Bug#562127: pu: package python-docutils/0.5-2+lenny1
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: pu
I have prepared fix for a security bug in python-docutils (#560755).
debdiff attached.
Please let me known if it's okay to upload it to s-p-u.
--
Jakub Wilk
Index: debian/changelog
===================================================================
--- debian/changelog (revision 10766)
+++ debian/changelog (revision 10855)
@@ -1,3 +1,11 @@
+python-docutils (0.5-2+lenny1) stable; urgency=high
+
+ * Fix insecure use of temporary files in the Emacs major mode for
+ reStructuredText (closes: #560755). Thanks to Kumar Appaiah for helping to
+ deal with this bug.
+
+ -- Jakub Wilk <ubanus@users.sf.net> Wed, 16 Dec 2009 14:14:14 +0100
+
python-docutils (0.5-2) unstable; urgency=low
* Upload docutils 0.5 to unstable
Index: debian/patches/18_emacs_temporary_files.dpatch
===================================================================
--- debian/patches/18_emacs_temporary_files.dpatch (revision 0)
+++ debian/patches/18_emacs_temporary_files.dpatch (revision 10855)
@@ -0,0 +1,109 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 18_emacs_temporary_files.dpatch by Jakub Wilk <ubanus@users.sf.net>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Fix insecure use of temporary files
+
+@DPATCH@
+
+Description: Fix insecure use of temporary files
+ in the Emacs major mode for reStructuredText (rst.el).
+Author: Jakub Wilk <ubanus@users.sf.net>
+Bug: http://sourceforge.net/tracker/?func=detail&aid=2912890&group_id=38414&atid=422030
+Bug-Debian: http://bugs.debian.org/560755
+Last-Update: 2009-12-15
+
+diff --git a/tools/editors/emacs/rst.el b/tools/editors/emacs/rst.el
+--- a/tools/editors/emacs/rst.el
++++ b/tools/editors/emacs/rst.el
+@@ -3273,13 +3273,80 @@
+ "rst2pseudoxml"
+ standard-output)))
+
++(defvar rst-temp-dir nil)
++(make-variable-buffer-local 'rst-temp-dir)
++
++;; make-temp-file is not available in XEmacs 21
++(if (fboundp 'make-temp-file)
++ (defun rst-make-temp-dir (prefix) (make-temp-file prefix t))
++ (defun rst-make-temp-dir (prefix)
++ (let ((umask (default-file-modes)) file)
++ (unwind-protect
++ (progn
++ (set-default-file-modes 448) ; o700
++ (while
++ (condition-case ()
++ (progn
++ (setq file
++ (make-temp-name
++ (if (zerop (length prefix))
++ (file-name-as-directory (temp-directory))
++ (expand-file-name prefix (temp-directory))
++ )
++ )
++ )
++ (make-directory file)
++ nil
++ )
++ (file-already-exists t)
++ )
++ nil
++ )
++ file
++ )
++ (set-default-file-modes umask)
++ )
++ )
++ )
++)
++
++(defun rst-get-temp-dir ()
++ (or rst-temp-dir
++ (setq rst-temp-dir
++ (file-name-as-directory (rst-make-temp-dir "rst-"))
++ )
++ )
++)
++
++;; dired-delete-file is not available in XEmacs 21
++(defun rst-delete-file (file)
++ (if (not (eq t (car (file-attributes file))))
++ (delete-file file)
++ (when
++ (setq files (directory-files file t "^\\([^.]\\|\\.\\([^.]\\|\\..\\)\\).*"))
++ (while files
++ (rst-delete-file (car files))
++ (setq files (cdr files))
++ )
++ )
++ (delete-directory file)
++ )
++)
++
++(defun rst-remove-temp-dir ()
++ (if rst-temp-dir (rst-delete-file rst-temp-dir))
++)
++
++(add-hook 'kill-buffer-hook 'rst-remove-temp-dir)
++(add-hook 'kill-emacs-hook 'rst-remove-temp-dir)
++
+ (defvar rst-pdf-program "xpdf"
+ "Program used to preview PDF files.")
+
+ (defun rst-compile-pdf-preview ()
+ "Convert the document to a PDF file and launch a preview program."
+ (interactive)
+- (let* ((tmp-filename "/tmp/out.pdf")
++ (let* ((tmp-filename (concat (rst-get-temp-dir) "out.pdf"))
+ (command (format "rst2pdf.py %s %s && %s %s"
+ buffer-file-name tmp-filename
+ rst-pdf-program tmp-filename)))
+@@ -3294,7 +3361,7 @@
+ (defun rst-compile-slides-preview ()
+ "Convert the document to an S5 slide presentation and launch a preview program."
+ (interactive)
+- (let* ((tmp-filename "/tmp/slides.html")
++ (let* ((tmp-filename (concat (rst-get-temp-dir) "slides.html"))
+ (command (format "rst2s5 %s %s && %s %s"
+ buffer-file-name tmp-filename
+ rst-slides-program tmp-filename)))
Index: debian/patches/00list
===================================================================
--- debian/patches/00list (revision 10766)
+++ debian/patches/00list (revision 10855)
@@ -5,3 +5,4 @@
15_emacs_debian_paths.dpatch
16_disable_picins.dpatch
17_speed_up_rst_el.dpatch
+18_emacs_temporary_files.dpatch
Reply to: