuntu1) precise; urgency=low
* New upstream release (LP: #909189).
- Changed weather source to google using python-pywapi
- Added location.py in wakeup directory as plugin helper
- Added plugin "Commands" which allows arbitrary user dataitems
- Changed HebrewCalendar to use location from location.py
- fixed problems to do with hard-coded DISPLAY variable
- fixed issues with stopping the alarm
- removed calls to os.system and commands.get(status)output
- use secure temp files (LP: #912762)
- root-owned chmod 700 playable_text file for boot alarms
- small bug fixes
* Updated packaging
- Removed all perl dependencies
- wrap-and-sort debian/
- converted copyright to dep5 format
- use dh_python2 instead of pysupport
Okay, the temporary files I believe are now secure. Any files created in /tmp are made using mktemp (in bash scripts) or tempfile (in python scripts). The playable_text file is created (owned) by root and chmod 700 prior to writing if it will be run from root's cron.
I've made a new release on launchpad, with the source tarball. The changelog now reflects that this is now responding also to bug 912762 (see below). Debdiff is attached.
wakeup (1.2-0ubuntu1) precise; urgency=low
* New upstream release (LP: #909189). get(status) output
- Changed weather source to google using python-pywapi
- Added location.py in wakeup directory as plugin helper
- Added plugin "Commands" which allows arbitrary user dataitems
- Changed HebrewCalendar to use location from location.py
- fixed problems to do with hard-coded DISPLAY variable
- fixed issues with stopping the alarm
- removed calls to os.system and commands.
- use secure temp files (LP: #912762)
- root-owned chmod 700 playable_text file for boot alarms
- small bug fixes
* Updated packaging
- Removed all perl dependencies
- wrap-and-sort debian/
- converted copyright to dep5 format
- use dh_python2 instead of pysupport