Bug#725876: hplip: diff for NMU version 3.13.11-2.1
tags 725876 + patch
tags 725876 + pending
thanks
Dear maintainer,
I've prepared an NMU for hplip (versioned as 3.13.11-2.1) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.
Regards.
diff -Nru hplip-3.13.11/debian/changelog hplip-3.13.11/debian/changelog
--- hplip-3.13.11/debian/changelog 2013-12-15 08:14:30.000000000 +0100
+++ hplip-3.13.11/debian/changelog 2014-01-12 11:16:50.000000000 +0100
@@ -1,3 +1,13 @@
+hplip (3.13.11-2.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Add CVE-2013-6402.patch patch.
+ CVE-2013-6402: Fix insecure temporary files handling in pkit.py.
+ (Closes: #725876)
+ * Add missing dh_bugfiles invocation in binary-indep target
+
+ -- Salvatore Bonaccorso <carnil@debian.org> Sun, 12 Jan 2014 10:59:12 +0100
+
hplip (3.13.11-2) unstable; urgency=medium
* Urgency medium for CVE fix
diff -Nru hplip-3.13.11/debian/patches/CVE-2013-6402.patch hplip-3.13.11/debian/patches/CVE-2013-6402.patch
--- hplip-3.13.11/debian/patches/CVE-2013-6402.patch 1970-01-01 01:00:00.000000000 +0100
+++ hplip-3.13.11/debian/patches/CVE-2013-6402.patch 2014-01-12 11:16:50.000000000 +0100
@@ -0,0 +1,29 @@
+Description: Fix insecure temporary files handling in pkit.py
+Origin: vendor
+Bug-Debian: http://bugs.debian.org/725876
+Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1035243
+Bug-SuSE: https://bugzilla.novell.com/show_bug.cgi?id=852368
+Bug-Gentoo: https://bugs.gentoo.org/show_bug.cgi?id=492712
+Author: Moritz Muehlenhoff <jmm@debian.org>
+Last-Update: 2014-01-12
+
+diff -aur hplip-3.12.6.orig/base/pkit.py hplip-3.12.6/base/pkit.py
+--- hplip-3.12.6.orig/base/pkit.py 2012-06-18 12:44:13.000000000 +0200
++++ hplip-3.12.6/base/pkit.py 2013-12-10 13:04:22.916674893 +0100
+@@ -29,6 +29,7 @@
+ import ConfigParser
+ import shutil
+ import stat
++import tempfile
+
+ # Local
+ from base.logger import *
+@@ -205,7 +206,7 @@
+ class BackendService(PolicyKitService):
+ INTERFACE_NAME = 'com.hp.hplip'
+ SERVICE_NAME = 'com.hp.hplip'
+- LOGFILE_NAME = '/tmp/hp-pkservice.log'
++ LOGFILE_NAME = tempfile.mktemp(prefix="hp-pkservice-", suffix=".log")
+
+ def __init__(self, connection=None, path='/', logfile=LOGFILE_NAME):
+ if connection is None:
diff -Nru hplip-3.13.11/debian/patches/series hplip-3.13.11/debian/patches/series
--- hplip-3.13.11/debian/patches/series 2013-12-09 19:56:43.000000000 +0100
+++ hplip-3.13.11/debian/patches/series 2014-01-12 11:16:50.000000000 +0100
@@ -17,3 +17,4 @@
hp-systray-make-menu-appear-in-sni-qt-indicator-with-kde.dpatch
#hp-mkuri-libnotify-so-4-support.dpatch
hpaio-option-duplex.diff
+CVE-2013-6402.patch
diff -Nru hplip-3.13.11/debian/rules hplip-3.13.11/debian/rules
--- hplip-3.13.11/debian/rules 2013-09-12 13:03:24.000000000 +0200
+++ hplip-3.13.11/debian/rules 2014-01-12 11:16:50.000000000 +0100
@@ -349,6 +349,7 @@
binary-indep: install-indep
dh_testdir -i
dh_testroot
+ dh_bugfiles
# dh_installdebconf -i
dh_installdocs -i
dh_installexamples -i
Reply to: