Re: Bug#605159: gnumed-client: Use of PYTHONPATH env var in an insecure way
Hi,
thanks to the support of upstream there is a new release which fixes the
issue. However, the issue does not even really exist in *effective*
upstream code - it is just contained in a *comment* which is simlpy
activated in a patch in the Debian packaging. So I wonder what might
be the best strategy to handle this.
1. Use upstream bugfix version which provides the proper PYTHONPATH
setting in the comment which will be activated later plus a
7 line patch in some unrelated code which is unlikely to break
something else.
2. Simply patch 0.7.9 to fix only the reported issue but leave a
nasty bug in upstream.
All other changes in the code are autogenerated documentation changes
and thus excluded via "--exclude=*user-manual* --exclude=*api*" from the
diff (also --exclude=Gnumed was used to hide duplication of diffs
because directory Gnumed is a symlinc to client).
My prefered solution is to upload 0.7.10 to testing-proposed-updates
(because there is just a version 0.8.4 in unstable).
Kind regards
Andreas.
--
http://fam-tille.de
diff -burN '--exclude=*user-manual*' '--exclude=*api*' '--exclude=Gnumed' gnumed-client.0.7.9/client/CHANGELOG gnumed-client.0.7.10/client/CHANGELOG
--- gnumed-client.0.7.9/client/CHANGELOG 2010-09-09 12:29:36.000000000 +0200
+++ gnumed-client.0.7.10/client/CHANGELOG 2010-11-29 13:59:42.000000000 +0100
@@ -30,6 +30,11 @@
# rel-0-7-patches
------------------------------------------------
+ 0.7.10
+
+FIX: exception on trying to create hospital stay w/o episode [thanks devm]
+FIX: properly set PYTHONPATH [thanks JB and Debian Squeeze (#605159)]
+
0.7.9
FIX: when creating allergy from substance intake entry second try would overwrite first try if same drug brand
diff -burN '--exclude=*user-manual*' '--exclude=*api*' '--exclude=Gnumed' gnumed-client.0.7.9/client/gnumed gnumed-client.0.7.10/client/gnumed
--- gnumed-client.0.7.9/client/gnumed 2010-09-09 12:29:36.000000000 +0200
+++ gnumed-client.0.7.10/client/gnumed 2010-11-29 13:59:42.000000000 +0100
@@ -38,7 +38,7 @@
# packages which install the GNUmed python modules into a path not
# already accessible for imports via sys.path (say, /usr/share/gnumed/)
# may need to adjust PYTHONPATH appropriately here
-#export PYTHONPATH="${PYTHONPATH}:/usr/share/gnumed/"
+#export PYTHONPATH="${PYTHONPATH:+$PYTHONPATH:}/usr/share/gnumed/"
# now run the client
diff -burN '--exclude=*user-manual*' '--exclude=*api*' '--exclude=Gnumed' gnumed-client.0.7.9/client/gnumed.py gnumed-client.0.7.10/client/gnumed.py
--- gnumed-client.0.7.9/client/gnumed.py 2010-09-09 12:29:36.000000000 +0200
+++ gnumed-client.0.7.10/client/gnumed.py 2010-11-29 13:59:42.000000000 +0100
@@ -79,7 +79,7 @@
sys.exit(1)
#----------------------------------------------------------
-current_client_version = u'0.7.9'
+current_client_version = u'0.7.10'
current_client_branch = u'0.7'
_log = None
diff -burN '--exclude=*user-manual*' '--exclude=*api*' '--exclude=Gnumed' gnumed-client.0.7.9/client/wxpython/gmEMRStructWidgets.py gnumed-client.0.7.10/client/wxpython/gmEMRStructWidgets.py
--- gnumed-client.0.7.9/client/wxpython/gmEMRStructWidgets.py 2010-09-09 12:29:37.000000000 +0200
+++ gnumed-client.0.7.10/client/wxpython/gmEMRStructWidgets.py 2010-11-29 13:59:43.000000000 +0100
@@ -429,6 +429,14 @@
)
return False
+ if self._PRW_episode.GetValue().strip() == u'':
+ self._PRW_episode.display_as_valid(False)
+ wxps.Publisher().sendMessage (
+ topic = 'statustext',
+ data = {'msg': _('Must select an episode or enter a name for a new one. Cannot save hospital stay.'), 'beep': True}
+ )
+ return False
+
return True
#----------------------------------------------------------------
def _save_as_new(self):
Reply to: