Hello community, here is the log from the commit of package gummi for openSUSE:Factory checked in at 2016-02-18 11:07:12 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gummi (Old) and /work/SRC/openSUSE:Factory/.gummi.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gummi" Changes: -------- --- /work/SRC/openSUSE:Factory/gummi/gummi.changes 2015-12-24 12:16:43.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.gummi.new/gummi.changes 2016-02-18 12:36:35.000000000 +0100 @@ -1,0 +2,7 @@ +Sun Feb 7 01:43:24 UTC 2016 - [email protected] + +- Update gummi-predictable-tmpfiles.patch with final patch + committed by upstream (CVE-2015-7758, gh#alexandervdm/gummi#20, + boo#949682). + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gummi.spec ++++++ --- /var/tmp/diff_new_pack.QTvSP3/_old 2016-02-18 12:36:36.000000000 +0100 +++ /var/tmp/diff_new_pack.QTvSP3/_new 2016-02-18 12:36:36.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package gummi # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed ++++++ gummi-predictable-tmpfiles.patch ++++++ --- /var/tmp/diff_new_pack.QTvSP3/_old 2016-02-18 12:36:36.000000000 +0100 +++ /var/tmp/diff_new_pack.QTvSP3/_new 2016-02-18 12:36:36.000000000 +0100 @@ -1,34 +1,60 @@ +From 4ad6486dd282b32dfe06f30d9ee3cd2208a1386c Mon Sep 17 00:00:00 2001 +From: Alexander van der Meij <[email protected]> +Date: Wed, 27 Jan 2016 12:57:03 +0100 +Subject: [PATCH] use XDG cache dir for tmp files rather than TMPDIR + +--- + src/constants.h | 2 +- + src/editor.c | 16 +++++++++++----- + 2 files changed, 12 insertions(+), 6 deletions(-) + +Index: gummi-gtk3-0.7.4.3/src/constants.h +=================================================================== +--- gummi-gtk3-0.7.4.3.orig/src/constants.h ++++ gummi-gtk3-0.7.4.3/src/constants.h +@@ -54,7 +54,7 @@ + + /* Platform dependant constants : */ + +-#define C_TMPDIR utils_get_tmp_tmp_dir() ++#define C_TMPDIR g_build_path(G_DIR_SEPARATOR_S, g_get_user_cache_dir(), "gummi", NULL) + + #ifdef WIN32 + #define C_CMDSEP "&&" Index: gummi-gtk3-0.7.4.3/src/editor.c =================================================================== --- gummi-gtk3-0.7.4.3.orig/src/editor.c +++ gummi-gtk3-0.7.4.3/src/editor.c -@@ -224,10 +224,9 @@ void editor_fileinfo_update(GuEditor* ec - gchar* base = g_path_get_basename(fname); - gchar* dir = g_path_get_dirname(fname); - ec->filename = g_strdup(fname); -- ec->basename = g_strdup_printf("%s%c.%s", dir, G_DIR_SEPARATOR, base); -- ec->workfile = g_strdup_printf("%s.swp", ec->basename); -- ec->pdffile = g_strdup_printf("%s%c.%s.pdf", C_TMPDIR, -- G_DIR_SEPARATOR, base); -+ ec->basename = g_strdup (ec->fdname); -+ ec->workfile = g_strdup (ec->fdname); -+ ec->pdffile = g_strdup_printf ("%s.pdf", ec->fdname); - g_free(fname); - g_free(base); - g_free(dir); -@@ -260,12 +259,9 @@ void editor_fileinfo_cleanup(GuEditor* e - if (ec->filename) { - gchar* dirname = g_path_get_dirname(ec->filename); - gchar* basename = g_path_get_basename(ec->filename); -- auxfile = g_strdup_printf("%s%c.%s.aux", C_TMPDIR, -- G_DIR_SEPARATOR, basename); -- logfile = g_strdup_printf("%s%c.%s.log", C_TMPDIR, -- G_DIR_SEPARATOR, basename); -- syncfile = g_strdup_printf("%s%c.%s.synctex.gz", C_TMPDIR, -- G_DIR_SEPARATOR, basename); -+ auxfile = g_strdup_printf ("%s.aux", ec->fdname); -+ logfile = g_strdup_printf ("%s.log", ec->fdname); -+ syncfile = g_strdup_printf ("%s.synctex.gz", ec->fdname); - g_free(basename); - g_free(dirname); - } else { +@@ -184,21 +184,27 @@ static void on_delete_range(GtkTextBuffe + * Since pdflatex refuses to compile TeX files with '.' prefixed, we have to + * set the environment variable 'openout_any=a'. + * +- * For a newly created document, all files including the TeX file is stored +- * under the temp directory. For files that are already saved, only the +- * workfile is saved under DIRNAME (FILENAME). Other compilation-related files +- * are located in the temp directory. ++ * For a newly created document, all files including the TeX file are stored ++ * under the ~/.cache folder (freedesktop XDG standard). For files that are ++ * already saved, only the workfile is saved under DIRNAME (FILENAME). ++ * Other compilation-related files are located in the temp directory. + * + * P.S. pdflatex will automatically strip the suffix, so for a file named + * FILE.tex under /absolute/path/: + * + * filename = /absolute/path/FILE.tex + * workfile = /absolute/path/.FILE.tex.swp +- * pdffile = /tmp/.FILE.tex.pdf ++ * pdffile = ~/cache/gummi/.FILE.tex.pdf + */ + void editor_fileinfo_update(GuEditor* ec, const gchar* filename) + { + ++ // directory should exist, but if not create ~/.cache/gummi: ++ if (!g_file_test (C_TMPDIR, G_FILE_TEST_IS_DIR)) { ++ slog (L_WARNING, ".cache directory does not exist, creating..\n"); ++ g_mkdir_with_parents (C_TMPDIR, DIR_PERMS); ++ } ++ + if (ec->workfd != -1) + editor_fileinfo_cleanup(ec); +
