--- crip-3.9.orig/debian/README.source +++ crip-3.9/debian/README.source @@ -0,0 +1,4 @@ +This package uses quilt to manage modifications to the upstream +source. There are patches in debian/patches that are applied during +the build process. For more information, see +/usr/share/doc/quilt/README.source --- crip-3.9.orig/debian/manpages +++ crip-3.9/debian/manpages @@ -0,0 +1,3 @@ +debian/crip.1 +debian/editcomment.1 +debian/editfilenames.1 --- crip-3.9.orig/debian/crip.pod +++ crip-3.9/debian/crip.pod @@ -0,0 +1,67 @@ +=pod + +=head1 NAME + +crip - a terminal-based ripper/encoder/tagger tool + +=head1 SYNOPSIS + +B [F] + +=head1 DESCRIPTION + +B is a terminal-based ripper/encoder/tagger tool for creating Ogg Vorbis/FLAC files under UNIX/Linux. + +=head1 OPTIONS + +B<-h>, B<--help> Print help and exit. + +B<-v>, B<--version> Print version of crip and exit. + +B<-e codec> Encode to vorbis or flac (default = vorbis). + +B<-s media> Specify the source media (default = CD). + +B<-g genre> Specify the music genre (default = classical). + +B<-q [on/off]> Classical-stype questioning (default = off). + +B<-m [on/off]> Map european to american-only chars (default = off). + +B<-t [on/off]> Trim leading/tailing silence (default = off). + +B<-n [on/off]> Normalize the audio (default = off). + +B<-V voltresh> Volume threshold for normalizing (default = 1.078) (only used when normalizing is enabled). + +B<-r [on/off]> Remove files after encoding (default = on). + +B<-E editor> Editor to use (default = sensible-editor). + +B<-u [on/off/both]> Use editor to name the files (default = on) (as opposed to the command-line). + +B<-o flags> Flags to pass to oggenc (default = '-q 4'). + +B<-f flags> Flags to pass to flac (default = '--best --replay-gain'). + +B<-c flags> Flags to pass to cdparanoia (default = '-v -z'). + +B<-d device> CDrom device to read from (default = /dev/cdrom). + +B<-w [on/off]> Skip the ripping (makes empty .wav files) (default = off) (useful if you already have the .wav files to encode). + +B<-p [on/off]> Prompt to continue after ripping (default = off) (useful pause to edit .wav files before encoding). + +B<-x [on/off]> Eject CD when done ripping (default = off) + +=head1 SEE ALSO + +L +L +L + +=head1 AUTHOR + +This manual page was written by Florian Ragwitz Eflorian.ragwitz@s2004.tu-chemnitz.deE, for the Debian project (but may be used by others). + +=cut --- crip-3.9.orig/debian/changelog +++ crip-3.9/debian/changelog @@ -0,0 +1,112 @@ +crip (3.9-1) unstable; urgency=low + + * New upstream release (Closes: #366201) + * convert to quilt + * refresh patches + * remove 20missing_option.diff, it looks like it's applied upstream + * remove 40metaflac_syntax_changes.diff, it's fixed upstream + * debhelper 7 + * update README.source + * update debian/copyright + * fix description + * fix typo in man page (Closes: #434862) + * Debian policy 3.8.1 + * update debian copyright + * remove debian/dirs, it isn't needed + + -- Ryan Niebur Sat, 04 Apr 2009 11:33:46 -0700 + +crip (3.7-7) unstable; urgency=low + + * rebuild without debian/patch + + -- Ryan Niebur Mon, 26 Jan 2009 08:13:10 -0800 + +crip (3.7-6) unstable; urgency=low + + * still use tempdir to safely create a temporary directory if the user + set cddbsubmitdir (like in the example criprc) + + -- Ryan Niebur Sat, 10 Jan 2009 11:54:29 -0800 + +crip (3.7-5) unstable; urgency=low + + * fix CVE-2008-5376 (Closes: #509275) + + -- Ryan Niebur Sat, 20 Dec 2008 11:23:38 -0800 + +crip (3.7-4) unstable; urgency=low + + * Adopt (Closes: #507385) + * Upgrade to policy 3.8.0 + - add README.source + - add Homepage field + * Move Build-Depends-Indep into Build-Depends, as they are needed + for clean + * Fix patches to not walk outside the build directory (Closes: + #482990, #483318) + * move stuff in binary-arch rules target to binary-indep + * Add watch file + * Fix copyright file + * Fix syntax for metaflac options. Thanks for the patch, Frank Gevaerts + (Closes: #457749) + + -- Ryan Niebur Tue, 02 Dec 2008 01:08:26 -0800 + +crip (3.7-3) unstable; urgency=low + + * wrote a patch which prevents overwriting of files (Closes: #353318). + * updated from arch any to arch all (Closes: #357309). + + -- Timo Schneider Wed, 05 Apr 2006 22:52:34 +0200 + +crip (3.7-2) unstable; urgency=low + + * Added '-m on/off' to parsed options (Closes: #347693). + * deleted /usr/lib/crip which was empty anyway + + -- Timo Schneider Thu, 12 Jan 2006 14:42:00 +0100 + +crip (3.7-1) unstable; urgency=low + + * New upstream release. + + Adds charset info on cddb submits (Closes: #334535). + + -- Timo Schneider Tue, 27 Dec 2005 14:57:06 +0100 + +crip (3.6-1) unstable; urgency=low + + * New maintainer with ack from the old maintainer. + + -- Timo Schneider Fri, 04 Nov 2005 12:30:00 +0200 + +crip (3.5-1sarge2) stable-security; urgency=high + + * Non-maintainer upload by the Security Team + * No changes upload due to the release + + -- Martin Schulze Fri, 10 Jun 2005 12:28:34 +0200 + +crip (3.5-1sarge1) testing-security; urgency=high + + * Non-maintainer upload by the Security Team + * Applied patch by Florian Ragwitz to fix insecure temporary file + creation [editfilenames, editcomment, CAN-2005-0393] + + -- Martin Schulze Sat, 4 Jun 2005 16:35:09 +0200 + +crip (3.5-1) unstable; urgency=low + + * New upstream release (Closes: #276946). + * We're now using dpatch. + * Removed debian/*.1. + * Added pod manpages. + + -- Florian Ragwitz Thu, 3 Feb 2005 14:30:07 +0100 + +crip (3.4-1) unstable; urgency=low + + * Initial Release (Closes: #181713). + + -- Florian Ragwitz Sun, 18 Jul 2004 16:46:57 +0200 + --- crip-3.9.orig/debian/copyright +++ crip-3.9/debian/copyright @@ -0,0 +1,34 @@ +This package was debianized by Florian Ragwitz on +Sun, 18 Jul 2004 16:46:57 +0200. + +It was downloaded from http://bach.dynet.com/crip/ + +Upstream Author: Charlton Harrison + +Copyright: 2001-2005 Charlton Harrison (charlton@dynet.com) +License: + crip is GPL. It was written in the spirit of open source and its + implications. + +CDDB_get.pm: +Copyright: (c) 2002 Armin Obersteiner +License: + This library is released under the same conditions as Perl, that + is, either of the following: + + a) the GNU General Public License Version 2 as published by the + Free Software Foundation, + + b) the Artistic License. + +Debian packaging: +Copyright: 2004,2005 Florian Ragwitz , + 2005,2006 Timo Schneider , + 2008,2009 Ryan Niebur +License: + The Debian packaging is licensed under the GPL, see `/usr/share/common-licenses/GPL-2'. + + On Debian GNU/Linux systems, the complete text of the GNU General + Public License can be found in `/usr/share/common-licenses/GPL-2' and + the Artistic License can be found in + '/usr/share/common-licenses/Artistic'. --- crip-3.9.orig/debian/examples +++ crip-3.9/debian/examples @@ -0,0 +1 @@ +criprc_example --- crip-3.9.orig/debian/clean +++ crip-3.9/debian/clean @@ -0,0 +1,3 @@ +debian/crip.1 +debian/editcomment.1 +debian/editfilenames.1 --- crip-3.9.orig/debian/control +++ crip-3.9/debian/control @@ -0,0 +1,26 @@ +Source: crip +Section: sound +Priority: optional +Maintainer: Ryan Niebur +Build-Depends: debhelper (>= 7.0.0), quilt +Build-Depends-Indep: perl +Standards-Version: 3.8.1 +Homepage: http://bach.dynet.com/crip/ + +Package: crip +Architecture: all +Depends: ${perl:Depends}, ${misc:Depends}, cdparanoia, libcddb-get-perl, vorbis-tools, vorbisgain, flac (>= 1.1.1), sox +Description: terminal-based ripper/encoder/tagger tool + crip creates Ogg Vorbis/FLAC/MP3 files under UNIX/Linux. It is + well-suited for anyone (especially the perfectionist) who seeks to + make a lot of files from CDs and have them all properly labeled and + professional-quality with a minimum of hassle and yet still have + flexibility and full control over everything. Current versions of + crip only support Ogg Vorbis and FLAC. + . + This script is special because it is capable of doing group + vorbisgain/replaygain and/or normalization (adjust the volume to be + as loud as possible without clipping/distortion) and group + labelling/tagging, which makes it easy to allow a group of tracks to + be treated as one piece. It can also trim off the silence at the + beginning and end of these tracks/groups. --- crip-3.9.orig/debian/watch +++ crip-3.9/debian/watch @@ -0,0 +1,2 @@ +version=3 +http://bach.dynet.com/crip/download.html .*crip-(.*).tar.gz --- crip-3.9.orig/debian/editcomment.pod +++ crip-3.9/debian/editcomment.pod @@ -0,0 +1,24 @@ +=pod + +=head1 NAME + +editcomment - program to edit comments of Ogg vorbis files + +=head1 SYNOPSIS + +B file + +=head1 DESCRIPTION + +B is a program that edits comments of Ogg forbis files. + +=head1 OPTIONS + +This program only takes one argument: the file, the comment of which +bill be edited. + +=head1 AUTHOR + +This manual page was written by Florian Ragwitz Eflorian.ragwitz@s2004.tu-chemnitz.deE, for the Debian project (but may be used by others). + +=cut --- crip-3.9.orig/debian/compat +++ crip-3.9/debian/compat @@ -0,0 +1 @@ +7 --- crip-3.9.orig/debian/install +++ crip-3.9/debian/install @@ -0,0 +1,3 @@ +editcomment usr/bin/ +crip usr/bin/ +editfilenames usr/bin/ --- crip-3.9.orig/debian/editfilenames.pod +++ crip-3.9/debian/editfilenames.pod @@ -0,0 +1,28 @@ +=pod + +=head1 NAME + +editfilenames - filename editor for crip + +=head1 SYNOPSIS + +B [-p] [-h] [filenames] + +=head1 DESCRIPTION + +B allows you to quickly and conveniently edit the names of a +list of files using your favorite editor. + +=head1 OPTIONS + +F<-p> Prompt for a prefix to put onto all the filenames. + +F<-h>, F<-?>, F<--help> Print help and exit. + +=head1 AUTHOR + +This manual page was written by Florian Ragwitz +Eflorian.ragwitz@s2004.tu-chemnitz.deE, for the Debian project +(but may be used by others). + +=cut --- crip-3.9.orig/debian/docs +++ crip-3.9/debian/docs @@ -0,0 +1,2 @@ +README +TODO --- crip-3.9.orig/debian/rules +++ crip-3.9/debian/rules @@ -0,0 +1,22 @@ +#!/usr/bin/make -f + +include /usr/share/quilt/quilt.make + +build: build-stamp +build-stamp: $(QUILT_STAMPFN) + pod2man --section=1 --release="Debian Project" --center="Debian GNU/Linux manual" debian/crip.pod debian/crip.1 + pod2man --section=1 --release="Debian Project" --center="Debian GNU/Linux manual" debian/editcomment.pod debian/editcomment.1 + pod2man --section=1 --release="Debian Project" --center="Debian GNU/Linux manual" debian/editfilenames.pod debian/editfilenames.1 + dh build + +clean: unpatch + dh clean + +install: build + dh install + +binary-indep: build install + dh binary-indep + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary install configure patch unpatch --- crip-3.9.orig/debian/patches/10sensible_editor.diff +++ crip-3.9/debian/patches/10sensible_editor.diff @@ -0,0 +1,41 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 10sensible_editor.dpatch by +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Use sensible-editor instead of vim as editor + +@DPATCH@ + +--- a/crip ++++ b/crip +@@ -71,7 +71,7 @@ + $editnames = "on"; + + # Your favorite editor for editing filenames and tag files +-$editor = "vim"; ++$editor = "sensible-editor"; + + # Default contact information (put YOUR e-mail address here!) + # Remember to escape the '@' (by putting a '\' before it). +--- a/editcomment ++++ b/editcomment +@@ -3,7 +3,7 @@ + # Supports both .ogg and .flac files. + + # Put preferred editor here +-$editor = "vim"; ++$editor = "sensible-editor"; + + $file = $ARGV[0]; + +--- a/editfilenames ++++ b/editfilenames +@@ -4,7 +4,7 @@ + # + + # Put preferred editor here +-$editor = "vim"; ++$editor = "sensible-editor"; + + # Temporary filename + $tmpfile = "/tmp/filelist.txt"; --- crip-3.9.orig/debian/patches/series +++ crip-3.9/debian/patches/series @@ -0,0 +1,3 @@ +10sensible_editor.diff +30dont_overwrite_files.diff +50security-fixes.diff --- crip-3.9.orig/debian/patches/30dont_overwrite_files.diff +++ crip-3.9/debian/patches/30dont_overwrite_files.diff @@ -0,0 +1,227 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 30_dont_overwrite_files.dpatch by Timo Schneider +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: A patch which prevents overwriting files + +@DPATCH@ + +--- a/crip ++++ b/crip +@@ -532,24 +532,30 @@ + use CDDB_get qw( get_cddb get_discids ); + + # Check for existing *.wav, *.tag, *.ogg, *.flac or filenames.txt files +-$out = `ls *.wav *.ogg *.flac *.tag 2>/dev/null`; +-if ($out ne "") { +- print "You currently have *.wav, *.ogg, *.flac, or *.tag files in the current\n"; +- print "working directory. These are subject to being overwritten.\n\n"; +- print "Press to proceed (or ctrl-C to abort): "; +- $inp = ; +-} +-if (-e "filenames.txt") { +- print "You currently have a filenames.txt file in the current working\n"; +- print "working directory. This will be deleted!\n\n"; +- print "Press to proceed (or ctrl-C to abort): "; +- $inp = ; +- # Go ahead and delete the file now so that if the script is stopped and +- # restarted this question won't keep bugging the user. +- print "Deleting filenames.txt\n\n"; +- `rm filenames.txt`; ++ ++ ++# We don't need this any more, even if there are *.wav, *.tag ... files, they won't be overwritten :-) ++# ++# ++#$out = `ls *.wav *.ogg *.flac *.tag 2>/dev/null`; ++#if ($out ne "") { ++# print "You currently have *.wav, *.ogg, *.flac, or *.tag files in the current\n"; ++# print "working directory. These are subject to being overwritten.\n\n"; ++# print "Press to proceed (or ctrl-C to abort): "; ++# $inp = ; ++#} ++# ++ ++# check if "filenames.txt" already exists, if so, take filenames.1.txt... ++ ++$titlefile = "filenames.txt"; ++my $counter=1; ++while (-e $titlefile) { ++ $titlefile=~s/(filenames).*(txt)/$1.$counter.$2/; ++ $counter++; + } + ++ + # End of check components section. + + +@@ -1095,7 +1101,7 @@ + if ($editnames eq "on") { + print "Here are the computer-chosen filenames for the tracks that you've picked:\n"; + # Create the filenames.txt file now +- open(NAMEFILE, ">filenames.txt"); ++ open(NAMEFILE, ">$titlefile"); + $listnum = 0; + while ($listnum <= $#list) { + $index = 0; +@@ -1112,7 +1118,7 @@ + do { + # Print out the filenames.txt file to the screen + print "-------------------------------------------------------------------------------\n"; +- open(NAMEFILE, "filenames.txt"); ++ open(NAMEFILE, "$titlefile"); + while ($line = ) { + # Process $line just like the filenames would be before showing them + chop $line; $line =~ s/^\s*//; $line =~ s/\s*$//; +@@ -1138,13 +1144,13 @@ + if ($inp eq "") { $inp = $default; } + $inp =~ s/\s//g; + if ($inp =~ m/^\s*y/i) { +- system "$editor filenames.txt"; ++ system "$editor $titlefile"; + $firstpass = 0; + } + # Process filenames.txt into $oname[][] and $name[][] + $broken = 0; # Will set this to 1 if the file is discovered to be broken + $warning = 0; +- open(NAMEFILE, "filenames.txt"); ++ open(NAMEFILE, $titlefile); + $listnum = 0; + while ($listnum <= $#list) { + $index = 0; +@@ -1387,7 +1393,7 @@ + if ($editnames eq "both") { + print "\nHere are the filenames you put:\n"; + # Create the filenames.txt file now +- open(NAMEFILE, ">filenames.txt"); ++ open(NAMEFILE, ">$titlefile"); + $listnum = 0; + while ($listnum <= $#list) { + $index = 0; +@@ -1404,7 +1410,7 @@ + do { + # Print out the filenames.txt file to the screen + print "-------------------------------------------------------------------------------\n"; +- open(NAMEFILE, "filenames.txt"); ++ open(NAMEFILE, $titlefile); + while ($line = ) { + # Process $line just like the filenames would be before showing them + chop $line; $line =~ s/^\s*//; $line =~ s/\s*$//; +@@ -1430,13 +1436,13 @@ + if ($inp eq "") { $inp = $default; } + $inp =~ s/\s//g; + if ($inp =~ m/^\s*y/i) { +- system "$editor filenames.txt"; ++ system "$editor $titlefile"; + $firstpass = 0; + } + # Process filenames.txt into $oname[][] and $name[][] + $broken = 0; # Will set this to 1 if the file is discovered to be broken + $warning = 0; +- open(NAMEFILE, "filenames.txt"); ++ open(NAMEFILE, $titlefile); + $listnum = 0; + while ($listnum <= $#list) { + $index = 0; +@@ -1484,6 +1490,57 @@ + + print "\n\n"; + ++# At this point the user has definetly chosen the filenames he wants ++# for the tracks. We have to check if they are OK or if older files ++# exist which have the same name. They would be overwritten. This is a ++# very bad thing, so we change the "dangerous" track/filenames "foo" ++# into "foo.n" where n is the smallest possible natural positive number ++# to let the filename become unique (so that there is no old file with ++# the same name in the current working directory). But we also have to ++# take care that all the new files we create have unique names. ++# Another problem is the cdda.wav file cdparanoia creates as a default ++# output file. We don't want to mess up an older cdda.wav file lying ++# around. ++ ++# Perls -e doesn't support wildcards, but we need them for the filetest ++# because a track named foo may bring up a bunch of files during ripping: ++# foo.wav, foo.rev.wav, foo.ogg etc. ++# And whe have to check that all the track titles on the list are unique. ++# So we just write our own -e: ++ ++sub dash_e { ++ @i = glob $_[0]; ++ return 1 if (scalar @i || -e $_[0]); ++ $_[0]=~m/^(.*)\.\*/; ++ return 1 if ($unique{$1} >= 1); ++ return 0; ++} ++%unique = (); ++$listnum = 0; ++while ($listnum <= $#list) { ++ $index = 0; ++ while ($index <= $#{$list[$listnum]}) { ++ if (dash_e("$name[$listnum][$index].*")) { ++ my $i = 1; ++ while (dash_e("$name[$listnum][$index].$i.*")) { $i++; } ++ $name[$listnum][$index] = "$name[$listnum][$index].$i"; ++ $oname[$listnum][$index] = "$oname[$listnum][$index].$i"; ++ $unique{"$name[$listnum][$index].$i"}++; ++ } else { $unique{"$name[$listnum][$index]"}++; } ++ $index++; ++ } ++ $listnum++; ++} ++ ++# Let's take care of the cdparanoia outfile: ++ ++$cdparanoia_outfile="cdda"; ++if (-e "$cdparanoia_outfile.wav") { ++ $i=1; ++ while (-e "$cdparanoia_outfile.$i.wav") {$i++;} ++ $cdparanoia_outfile = "$cdparanoia_outfile.$i.wav"; ++} ++ + + # Note: $oname[][] (original name) is the same as $name[][] with the + # exception that $name includes an escape "\" on characters used to +@@ -1809,7 +1866,7 @@ + do { + print "\n---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ----\n"; + print "Ripping track ", $list[$listnum][$index], "...\n\n"; +- $cdpcmd="cdparanoia $tmpcdflags -d $cddevice $list[$listnum][$index]"; ++ $cdpcmd="cdparanoia $tmpcdflags -d $cddevice $list[$listnum][$index] $cdparanoia_outfile"; + print "Command: $cdpcmd\n"; + $cdpout = system "$cdpcmd"; + if ($cdpout != 0) { +@@ -1860,8 +1917,8 @@ + # ...but there is currently no way to do it! + + # Rename cdda.wav to $name[][].wav +- print "Moving cdda.wav to $name[$listnum][$index].wav\n"; +- `mv -- cdda.wav $name[$listnum][$index].wav`; ++ print "Moving $cdparanoia_outfile to $name[$listnum][$index].wav\n"; ++ `mv -- $cdparanoia_outfile $name[$listnum][$index].wav`; + } # End if ($skiprip eq "on) + + $index++; +@@ -2204,12 +2261,17 @@ + + # Delete the filenames.txt file + if ($delfiles eq "on") { +- print "Deleting filenames.txt\n"; +- `rm filenames.txt`; +- if (-e "filenames.txt~") { +- print "Deleting filenames.txt~\n"; +- `rm filenames.txt~`; +- } ++ print "Deleting $titlefile\n"; ++ `rm $titlefile`; ++ ++# Why are we doing this? We didn't create any *~ files, so we won't delete them. ++# If there are editors which create such files without deleting them afterwards, ++# it would be better to fix the editor than providing a dangerous workaraound. ++ ++# if (-e "$titlefile~") { ++# print "Deleting $titlefile~\n"; ++# `rm $titlefile~`; ++# } + } + + --- crip-3.9.orig/debian/patches/50security-fixes.diff +++ crip-3.9/debian/patches/50security-fixes.diff @@ -0,0 +1,122 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## security-fixes.dpatch by Ryan Niebur +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: CVE-2008-5376: insecure temp file handling + +@DPATCH@ +--- a/crip ++++ b/crip +@@ -193,7 +193,9 @@ + $cddbsubmitaddr = "freedb-submit\@freedb.org"; + # Directory to write the cddb submit entry file (need to have write + # permissions to this directory). +-$cddbsubmitdir = "/tmp"; ++use File::Spec; ++$cddbsubmitdir = File::Spec->tmpdir(); ++ + # The following is the charset for the freedb-submit e-mail: + $charset = "iso-8859-1"; + +@@ -219,6 +221,9 @@ + # Default is to use cddb protocol to access cddb server without proxy. + $cddbproxy = {}; + ++use File::Temp; ++$cddbsubmitdir = File::Temp::tempdir(CLEANUP => 1, DIR => $cddbsubmitdir); ++ + # End of Defaults Section ----------------------------------------------------- + + # Allow the user to override the defaults from the command line... +--- a/criprc_example ++++ b/criprc_example +@@ -168,7 +168,7 @@ + + # Directory to write the cddb submit entry file (need to have write + # permissions to this directory). +-cddbsubmitdir = /tmp ++# cddbsubmitdir = /home/user/tmp/ + + # The following is the charset for the freedb-submit e-mail: + charset = iso-8859-1 +--- a/editcomment ++++ b/editcomment +@@ -11,8 +11,11 @@ + die "File \"$file\" does not exist.\n"; + } + ++use File::Temp; ++$tempdir = File::Temp::tempdir(CLEANUP => 1);; ++ + if (-e "$file.tag.tmp") { +- die "WTF is \"$file.tag.tmp\" already doing in /tmp ?!\n"; ++ die "WTF is \"$file.tag.tmp\" already doing in $tempdir?!\n"; + } + + # Escape certain characters from $file +@@ -32,16 +35,16 @@ + die "Cannot find `vorbiscomment` for tagging the Ogg Vorbis files!\n"; + } + +- system "vorbiscomment -l $file > /tmp/$file.tag.tmp"; ++ system "vorbiscomment -l $file > $tempdir/$file.tag.tmp"; + +- system "$editor /tmp/$file.tag.tmp"; ++ system "$editor $tempdir/$file.tag.tmp"; + + print "Writing new tag info...\n"; +- system "vorbiscomment -w -c /tmp/$file.tag.tmp $file"; ++ system "vorbiscomment -w -c $tempdir/$file.tag.tmp $file"; + print "Done.\n"; + +- print "Deleting temporary file /tmp/$file.tag.tmp\n"; +- system "rm /tmp/$file.tag.tmp"; ++ print "Deleting temporary file $tempdir/$file.tag.tmp\n"; ++ system "rm $tempdir/$file.tag.tmp"; + + print "\nTag info now reads:\n"; + system "vorbiscomment -l $file"; +@@ -57,23 +60,23 @@ + } + + if ($mfver lt "1.1.1") { +- system "metaflac --export-vc-to=/tmp/$file.tag.tmp $file"; ++ system "metaflac --export-vc-to=$tempdir/$file.tag.tmp $file"; + } else { +- system "metaflac --export-tags-to=/tmp/$file.tag.tmp $file"; ++ system "metaflac --export-tags-to=$tempdir/$file.tag.tmp $file"; + } + +- system "$editor /tmp/$file.tag.tmp"; ++ system "$editor $tempdir/$file.tag.tmp"; + + print "Writing new tag info...\n"; + if ($mfver lt "1.1.1") { +- system "metaflac --remove-vc-all --import-vc-from=/tmp/$file.tag.tmp $file"; ++ system "metaflac --remove-vc-all --import-vc-from=$tempdir/$file.tag.tmp $file"; + } else { +- system "metaflac --remove-all-tags --import-tags-from=/tmp/$file.tag.tmp $file"; ++ system "metaflac --remove-all-tags --import-tags-from=$tempdir/$file.tag.tmp $file"; + } + print "Done.\n"; + +- print "Deleting temporary file /tmp/$file.tag.tmp\n"; +- system "rm /tmp/$file.tag.tmp"; ++ print "Deleting temporary file $tempdir/$file.tag.tmp\n"; ++ system "rm $tempdir/$file.tag.tmp"; + + print "\nTag info now reads:\n"; + if ($mfver lt "1.1.1") { +--- a/editfilenames ++++ b/editfilenames +@@ -7,7 +7,9 @@ + $editor = "sensible-editor"; + + # Temporary filename +-$tmpfile = "/tmp/filelist.txt"; ++use File::Temp; ++$tempdir = File::Temp::tempdir(CLEANUP => 1);; ++$tmpfile = "$tempdir/filelist.txt"; + + # Substitute spaces with an underscore (on/off - default="on") + $subsp = "on";