Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: pu
I have prepared fix for a security bug in python-docutils (#560755). debdiff attached.
Please let me known if it's okay to upload it to s-p-u. -- Jakub Wilk
Index: debian/changelog =================================================================== --- debian/changelog (revision 10766) +++ debian/changelog (revision 10855) @@ -1,3 +1,11 @@ +python-docutils (0.5-2+lenny1) stable; urgency=high + + * Fix insecure use of temporary files in the Emacs major mode for + reStructuredText (closes: #560755). Thanks to Kumar Appaiah for helping to + deal with this bug. + + -- Jakub Wilk <uba...@users.sf.net> Wed, 16 Dec 2009 14:14:14 +0100 + python-docutils (0.5-2) unstable; urgency=low * Upload docutils 0.5 to unstable Index: debian/patches/18_emacs_temporary_files.dpatch =================================================================== --- debian/patches/18_emacs_temporary_files.dpatch (revision 0) +++ debian/patches/18_emacs_temporary_files.dpatch (revision 10855) @@ -0,0 +1,109 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 18_emacs_temporary_files.dpatch by Jakub Wilk <uba...@users.sf.net> +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Fix insecure use of temporary files + +...@dpatch@ + +Description: Fix insecure use of temporary files + in the Emacs major mode for reStructuredText (rst.el). +Author: Jakub Wilk <uba...@users.sf.net> +Bug: http://sourceforge.net/tracker/?func=detail&aid=2912890&group_id=38414&atid=422030 +Bug-Debian: http://bugs.debian.org/560755 +Last-Update: 2009-12-15 + +diff --git a/tools/editors/emacs/rst.el b/tools/editors/emacs/rst.el +--- a/tools/editors/emacs/rst.el ++++ b/tools/editors/emacs/rst.el +@@ -3273,13 +3273,80 @@ + "rst2pseudoxml" + standard-output))) + ++(defvar rst-temp-dir nil) ++(make-variable-buffer-local 'rst-temp-dir) ++ ++;; make-temp-file is not available in XEmacs 21 ++(if (fboundp 'make-temp-file) ++ (defun rst-make-temp-dir (prefix) (make-temp-file prefix t)) ++ (defun rst-make-temp-dir (prefix) ++ (let ((umask (default-file-modes)) file) ++ (unwind-protect ++ (progn ++ (set-default-file-modes 448) ; o700 ++ (while ++ (condition-case () ++ (progn ++ (setq file ++ (make-temp-name ++ (if (zerop (length prefix)) ++ (file-name-as-directory (temp-directory)) ++ (expand-file-name prefix (temp-directory)) ++ ) ++ ) ++ ) ++ (make-directory file) ++ nil ++ ) ++ (file-already-exists t) ++ ) ++ nil ++ ) ++ file ++ ) ++ (set-default-file-modes umask) ++ ) ++ ) ++ ) ++) ++ ++(defun rst-get-temp-dir () ++ (or rst-temp-dir ++ (setq rst-temp-dir ++ (file-name-as-directory (rst-make-temp-dir "rst-")) ++ ) ++ ) ++) ++ ++;; dired-delete-file is not available in XEmacs 21 ++(defun rst-delete-file (file) ++ (if (not (eq t (car (file-attributes file)))) ++ (delete-file file) ++ (when ++ (setq files (directory-files file t "^\\([^.]\\|\\.\\([^.]\\|\\..\\)\\).*")) ++ (while files ++ (rst-delete-file (car files)) ++ (setq files (cdr files)) ++ ) ++ ) ++ (delete-directory file) ++ ) ++) ++ ++(defun rst-remove-temp-dir () ++ (if rst-temp-dir (rst-delete-file rst-temp-dir)) ++) ++ ++(add-hook 'kill-buffer-hook 'rst-remove-temp-dir) ++(add-hook 'kill-emacs-hook 'rst-remove-temp-dir) ++ + (defvar rst-pdf-program "xpdf" + "Program used to preview PDF files.") + + (defun rst-compile-pdf-preview () + "Convert the document to a PDF file and launch a preview program." + (interactive) +- (let* ((tmp-filename "/tmp/out.pdf") ++ (let* ((tmp-filename (concat (rst-get-temp-dir) "out.pdf")) + (command (format "rst2pdf.py %s %s && %s %s" + buffer-file-name tmp-filename + rst-pdf-program tmp-filename))) +@@ -3294,7 +3361,7 @@ + (defun rst-compile-slides-preview () + "Convert the document to an S5 slide presentation and launch a preview program." + (interactive) +- (let* ((tmp-filename "/tmp/slides.html") ++ (let* ((tmp-filename (concat (rst-get-temp-dir) "slides.html")) + (command (format "rst2s5 %s %s && %s %s" + buffer-file-name tmp-filename + rst-slides-program tmp-filename))) Index: debian/patches/00list =================================================================== --- debian/patches/00list (revision 10766) +++ debian/patches/00list (revision 10855) @@ -5,3 +5,4 @@ 15_emacs_debian_paths.dpatch 16_disable_picins.dpatch 17_speed_up_rst_el.dpatch +18_emacs_temporary_files.dpatch