Dear Release managers, I have prepared a fixed version of emacspeak for testing, with a bug fix for the symlink attacks as well as a piuparts fix by Christian Perrier. I have tried to contact the maintainer, James, but he has not been responsive. The reason why I was unprepared to upload this is because I have no means to test this package. However, a friendly non-Debian emacspeak user was kind enough to run test the patched program and review the patch for me, so I have an upload ready. So, please answer the following: Being fully aware that I don't use this package, but have an interest in seeing this in Lenny, would you allow me to upload this package? (If someone else does it, I'll be more than happy!). The reason I want this to be in Lenny is because I believe several of our visually challenged users would find this software useful. I have attached the proposed patch, for review. Again, if someone else comes forward, I'd be more than happy to let them take over. Thanks. Kumar -- Kumar Appaiah
diff -u emacspeak-26.0/debian/README.Debian emacspeak-26.0/debian/README.Debian
--- emacspeak-26.0/debian/README.Debian
+++ emacspeak-26.0/debian/README.Debian
@@ -13,6 +13,9 @@
gets configuration parameters from /etc/emacspeak.conf and starts
emacs with emacspeak support.
+Before it is used, Emacspeak must be configured by root, by running
+'emacspeakconfig -i'.
+
Several "flavors" of emacs may be installed at the same time (emacs20,
emacs21, xemacs21, etc.). In accordance with the Debian emacs policy,
emacspeak is byte-compiled separately for each supported flavor -
@@ -87,0 +91,2 @@
+
+ -- Christian Perrier <bubulle@debian.org>, Sat, 25 Oct 2008 13:31:18 z
diff -u emacspeak-26.0/debian/changelog emacspeak-26.0/debian/changelog
--- emacspeak-26.0/debian/changelog
+++ emacspeak-26.0/debian/changelog
@@ -1,3 +1,13 @@
+emacspeak (26.0-3+lenny1) testing; urgency=high
+
+ * Non-maintainer upload.
+ * Backport the fix for preventing symlink attacks from the new upstream
+ release. (Closes: #496431)
+ * Use Christian Perrier's patch for stopping the call to
+ emacspeakconfig. (Closes: #502761)
+
+ -- Kumar Appaiah <akumar@debian.org> Sat, 08 Nov 2008 14:11:24 -0600
+
emacspeak (26.0-3) unstable; urgency=low
* debian/control: depend on w3-el-e21 (thanks to Sam Hartman
diff -u emacspeak-26.0/debian/postinst emacspeak-26.0/debian/postinst
--- emacspeak-26.0/debian/postinst
+++ emacspeak-26.0/debian/postinst
@@ -46,7 +46,9 @@
fi
fi
-emacspeakconfig -i
+# Commented as this implies prompting without using
+# debconf. See #502761
+# emacspeakconfig -i
# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.
only in patch2:
unchanged:
--- emacspeak-26.0.orig/lisp/emacspeak-wizards.el
+++ emacspeak-26.0/lisp/emacspeak-wizards.el
@@ -1792,15 +1792,20 @@
(read-from-minibuffer "Count: ")))
(declare (special
emacspeak-wizards-table-content-extractor))
- (let ((output (format "/tmp/%s.csv" task)))
- (shell-command
- (format "%s --task=%s --url='%s' --depth=%s --count=%s"
- emacspeak-wizards-table-content-extractor
- task
- url
- depth count ))
- (emacspeak-table-find-csv-file output)
- (delete-file output)))
+ (let ((buffer (get-buffer-create " *table extractor*")))
+ (save-excursion
+ (set-buffer buffer)
+ (erase-buffer)
+ (setq buffer-undo-list t)
+ (call-process
+ emacspeak-wizards-table-content-extractor
+ nil t nil
+ "--task" task
+ "--url" url
+ "--depth" depth
+ "--count" count
+ "2>/dev/null")
+ (emacspeak-table-view-csv-buffer))))
;;;###autoload
(defun emacspeak-wizards-get-table-content-from-file (task file depth count )
"Extract table specified by depth and count from HTML
@@ -1814,11 +1819,21 @@
(read-from-minibuffer "Depth: ")
(read-from-minibuffer "Count: ")))
(declare (special emacspeak-wizards-table-content-extractor))
- (shell-command
- (format "%s --task=%s --file=%s --depth=%s --count=%s"
- emacspeak-wizards-table-content-extractor
- task file depth count ))
- (emacspeak-table-find-csv-file (format "/tmp/%s.csv" task)))
+ (let ((buffer
+ (get-buffer-create " *table extractor* ")))
+ (save-excursion
+ (set-buffer buffer)
+ (erase-buffer)
+ (setq buffer-undo-list t)
+ (call-process
+ emacspeak-wizards-table-content-extractor
+ nil t nil
+ "--task" task
+ "--file" file
+ "--depth" depth
+ "--count" count
+ "2>/dev/null")
+ (emacspeak-table-view-csv-buffer))))
;;}}}
;;{{{ annotation wizard
@@ -2171,8 +2186,10 @@
emacspeak-wizards-quote-command
emacspeak-wizards-quote-row-filter))
(let ((temp-file
- (format "/tmp/%s.csv"
- (gensym "quotes"))))
+ (expand-file-name
+ (format "%s.csv"
+ (gensym "quotes"))
+ emacspeak-resource-directory)))
(shell-command
(format
"echo '%s' | perl %s > %s"
only in patch2:
unchanged:
--- emacspeak-26.0.orig/lisp/emacspeak-w3m.el
+++ emacspeak-26.0/lisp/emacspeak-w3m.el
@@ -867,9 +867,10 @@
"Preview this buffer in w3m."
(interactive)
(let ((filename
- (format "/tmp/%s.html"
- (make-temp-name "w3m"))))
- (write-region (point-min)
+ (make-temp-file
+ (format "%s.html"
+ (make-temp-name "w3m")))))
+ (write-region (point-min)
(point-max)
filename)
(w3m-find-file filename)
Attachment:
signature.asc
Description: Digital signature