[pluma] 01/02: debian/patches: Add 0000_prevent_shell_code_injection.patch.

Martin Wimpress flexiondotorg-guest at moszumanska.debian.org
Mon Mar 21 16:38:48 UTC 2016 

This is an automated email from the git hooks/post-receive script.

flexiondotorg-guest pushed a commit to branch master
in repository pluma.

commit 4fb1896eeb20d616fe74a4ae0ab0b23fa0b81d25
Author: Martin Wimpress <code at flexion.org>
Date:   Mon Mar 21 16:37:57 2016 +0000

    debian/patches: Add 0000_prevent_shell_code_injection.patch.
---
 .../0000_prevent_shell_code_injection.patch        | 42 ++++++++++++++++++++++
 debian/patches/series                              |  1 +
 2 files changed, 43 insertions(+)

diff --git a/debian/patches/0000_prevent_shell_code_injection.patch b/debian/patches/0000_prevent_shell_code_injection.patch
new file mode 100644
index 0000000..859a3b0
--- /dev/null
+++ b/debian/patches/0000_prevent_shell_code_injection.patch
@@ -0,0 +1,42 @@
+Descrption: Fix switch-c tool and avoid shell command injection
+Author: Martin Wimpress <code at flexion.org>
+
+diff --git a/plugins/externaltools/data/switch-c.tool.in b/plugins/externaltools/data/switch-c.tool.in
+index 640c4f0..9d3a01c 100755
+--- a/plugins/externaltools/data/switch-c.tool.in
++++ b/plugins/externaltools/data/switch-c.tool.in
+@@ -1,5 +1,7 @@
+ #!/usr/bin/python
++# -*- coding: utf-8 -*-
+ # Copyright © 2011 Perberos
++# Copyright © 2012-2016 MATE developers
+ #
+ # This program is free software; you can redistribute it and/or modify it
+ # under the terms of the GNU Lesser General Public License as published by the
+@@ -16,10 +18,21 @@
+ # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ 
+ import os
++import subprocess
+ 
+-name = os.environ["PLUMA_CURRENT_DOCUMENT_NAME"]
++try:
++    name = os.environ["PLUMA_CURRENT_DOCUMENT_NAME"]
++except KeyError:
++    exit(1)
+ 
+-if name.endswith('.c'):
+-	os.system("pluma %s.h" % ".".join(name.split('.')[:-1]))
+-if name.endswith('.h'):
+-	os.system("pluma %s.c" % ".".join(name.split('.')[:-1]))
++f, ext = os.path.splitext(name)
++nxt = ''
++
++if ext == '.c':
++    nxt = '.h'
++
++if ext == '.h':
++    nxt = '.c'
++
++if nxt:
++    subprocess.call(['/usr/bin/pluma', f+nxt])
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..e1cc2d5
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
+0000_prevent_shell_code_injection.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-mate/pluma.git

More information about the pkg-mate-commits mailing list