Package: release.debian.org Severity: normal Tags: jessie User: release.debian....@packages.debian.org Usertags: pu
Hi, I propose an update of Gummi in Jessie. It's a fix of #812577 [1]. The same patch/changes are also included in gummi/0.6.3-1.2+deb7u2, please see the wheezy-pu for the background [2]: <no-predictable-tmpfiles.patch> Description: Use XDG cache dir for tmp files rather than TMPDIR. Fix for CVE-2015-7758 (#756432). Origin: https://github.com/alexandervdm/gummi/commit/4ad6486 Bug: https://bugs.debian.org/756432 Last-Update: 2016-01-28 --- a/src/constants.h +++ b/src/constants.h @@ -59,7 +59,7 @@ #define C_CMDSEP "&&" #define C_TEXSEC "" #else - #define C_TMPDIR g_get_tmp_dir() + #define C_TMPDIR g_build_path(G_DIR_SEPARATOR_S, g_get_user_cache_dir(), "gummi", NULL) #define C_CMDSEP ";" #define C_TEXSEC "env openout_any=a" #endif --- a/src/editor.c +++ b/src/editor.c @@ -187,6 +187,12 @@ static void on_delete_range(GtkTextBuffer *textbuffer,GtkTextIter *start, */ void editor_fileinfo_update (GuEditor* ec, const gchar* filename) { + // directory should exist, but if not create ~/.cache/gummi: + if (!g_file_test (C_TMPDIR, G_FILE_TEST_IS_DIR)) { + slog (L_WARNING, ".cache directory does not exist, creating..\n"); + g_mkdir_with_parents (C_TMPDIR, DIR_PERMS); + } + if (ec->workfd != -1) editor_fileinfo_cleanup (ec); </no-predictable-tmpfiles.patch> I've build the package with Sbuild against stable [3]. Please see the attached debdiff for the whole set of changes. Thank you very much, DS [1] https://bugs.debian.org/812577 (gummi: relative import paths couldn't be used) [2] https://bugs.debian.org/812881 (wheezy-pu: package gummi/0.6.3-1.2+deb7u2) [3] http://www.danielstender.com/buildlogs/gummi_0.6.5-3+deb8u2_amd64-20160128-1232.build -- System Information: Debian Release: stretch/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.3.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
diff -Nru gummi-0.6.3/debian/changelog gummi-0.6.3/debian/changelog --- gummi-0.6.3/debian/changelog 2015-11-30 14:07:51.000000000 +0100 +++ gummi-0.6.3/debian/changelog 2016-01-27 15:01:56.000000000 +0100 @@ -1,3 +1,9 @@ +gummi (0.6.3-1.2+deb7u2) oldstable; urgency=medium + + * no-predictable-tmpfiles.patch: use upstream fix (Closes: #812577). + + -- Daniel Stender <deb...@danielstender.com> Wed, 27 Jan 2016 15:00:39 +0100 + gummi (0.6.3-1.2+deb7u1) oldstable; urgency=medium * Added no-predictable-tmpfiles.patch, fix of CVE 2015-7758 (Closes: #756432). diff -Nru gummi-0.6.3/debian/patches/no-predictable-tmpfiles.patch gummi-0.6.3/debian/patches/no-predictable-tmpfiles.patch --- gummi-0.6.3/debian/patches/no-predictable-tmpfiles.patch 2015-11-30 14:06:23.000000000 +0100 +++ gummi-0.6.3/debian/patches/no-predictable-tmpfiles.patch 2016-01-27 14:59:39.000000000 +0100 @@ -1,39 +1,33 @@ -Description: don't generate predictable tmpfile names if filename is given - Quick fix for CVE-2015-7758 (#756432). -Author: Daniel Stender <deb...@danielstender.com> +Description: Use XDG cache dir for tmp files rather than TMPDIR. + Fix of CVE-2015-7758 (#756432). +Origin: https://github.com/alexandervdm/gummi/commit/4ad6486 Bug: https://bugs.debian.org/756432 -Forwarded: https://github.com/alexandervdm/gummi/issues/20 -Last-Update: 2015-11-29 +Last-Update: 2016-01-27 + +--- a/src/constants.h ++++ b/src/constants.h +@@ -59,7 +59,7 @@ + #define C_CMDSEP "&&" + #define C_TEXSEC "" + #else +- #define C_TMPDIR g_get_tmp_dir() ++ #define C_TMPDIR g_build_path(G_DIR_SEPARATOR_S, g_get_user_cache_dir(), "gummi", NULL) + #define C_CMDSEP ";" + #define C_TEXSEC "env openout_any=a" + #endif --- a/src/editor.c +++ b/src/editor.c -@@ -204,10 +204,9 @@ - gchar* base = g_path_get_basename (filename); - gchar* dir = g_path_get_dirname (filename); - ec->filename = g_strdup (filename); -- ec->basename = g_strdup_printf ("%s%c.%s", dir, G_DIR_SEPARATOR, base); -- ec->workfile = g_strdup_printf ("%s.swp", ec->basename); -- ec->pdffile = g_strdup_printf ("%s%c.%s.pdf", C_TMPDIR, -- G_DIR_SEPARATOR, base); -+ ec->basename = g_strdup (ec->fdname); -+ ec->workfile = g_strdup (ec->fdname); -+ ec->pdffile = g_strdup_printf ("%s.pdf", ec->fdname); - g_free (base); - g_free (dir); - } else { -@@ -237,12 +236,9 @@ - if (ec->filename) { - gchar* dirname = g_path_get_dirname (ec->filename); - gchar* basename = g_path_get_basename (ec->filename); -- auxfile = g_strdup_printf ("%s%c.%s.aux", C_TMPDIR, -- G_DIR_SEPARATOR, basename); -- logfile = g_strdup_printf ("%s%c.%s.log", C_TMPDIR, -- G_DIR_SEPARATOR, basename); -- syncfile = g_strdup_printf ("%s%c.%s.synctex.gz", C_TMPDIR, -- G_DIR_SEPARATOR, basename); -+ auxfile = g_strdup_printf ("%s.aux", ec->fdname); -+ logfile = g_strdup_printf ("%s.log", ec->fdname); -+ syncfile = g_strdup_printf ("%s.synctex.gz", ec->fdname); - g_free (basename); - g_free (dirname); - } else { +@@ -180,6 +180,12 @@ + */ + void editor_fileinfo_update (GuEditor* ec, const gchar* filename) { + ++ // directory should exist, but if not create ~/.cache/gummi: ++ if (!g_file_test (C_TMPDIR, G_FILE_TEST_IS_DIR)) { ++ slog (L_WARNING, ".cache directory does not exist, creating..\n"); ++ g_mkdir_with_parents (C_TMPDIR, DIR_PERMS); ++ } ++ + if (ec->workfd != -1) + editor_fileinfo_cleanup (ec); +