[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#725876: hplip: diff for NMU version 3.13.11-2.1

tags 725876 + patch
tags 725876 + pending
thanks

Dear maintainer,

I've prepared an NMU for hplip (versioned as 3.13.11-2.1) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.

Regards.

diff -Nru hplip-3.13.11/debian/changelog hplip-3.13.11/debian/changelog
--- hplip-3.13.11/debian/changelog	2013-12-15 08:14:30.000000000 +0100
+++ hplip-3.13.11/debian/changelog	2014-01-12 11:16:50.000000000 +0100
@@ -1,3 +1,13 @@
+hplip (3.13.11-2.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Add CVE-2013-6402.patch patch.
+    CVE-2013-6402: Fix insecure temporary files handling in pkit.py.
+    (Closes: #725876)
+  * Add missing dh_bugfiles invocation in binary-indep target
+
+ -- Salvatore Bonaccorso <carnil@debian.org>  Sun, 12 Jan 2014 10:59:12 +0100
+
 hplip (3.13.11-2) unstable; urgency=medium
 
   * Urgency medium for CVE fix
diff -Nru hplip-3.13.11/debian/patches/CVE-2013-6402.patch hplip-3.13.11/debian/patches/CVE-2013-6402.patch
--- hplip-3.13.11/debian/patches/CVE-2013-6402.patch	1970-01-01 01:00:00.000000000 +0100
+++ hplip-3.13.11/debian/patches/CVE-2013-6402.patch	2014-01-12 11:16:50.000000000 +0100
@@ -0,0 +1,29 @@
+Description: Fix insecure temporary files handling in pkit.py
+Origin: vendor 
+Bug-Debian: http://bugs.debian.org/725876
+Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1035243
+Bug-SuSE: https://bugzilla.novell.com/show_bug.cgi?id=852368
+Bug-Gentoo: https://bugs.gentoo.org/show_bug.cgi?id=492712
+Author: Moritz Muehlenhoff <jmm@debian.org> 
+Last-Update: 2014-01-12
+
+diff -aur hplip-3.12.6.orig/base/pkit.py hplip-3.12.6/base/pkit.py
+--- hplip-3.12.6.orig/base/pkit.py	2012-06-18 12:44:13.000000000 +0200
++++ hplip-3.12.6/base/pkit.py	2013-12-10 13:04:22.916674893 +0100
+@@ -29,6 +29,7 @@
+ import ConfigParser
+ import shutil
+ import stat
++import tempfile
+ 
+ # Local
+ from base.logger import *
+@@ -205,7 +206,7 @@
+     class BackendService(PolicyKitService):
+         INTERFACE_NAME = 'com.hp.hplip'
+         SERVICE_NAME   = 'com.hp.hplip'
+-        LOGFILE_NAME   = '/tmp/hp-pkservice.log'
++        LOGFILE_NAME   = tempfile.mktemp(prefix="hp-pkservice-", suffix=".log")
+ 
+         def __init__(self, connection=None, path='/', logfile=LOGFILE_NAME):
+             if connection is None:
diff -Nru hplip-3.13.11/debian/patches/series hplip-3.13.11/debian/patches/series
--- hplip-3.13.11/debian/patches/series	2013-12-09 19:56:43.000000000 +0100
+++ hplip-3.13.11/debian/patches/series	2014-01-12 11:16:50.000000000 +0100
@@ -17,3 +17,4 @@
 hp-systray-make-menu-appear-in-sni-qt-indicator-with-kde.dpatch
 #hp-mkuri-libnotify-so-4-support.dpatch
 hpaio-option-duplex.diff
+CVE-2013-6402.patch
diff -Nru hplip-3.13.11/debian/rules hplip-3.13.11/debian/rules
--- hplip-3.13.11/debian/rules	2013-09-12 13:03:24.000000000 +0200
+++ hplip-3.13.11/debian/rules	2014-01-12 11:16:50.000000000 +0100
@@ -349,6 +349,7 @@
 binary-indep: install-indep
 	dh_testdir -i
 	dh_testroot
+	dh_bugfiles
 #	dh_installdebconf -i
 	dh_installdocs -i
 	dh_installexamples -i
Reply to: