...
 
Commits (5)
python-docutils (0.5-2+lenny1) stable; urgency=high
* Fix insecure use of temporary files in the Emacs major mode for
reStructuredText (closes: #560755). Thanks to Kumar Appaiah for helping to
deal with this bug.
-- Jakub Wilk <ubanus@users.sf.net> Wed, 16 Dec 2009 14:14:14 +0100
python-docutils (0.5-2) unstable; urgency=low
* Upload docutils 0.5 to unstable
......
......@@ -5,3 +5,4 @@
15_emacs_debian_paths.dpatch
16_disable_picins.dpatch
17_speed_up_rst_el.dpatch
18_emacs_temporary_files.dpatch
#! /bin/sh /usr/share/dpatch/dpatch-run
## 18_emacs_temporary_files.dpatch by Jakub Wilk <ubanus@users.sf.net>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: Fix insecure use of temporary files
@DPATCH@
Description: Fix insecure use of temporary files
in the Emacs major mode for reStructuredText (rst.el).
Author: Jakub Wilk <ubanus@users.sf.net>
Bug: http://sourceforge.net/tracker/?func=detail&aid=2912890&group_id=38414&atid=422030
Bug-Debian: http://bugs.debian.org/560755
Last-Update: 2009-12-15
diff --git a/tools/editors/emacs/rst.el b/tools/editors/emacs/rst.el
--- a/tools/editors/emacs/rst.el
+++ b/tools/editors/emacs/rst.el
@@ -3273,13 +3273,80 @@
"rst2pseudoxml"
standard-output)))
+(defvar rst-temp-dir nil)
+(make-variable-buffer-local 'rst-temp-dir)
+
+;; make-temp-file is not available in XEmacs 21
+(if (fboundp 'make-temp-file)
+ (defun rst-make-temp-dir (prefix) (make-temp-file prefix t))
+ (defun rst-make-temp-dir (prefix)
+ (let ((umask (default-file-modes)) file)
+ (unwind-protect
+ (progn
+ (set-default-file-modes 448) ; o700
+ (while
+ (condition-case ()
+ (progn
+ (setq file
+ (make-temp-name
+ (if (zerop (length prefix))
+ (file-name-as-directory (temp-directory))
+ (expand-file-name prefix (temp-directory))
+ )
+ )
+ )
+ (make-directory file)
+ nil
+ )
+ (file-already-exists t)
+ )
+ nil
+ )
+ file
+ )
+ (set-default-file-modes umask)
+ )
+ )
+ )
+)
+
+(defun rst-get-temp-dir ()
+ (or rst-temp-dir
+ (setq rst-temp-dir
+ (file-name-as-directory (rst-make-temp-dir "rst-"))
+ )
+ )
+)
+
+;; dired-delete-file is not available in XEmacs 21
+(defun rst-delete-file (file)
+ (if (not (eq t (car (file-attributes file))))
+ (delete-file file)
+ (when
+ (setq files (directory-files file t "^\\([^.]\\|\\.\\([^.]\\|\\..\\)\\).*"))
+ (while files
+ (rst-delete-file (car files))
+ (setq files (cdr files))
+ )
+ )
+ (delete-directory file)
+ )
+)
+
+(defun rst-remove-temp-dir ()
+ (if rst-temp-dir (rst-delete-file rst-temp-dir))
+)
+
+(add-hook 'kill-buffer-hook 'rst-remove-temp-dir)
+(add-hook 'kill-emacs-hook 'rst-remove-temp-dir)
+
(defvar rst-pdf-program "xpdf"
"Program used to preview PDF files.")
(defun rst-compile-pdf-preview ()
"Convert the document to a PDF file and launch a preview program."
(interactive)
- (let* ((tmp-filename "/tmp/out.pdf")
+ (let* ((tmp-filename (concat (rst-get-temp-dir) "out.pdf"))
(command (format "rst2pdf.py %s %s && %s %s"
buffer-file-name tmp-filename
rst-pdf-program tmp-filename)))
@@ -3294,7 +3361,7 @@
(defun rst-compile-slides-preview ()
"Convert the document to an S5 slide presentation and launch a preview program."
(interactive)
- (let* ((tmp-filename "/tmp/slides.html")
+ (let* ((tmp-filename (concat (rst-get-temp-dir) "slides.html"))
(command (format "rst2s5 %s %s && %s %s"
buffer-file-name tmp-filename
rst-slides-program tmp-filename)))