[gummi] 01/01: added no-predictable-tmpfiles.patch
Daniel Stender
danstender-guest at moszumanska.debian.org
Sun Nov 29 00:39:58 UTC 2015
This is an automated email from the git hooks/post-receive script.
danstender-guest pushed a commit to branch master
in repository gummi.
commit 7d13b0b7347d691d7a84d6a245e47acf720653ea
Author: Daniel Stender <debian at danielstender.com>
Date: Sun Nov 29 01:16:48 2015 +0100
added no-predictable-tmpfiles.patch
---
debian/changelog | 6 +++++
debian/patches/no-predictable-tmpfiles.patch | 39 ++++++++++++++++++++++++++++
debian/patches/series | 1 +
3 files changed, 46 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index ee181d7..e6383ef 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+gummi (0.6.5-6) unstable; urgency=medium
+
+ * Added no-predictable-tmpfiles.patch, fix of CVE-2015-7758 (Closes: #756432).
+
+ -- Daniel Stender <debian at danielstender.com> Sun, 29 Nov 2015 01:35:11 +0100
+
gummi (0.6.5-5) unstable; urgency=medium
* deb/copyright:
diff --git a/debian/patches/no-predictable-tmpfiles.patch b/debian/patches/no-predictable-tmpfiles.patch
new file mode 100644
index 0000000..182c57a
--- /dev/null
+++ b/debian/patches/no-predictable-tmpfiles.patch
@@ -0,0 +1,39 @@
+Description: don't generate predictable tmpfile names if filename is given
+ Quick fix for CVE-2015-7758 (#756432).
+Author: Daniel Stender <debian at danielstender.com>
+Bug: https://bugs.debian.org/756432
+Forwarded: https://github.com/alexandervdm/gummi/issues/20
+Last-Update: 2015-11-29
+
+--- a/src/editor.c
++++ b/src/editor.c
+@@ -204,10 +204,9 @@
+ gchar* base = g_path_get_basename (filename);
+ gchar* dir = g_path_get_dirname (filename);
+ ec->filename = g_strdup (filename);
+- ec->basename = g_strdup_printf ("%s%c.%s", dir, G_DIR_SEPARATOR, base);
+- ec->workfile = g_strdup_printf ("%s.swp", ec->basename);
+- ec->pdffile = g_strdup_printf ("%s%c.%s.pdf", C_TMPDIR,
+- G_DIR_SEPARATOR, base);
++ ec->basename = g_strdup (ec->fdname);
++ ec->workfile = g_strdup (ec->fdname);
++ ec->pdffile = g_strdup_printf ("%s.pdf", ec->fdname);
+ g_free (base);
+ g_free (dir);
+ } else {
+@@ -237,12 +236,9 @@
+ if (ec->filename) {
+ gchar* dirname = g_path_get_dirname (ec->filename);
+ gchar* basename = g_path_get_basename (ec->filename);
+- auxfile = g_strdup_printf ("%s%c.%s.aux", C_TMPDIR,
+- G_DIR_SEPARATOR, basename);
+- logfile = g_strdup_printf ("%s%c.%s.log", C_TMPDIR,
+- G_DIR_SEPARATOR, basename);
+- syncfile = g_strdup_printf ("%s%c.%s.synctex.gz", C_TMPDIR,
+- G_DIR_SEPARATOR, basename);
++ auxfile = g_strdup_printf ("%s.aux", ec->fdname);
++ logfile = g_strdup_printf ("%s.log", ec->fdname);
++ syncfile = g_strdup_printf ("%s.synctex.gz", ec->fdname);
+ g_free (basename);
+ g_free (dirname);
+ } else {
diff --git a/debian/patches/series b/debian/patches/series
index cc8c49a..43d7c9e 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -2,3 +2,4 @@ gummi.desktop.patch
automake-subdirs.patch
libgthread-2.0_link.patch
use-system-synctex.patch
+no-predictable-tmpfiles.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/debian-science/packages/gummi.git
More information about the debian-science-commits
mailing list