--- ispell-3.2.06/munchlist.X	2001-07-25 21:51:46 +0000
+++ ispell-3.2.06.epa7/munchlist.X	2003-11-09 17:27:51 +0000
@@ -1,6 +1,6 @@
 : Use /bin/sh
 #
-# $Id: munchlist.X,v 1.61 2001/07/25 21:51:46 geoff Exp $
+# $Id: munchlist.X,v 1.3 2003/11/09 17:27:51 ed Exp $
 #
 # Copyright 1987, 1988, 1989, 1992, 1993, 1999, 2001, Geoff Kuenning,
 # Claremont, CA.
@@ -19,16 +19,7 @@
 #    such.  Binary redistributions based on modified source code
 #    must be clearly marked as modified versions in the documentation
 #    and/or other materials provided with the distribution.
-# 4. Any web site or other electronic service that offers ispell for
-#    download or other electronic transfer as a separate entity, in
-#    either source or binary form, must also include a prominent statement
-#    indicating that information about ispell can be obtained from the
-#    following Web site URL:
-#	http://fmg-www.cs.ucla.edu/geoff/ispell.html
-#    If the offering service supports hyperlinks, the aforementioned
-#    Web site must also be offered as a hyperlink.  Condition #4 does
-#    not apply if ispell is offered only as part of a larger, aggregated
-#    product such as a word processor or packaged operating system.
+# (clause 4 removed with permission from Geoff Kuenning)
 # 5. The name of Geoff Kuenning may not be used to endorse or promote
 #    products derived from this software without specific prior
 #    written permission.
@@ -95,6 +86,15 @@
 #		2/28/87
 #
 # $Log: munchlist.X,v $
+# Revision 1.3  2003/11/09 17:27:51  ed
+# Fix (based on Debian's) for insecure temporary file created in findaffix
+# and munchlist.
+#
+# Revision 1.2  2001/10/05 14:22:25  ed
+# Imported 3.2.06.epa1 release.  This was previously developed using
+# sporadic RCS for certain files, but I'm not really bothered about
+# rolling back beyond this release.
+#
 # Revision 1.61  2001/07/25 21:51:46  geoff
 # Minor license update.
 #
@@ -153,15 +153,18 @@
 # Get rid of all old RCS log lines in preparation for the 3.1 release.
 #
 #
+
+TDIR=${TMPDIR-/tmp}/munchlist$$
+( umask 077 && mkdir ${TDIR} || ( echo "can't mkdir " ${TDIR} 1>&2 ; exit 1 ) )
+TMP=${TDIR}/munch$$
+
 if [ "X$MUNCHMAIL" != X ]
 then
-    exec 2> /tmp/munchlist.mail
+    exec 2> ${TDIR}/munchlist.mail
     echo "munchlist $*" 1>&2
     set -vx
 fi
 LIBDIR=!!LIBDIR!!
-TDIR=${TMPDIR-/usr/tmp}
-TMP=${TDIR}/munch$$
 SORTTMP="-T ${TDIR}"			# !!SORTTMP!!
 
 #
@@ -318,7 +321,7 @@ then
     verbose=true
     debug=yes
 fi
-trap "/bin/rm -f ${TMP}*; exit 1" 1 2 13 15
+trap "/bin/rm -rf ${TDIR}; exit 1" 1 2 13 15
 #
 # Names of temporary files.  This is just to make the code a little easier
 # to read.
@@ -381,7 +384,7 @@ case "X$convtabs" in
 esac
 echo 'QQQQQQQQ' > $FAKEDICT
 $BUILDHASH -s $FAKEDICT $convtabs $FAKEHASH \
-  ||  (echo "Couldn't create fake hash file" 1>&2; /bin/rm -f ${TMP}*; exit 1) \
+  ||  (echo "Couldn't create fake hash file" 1>&2; /bin/rm -rf ${TDIR}; exit 1) \
   ||  exit 1
 #
 # Figure out how 'sort' sorts signed fields, for arguments to ijoin.
@@ -435,7 +438,7 @@ case "$convtabs" in
     *)
 	$BUILDHASH -s $FAKEDICT $langtabs $FAKEHASH \
 	  ||  (echo "Couldn't create fake hash file" 1>&2; \
-		/bin/rm -f ${TMP}*; exit 1) \
+		/bin/rm -rf ${TDIR}; exit 1) \
 	  ||  exit 1
 	;;
 esac
@@ -736,10 +739,10 @@ ENDOFAWKSCRIPT
 	    then
 		(
 		ls -ld ${TDIR}/[A-Z]*
-		cat /tmp/munchlist.mail
+		cat ${TDIR}/munchlist.mail
 		) | mail "$MUNCHMAIL"
-		/bin/rm -f /tmp/munchlist.mail
 	    fi
+	    /bin/rm -rf ${TDIR}
 	    exit 1
 	fi
     done
@@ -820,7 +823,7 @@ if [ -s $MINIMALAFFIXES ]
 then
     $BUILDHASH -s $MINIMALAFFIXES $langtabs $FAKEHASH > /dev/null \
       ||  (echo "Couldn't create intermediate hash file" 1>&2;
-	/bin/rm -f ${TMP}*;
+	/bin/rm -rf ${TDIR};
 	exit 1) \
       ||  exit 1
     if [ "$debug" = yes ]
@@ -842,8 +845,8 @@ if [ "X$MUNCHMAIL" != X ]
 then
     (
     ls -ld ${TDIR}/[A-Z]*
-    cat /tmp/munchlist.mail
+    cat ${TDIR}/munchlist.mail
     ) | mail "$MUNCHMAIL"
-    /bin/rm -f /tmp/munchlist.mail
 fi
+rm -rf ${TDIR}
 exit 0
--- ispell-3.2.06/findaffix.X	2001-07-25 21:51:46 +0000
+++ ispell-3.2.06.epa7/findaffix.X	2003-11-09 17:27:50 +0000
@@ -1,6 +1,6 @@
 : Use /bin/sh
 #
-# $Id: findaffix.X,v 1.18 2001/07/25 21:51:46 geoff Exp $
+# $Id: findaffix.X,v 1.3 2003/11/09 17:27:50 ed Exp $
 #
 # Copyright 1992, 1993, 1999, 2001, Geoff Kuenning, Claremont, CA
 # All rights reserved.
@@ -18,16 +18,7 @@
 #    such.  Binary redistributions based on modified source code
 #    must be clearly marked as modified versions in the documentation
 #    and/or other materials provided with the distribution.
-# 4. Any web site or other electronic service that offers ispell for
-#    download or other electronic transfer as a separate entity, in
-#    either source or binary form, must also include a prominent statement
-#    indicating that information about ispell can be obtained from the
-#    following Web site URL:
-#	http://fmg-www.cs.ucla.edu/geoff/ispell.html
-#    If the offering service supports hyperlinks, the aforementioned
-#    Web site must also be offered as a hyperlink.  Condition #4 does
-#    not apply if ispell is offered only as part of a larger, aggregated
-#    product such as a word processor or packaged operating system.
+# (clause 4 removed with permission from Geoff Kuenning)
 # 5. The name of Geoff Kuenning may not be used to endorse or promote
 #    products derived from this software without specific prior
 #    written permission.
@@ -118,6 +109,15 @@
 #	should be translated to lowercase before being fed to this script.
 #
 # $Log: findaffix.X,v $
+# Revision 1.3  2003/11/09 17:27:50  ed
+# Fix (based on Debian's) for insecure temporary file created in findaffix
+# and munchlist.
+#
+# Revision 1.2  2001/10/05 14:22:25  ed
+# Imported 3.2.06.epa1 release.  This was previously developed using
+# sporadic RCS for certain files, but I'm not really bothered about
+# rolling back beyond this release.
+#
 # Revision 1.18  2001/07/25 21:51:46  geoff
 # Minor license update.
 #
@@ -131,7 +131,8 @@
 # Get rid of all old RCS log lines in preparation for the 3.1 release.
 #
 #
-TDIR=${TMPDIR-/usr/tmp}
+TDIR=${TMPDIR-/tmp}/findaffix$$
+( umask 077 && mkdir ${TDIR} || ( echo "can't mkdir " ${TDIR} 1>&2 ; exit 1 ) )
 TMP=${TDIR}/faff$$
 SORTTMP="-T ${TDIR}"			# !!SORTTMP!!
 USAGE='Usage:  findaffix [-p | -s] [-f] [-c] [-e elim] [-m min] [-M max] [-l low] [-t tabch] [files]'
@@ -213,8 +214,8 @@ do
 	    ;;
     esac
 done
-trap "/bin/rm -f ${TMP}*; exit 1" 1 2 15
-trap "/bin/rm -f ${TMP}*; exit 0" 13
+trap "/bin/rm -rf ${TDIR}; exit 1" 1 2 15
+trap "/bin/rm -rf ${TDIR}; exit 0" 13
 #
 # We are ready to do the work.  First, we collect all input, translate it
 # to lowercase, sort it (dropping duplications), and save it for later.
@@ -304,4 +305,4 @@ join "-t$tabch" -o 1.2 2.2 2.3 ${TMP}a $
     else
 	exec cat
     fi
-/bin/rm -f ${TMP}?
+rm -rf ${TDIR}