New upstream for jumpnbump, upcoming release 1.60 and call for help
Fabian Greffrath
fabian at debian.org
Wed May 17 10:24:11 UTC 2017
Hi Remi,
Rémi Verschelde wrote:
> GitLab [1]. Our fork is the most advanced jumpnbump code base, and we
> intend to become the reference upstream project.
thanks for that, I am looking forward to packaging your new release!
> existing Debian patches [3], and most were either merged or superseded
> by our own developments (there are two I plan to review in detail
It would have been nice if you kept attribution to the original patch
authors at least im the commit messages. (Edit: I have seen that you just
modified the AUTHORS file, thanks for that!)
> The last outstanding issue that we want to fix before the 1.60 release
> is the unsafe handling of temporary files ([4], debian#500611 [5]),
> which Ansgar patched in 2008. As your patch breaks the Windows
> support, we can't merge it as is, and so far we don't fully understand
> the security issues it is addressing, so we would welcome your help to
> merge a cross-platform fix upstream.
Well, I am not Ansgar, but I 'll try to reply anyway. ;)
The problem is that there is no mkstemp() on Windows; natively, that is, I
am sure it is available if using MinGW instead of MSVC. If you used
autoconf you could check for the presence of this function and act
accordingly, but you don't.
The patch rips out the entire "constant file name" solution for Windows,
which shouldn't be strictly necessary. I'd suggest to keep filename as a
char pointer and still keep two routes, one for e.g. "#ifdef _MCS_VER" and
one for the rest. In the former one let filename =
strdup("jnb.tmpmusic.mod") and in the second one go the route that has
been added by the patch. This will play safe on Unix systems and remain
"unsafe" on Windows.
And you should probably replace unlink() with remove().
Hope that helps!
Cheers,
Fabian
More information about the Pkg-games-devel
mailing list