[Pkg-urxvt-maintainers] [SCM] Git repository for pkg-urxvt branch, master, updated. debian/9.22-3-2-gd663c46

Sat Jan 6 16:13:37 UTC 2018

Gitweb-URL: http://git.debian.org/?p=pkg-kde//srv/git.debian.org/git/pkg-urxvt/pkg-urxvt.git;a=commitdiff;h=032a541

The following commit has been merged in the master branch:
commit 032a5419a7c544c639cf43fa14c2dd76eea84cdb
Author: Ryan Kavanagh <rak at debian.org>
Date:   Sat Jan 6 10:52:19 2018 -0500

    Fix insecure temporary file handling in urxvt(7), 17_unsafe_man.diff (Closes: #654986)
---
 debian/patches/17_unsafe_man.diff | 35 +++++++++++++++++++++++++++++++++++
 debian/patches/series             |  1 +
 2 files changed, 36 insertions(+)

diff --git a/debian/patches/17_unsafe_man.diff b/debian/patches/17_unsafe_man.diff
new file mode 100644
index 0000000..c813281
--- /dev/null
+++ b/debian/patches/17_unsafe_man.diff
@@ -0,0 +1,35 @@
+Description: Fix insecure temporary file handling and terminfo documentation
+ Be careful in the use of temporary files in the documentation to prevent
+ symlink attacks. Also document how to install the rxvt-unicode-256color
+ terminfo entry used by this Debian package.
+Author: Ryan Kavanagh <rak at debian.org>
+Origin: Debian
+Bug-Debian: https://bugs.debian.org/654986
+Forwarded: no
+Last-Update: 2018-01-06
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+Index: rxvt-unicode/doc/rxvt.7.pod
+===================================================================
+--- rxvt-unicode.orig/doc/rxvt.7.pod	2018-01-06 10:38:13.924707542 -0500
++++ rxvt-unicode/doc/rxvt.7.pod	2018-01-06 10:49:28.881462580 -0500
+@@ -691,7 +691,7 @@
+ not I<typical>, but what's typical...
+ 
+    URxvt.cutchars: "()*,<>[]{}|'
+-   URxvt.print-pipe: cat >/tmp/xxx
++   URxvt.print-pipe: cat > $(TMPDIR=$HOME mktemp urxvt.XXXXXX)
+ 
+ These are just for testing stuff.
+ 
+@@ -866,7 +866,9 @@
+ user and root):
+ 
+    REMOTE=remotesystem.domain
+-   infocmp rxvt-unicode | ssh $REMOTE "mkdir -p .terminfo && cat >/tmp/ti && tic /tmp/ti"
++   infocmp rxvt-unicode-256color | \
++        ssh $REMOTE 'export TMPF=`mktemp` && mkdir -p ~/.terminfo \
++                     && cat >${TMPF} && tic ${TMPF} && rm ${TMPF}'
+ 
+ One some systems you might need to set C<$TERMINFO> to the full path of
+ F<$HOME/.terminfo> for this to work.
diff --git a/debian/patches/series b/debian/patches/series
index 7caded1..8e68464 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -7,3 +7,4 @@
 14_install_urxvt-font-size.diff
 15_perl_path.diff
 16_no_terminfo.diff
+17_unsafe_man.diff

-- 
Git repository for pkg-urxvt

