Control: tags -1 + security On October 25, 2010 at 11:22AM +0300, jari.aalto (at cante.net) wrote: > Code (line 89) in debian/preinst should use tempfile(1) to create > temporary files.
To fix this bug, I'll NMU soon with the attached patch. Note that this old bug was caused when upgrading from <3.1.0-2 which is no longer supported. Anyway, this potentially security issue should be fixed. Thanks, -- Tatsuya Kinoshita
diff --git a/debian/changelog b/debian/changelog index 0cca6b8..1b365af 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +riece (8.0.0-1.3) unstable; urgency=medium + + * Non-maintainer upload. + * Drop handling of emacsen-startup.1.0.8-2 (closes: #601325) + + -- Tatsuya Kinoshita <t...@debian.org> Sun, 26 Oct 2014 08:48:07 +0900 + riece (8.0.0-1.2) unstable; urgency=medium * Non-maintainer upload. diff --git a/debian/preinst b/debian/preinst index 08560ca..2d1208d 100644 --- a/debian/preinst +++ b/debian/preinst @@ -14,66 +14,6 @@ set -e # for details, see http://www.debian.org/doc/debian-policy/ or # the debian-policy package -createOriginalFile() { - cat > $1 << "EOF" -;; -*-emacs-lisp-*- -;; -;; Emacs startup file for the Debian GNU/Linux riece package -;; -;; Originally contributed by Nils Naumann <naum...@unileoben.ac.at> -;; Modified by Dirk Eddelbuettel <e...@debian.org> -;; Adapted for dh-make by Jim Van Zandt <j...@vanzandt.mv.com> - -;; The riece package follows the Debian/GNU Linux 'emacsen' policy and -;; byte-compiles its elisp files for each 'emacs flavor' (emacs19, -;; xemacs19, emacs20, xemacs20...). The compiled code is then -;; installed in a subdirectory of the respective site-lisp directory. -;; We have to add this to the load-path: - -(if (not (file-exists-p "/usr/share/emacs/site-lisp/riece")) - (message "Package riece removed but not purged. Skipping setup.") - (debian-pkg-add-load-path-item - (concat "/usr/share/" (symbol-name flavor) "/site-lisp/riece")) - - (autoload 'riece "riece" nil t) - ;; Don't touch manually the following line which is modified by debconf. - ;; If you want to customize add-ons, use `dpkg-reconfigure'. - (setq riece-addons '()) - (when (and (memq 'riece-history riece-addons) - (memq 'riece-guess riece-addons)) - (setq riece-guess-channel-try-functions - '(riece-guess-channel-from-history))) - ) -EOF -} - -createStartupFile() { - cat > $1 << "EOF" -;; -*-emacs-lisp-*- -;; -;; Emacs startup file for the Debian riece package -;; -;; Originally contributed by Nils Naumann <naum...@unileoben.ac.at> -;; Modified by Dirk Eddelbuettel <e...@debian.org> -;; Adapted for dh-make by Jim Van Zandt <j...@vanzandt.mv.com> - -;; The riece package follows the Debian/GNU Linux 'emacsen' policy and -;; byte-compiles its elisp files for each 'emacs flavor' (emacs19, -;; xemacs19, emacs20, xemacs20...). The compiled code is then -;; installed in a subdirectory of the respective site-lisp directory. -;; We have to add this to the load-path: - -(if (not (file-exists-p "/usr/share/emacs/site-lisp/riece")) - (message "Package riece removed but not purged. Skipping setup.") - (debian-pkg-add-load-path-item - (concat "/usr/share/" (symbol-name debian-emacs-flavor) - "/site-lisp/riece")) - - (autoload 'riece "riece" nil t) - (setq riece-data-directory "/usr/share/emacs/site-lisp/riece")) -EOF -} - case "$1" in install|upgrade) if [ -e /usr/share/debconf/confmodule ]; then @@ -83,26 +23,6 @@ case "$1" in # Remove garbage. rm -rf /var/cache/riece rm -rf /usr/share/emacs-snapshot/site-lisp/riece-ndcc - - # for useless dpkg conffiles - STARTUPFILE=/etc/emacs/site-start.d/50riece.el - ORIGINALFILE=/tmp/emacsen-startup.1.0.8-2 - - if [ -f "$STARTUPFILE" ]; then - if grep "Don't touch manually" "$STARTUPFILE" > /dev/null 2>&1; then - createOriginalFile "$ORIGINALFILE" - sed "s/(setq riece-addons '(.*))/(setq riece-addons '())/" \ - "$STARTUPFILE" > "$STARTUPFILE".tmp - if diff -q "$STARTUPFILE".tmp "$ORIGINALFILE" > /dev/null 2>&1; then - # installed file and original are identical - rm "$STARTUPFILE" - createStartupFile "$STARTUPFILE" - fi - rm -f "$STARTUPFILE".tmp - rm -f "$ORIGINALFILE" - fi - fi - ;; abort-upgrade)
pgpfg2H_1rA9o.pgp
Description: PGP signature
