On 01.01.2016 18:50, Adam D. Barratt wrote:
> Control: tags -1 + moreinfo
>
> On Sun, 2015-11-29 at 18:24 +0100, Daniel Stender wrote:
>> I propose an update of Gummi in Jessie.
>>
>> The applied patch is a fix of security problem CVE 2015-7758 [1].
>
> +- ec->basename = g_strdup_printf ("%s%c.%s", dir, G_DIR_SEPARATOR,
> base);
> +- ec->workfile = g_strdup_printf ("%s.swp", ec->basename);
> +- ec->pdffile = g_strdup_printf ("%s%c.%s.pdf", C_TMPDIR,
> +- G_DIR_SEPARATOR, base);
> ++ ec->basename = g_strdup (ec->fdname);
> ++ ec->workfile = g_strdup (ec->fdname);
> ++ ec->pdffile = g_strdup_printf ("%s.pdf", ec->fdname);
>
> Apologies if I'm missing something, particularly what "workfile" refers
> to in this case, but does this run the risk of overwriting the original
> file?
>
> Regards,
>
> Adam
"workfile" is misleading. With the patch $ gummi /tmp/test.tex
results in tempfiles:
/tmp/gummi_ZIYFAY
/tmp/gummi_ZIYFAY.aux
/tmp/gummi_ZIYFAY.log
/tmp/gummi_ZIYFAY.pdf
/tmp/gummi_ZIYFAY.synctex.gz
ec->workfile being "gummi_ZIYFAY" (like when no filename is given. I've
suggested
upstream to rewrite that, though).
DS
--
4096R/DF5182C8
46CB 1CA8 9EA3 B743 7676 1DB9 15E0 9AF4 DF51 82C8
LPI certified Linux admin (LPI000329859 64mz6f7kt4)
http://www.danielstender.com/blog/
