Bug#812990: jessie-pu: package gummi/0.6.5-3+deb8u1
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org@packages.debian.org
Usertags: pu
Hi,
I propose an update of Gummi in Jessie.
It's a fix of #812577 [1]. The same patch/changes are also included in
gummi/0.6.3-1.2+deb7u2, please see the wheezy-pu for the background [2]:
<no-predictable-tmpfiles.patch>
Description: Use XDG cache dir for tmp files rather than TMPDIR.
Fix for CVE-2015-7758 (#756432).
Origin: https://github.com/alexandervdm/gummi/commit/4ad6486
Bug: https://bugs.debian.org/756432
Last-Update: 2016-01-28
--- a/src/constants.h
+++ b/src/constants.h
@@ -59,7 +59,7 @@
#define C_CMDSEP "&&"
#define C_TEXSEC ""
#else
- #define C_TMPDIR g_get_tmp_dir()
+ #define C_TMPDIR g_build_path(G_DIR_SEPARATOR_S, g_get_user_cache_dir(), "gummi", NULL)
#define C_CMDSEP ";"
#define C_TEXSEC "env openout_any=a"
#endif
--- a/src/editor.c
+++ b/src/editor.c
@@ -187,6 +187,12 @@ static void on_delete_range(GtkTextBuffer *textbuffer,GtkTextIter *start,
*/
void editor_fileinfo_update (GuEditor* ec, const gchar* filename) {
+ // directory should exist, but if not create ~/.cache/gummi:
+ if (!g_file_test (C_TMPDIR, G_FILE_TEST_IS_DIR)) {
+ slog (L_WARNING, ".cache directory does not exist, creating..\n");
+ g_mkdir_with_parents (C_TMPDIR, DIR_PERMS);
+ }
+
if (ec->workfd != -1)
editor_fileinfo_cleanup (ec);
</no-predictable-tmpfiles.patch>
I've build the package with Sbuild against stable [3]. Please see the
attached debdiff for the whole set of changes.
Thank you very much,
DS
[1] https://bugs.debian.org/812577 (gummi: relative import paths couldn't be used)
[2] https://bugs.debian.org/812881 (wheezy-pu: package gummi/0.6.3-1.2+deb7u2)
[3] http://www.danielstender.com/buildlogs/gummi_0.6.5-3+deb8u2_amd64-20160128-1232.build
-- System Information:
Debian Release: stretch/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 4.3.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru gummi-0.6.3/debian/changelog gummi-0.6.3/debian/changelog
--- gummi-0.6.3/debian/changelog 2015-11-30 14:07:51.000000000 +0100
+++ gummi-0.6.3/debian/changelog 2016-01-27 15:01:56.000000000 +0100
@@ -1,3 +1,9 @@
+gummi (0.6.3-1.2+deb7u2) oldstable; urgency=medium
+
+ * no-predictable-tmpfiles.patch: use upstream fix (Closes: #812577).
+
+ -- Daniel Stender <debian@danielstender.com> Wed, 27 Jan 2016 15:00:39 +0100
+
gummi (0.6.3-1.2+deb7u1) oldstable; urgency=medium
* Added no-predictable-tmpfiles.patch, fix of CVE 2015-7758 (Closes: #756432).
diff -Nru gummi-0.6.3/debian/patches/no-predictable-tmpfiles.patch gummi-0.6.3/debian/patches/no-predictable-tmpfiles.patch
--- gummi-0.6.3/debian/patches/no-predictable-tmpfiles.patch 2015-11-30 14:06:23.000000000 +0100
+++ gummi-0.6.3/debian/patches/no-predictable-tmpfiles.patch 2016-01-27 14:59:39.000000000 +0100
@@ -1,39 +1,33 @@
-Description: don't generate predictable tmpfile names if filename is given
- Quick fix for CVE-2015-7758 (#756432).
-Author: Daniel Stender <debian@danielstender.com>
+Description: Use XDG cache dir for tmp files rather than TMPDIR.
+ Fix of CVE-2015-7758 (#756432).
+Origin: https://github.com/alexandervdm/gummi/commit/4ad6486
Bug: https://bugs.debian.org/756432
-Forwarded: https://github.com/alexandervdm/gummi/issues/20
-Last-Update: 2015-11-29
+Last-Update: 2016-01-27
+
+--- a/src/constants.h
++++ b/src/constants.h
+@@ -59,7 +59,7 @@
+ #define C_CMDSEP "&&"
+ #define C_TEXSEC ""
+ #else
+- #define C_TMPDIR g_get_tmp_dir()
++ #define C_TMPDIR g_build_path(G_DIR_SEPARATOR_S, g_get_user_cache_dir(), "gummi", NULL)
+ #define C_CMDSEP ";"
+ #define C_TEXSEC "env openout_any=a"
+ #endif
--- a/src/editor.c
+++ b/src/editor.c
-@@ -204,10 +204,9 @@
- gchar* base = g_path_get_basename (filename);
- gchar* dir = g_path_get_dirname (filename);
- ec->filename = g_strdup (filename);
-- ec->basename = g_strdup_printf ("%s%c.%s", dir, G_DIR_SEPARATOR, base);
-- ec->workfile = g_strdup_printf ("%s.swp", ec->basename);
-- ec->pdffile = g_strdup_printf ("%s%c.%s.pdf", C_TMPDIR,
-- G_DIR_SEPARATOR, base);
-+ ec->basename = g_strdup (ec->fdname);
-+ ec->workfile = g_strdup (ec->fdname);
-+ ec->pdffile = g_strdup_printf ("%s.pdf", ec->fdname);
- g_free (base);
- g_free (dir);
- } else {
-@@ -237,12 +236,9 @@
- if (ec->filename) {
- gchar* dirname = g_path_get_dirname (ec->filename);
- gchar* basename = g_path_get_basename (ec->filename);
-- auxfile = g_strdup_printf ("%s%c.%s.aux", C_TMPDIR,
-- G_DIR_SEPARATOR, basename);
-- logfile = g_strdup_printf ("%s%c.%s.log", C_TMPDIR,
-- G_DIR_SEPARATOR, basename);
-- syncfile = g_strdup_printf ("%s%c.%s.synctex.gz", C_TMPDIR,
-- G_DIR_SEPARATOR, basename);
-+ auxfile = g_strdup_printf ("%s.aux", ec->fdname);
-+ logfile = g_strdup_printf ("%s.log", ec->fdname);
-+ syncfile = g_strdup_printf ("%s.synctex.gz", ec->fdname);
- g_free (basename);
- g_free (dirname);
- } else {
+@@ -180,6 +180,12 @@
+ */
+ void editor_fileinfo_update (GuEditor* ec, const gchar* filename) {
+
++ // directory should exist, but if not create ~/.cache/gummi:
++ if (!g_file_test (C_TMPDIR, G_FILE_TEST_IS_DIR)) {
++ slog (L_WARNING, ".cache directory does not exist, creating..\n");
++ g_mkdir_with_parents (C_TMPDIR, DIR_PERMS);
++ }
++
+ if (ec->workfd != -1)
+ editor_fileinfo_cleanup (ec);
+
Reply to: