I have fixed and uploaded.
Attached is the source debdiff.
Regards,
diff -Nru blockdiag-1.5.3+dfsg/debian/changelog
blockdiag-1.5.3+dfsg/debian/changelog
--- blockdiag-1.5.3+dfsg/debian/changelog 2017-05-29
20:44:19.000000000 +0900
+++ blockdiag-1.5.3+dfsg/debian/changelog 2017-05-31
07:19:40.000000000 +0900
@@ -1,3 +1,15 @@
+blockdiag (1.5.3+dfsg-4) unstable; urgency=medium
+
+ * debian/rules
+ - Changes to use PYBUILD_BEFORE_TEST instead of PYBUILD_BEFORE_BUILD,
+ for copying temporary files for testing.
+ - Appends deleting temporary files for testing on PYBUILD_AFTER_TEST.
+ * debian/patches
+ - fixes-ghostscript_not_found_test.patch
+ * Changes temporary files (circle.{eps,svg}) path.
+
+ -- Kouhei Maeda <mkou...@palmtb.net> Wed, 31 May 2017 07:19:40 +0900
+
blockdiag (1.5.3+dfsg-3) unstable; urgency=medium
* Reverts the change.
diff -Nru
blockdiag-1.5.3+dfsg/debian/patches/fixes-ghostscript_not_found_test.patch
blockdiag-1.5.3+dfsg/debian/patches/fixes-ghostscript_not_found_test.patch
--- blockdiag-1.5.3+dfsg/debian/patches/fixes-ghostscript_not_found_test.patch
2017-05-26 01:16:32.000000000 +0900
+++ blockdiag-1.5.3+dfsg/debian/patches/fixes-ghostscript_not_found_test.patch
2017-05-31 07:19:22.000000000 +0900
@@ -7,12 +7,12 @@
Index:
blockdiag-1.5.3+dfsg/src/blockdiag/tests/diagrams/background_url_image.diag
===================================================================
---
blockdiag-1.5.3+dfsg.orig/src/blockdiag/tests/diagrams/background_url_image.diag
2017-05-26 00:53:25.852523308 +0900
-+++ blockdiag-1.5.3+dfsg/src/blockdiag/tests/diagrams/background_url_image.diag
2017-05-26 01:16:29.640523308 +0900
++++ blockdiag-1.5.3+dfsg/src/blockdiag/tests/diagrams/background_url_image.diag
2017-05-31 07:19:19.781453251 +0900
@@ -2,5 +2,7 @@
A [background = "/usr/lib/python3.5/idlelib/Icons/python.gif"];
B [background = "/usr/lib/python3.5/idlelib/Icons/idle.ico"];
C [background = "/usr/lib/python3.5/idlelib/Icons/idle_16.png"];
-+ D [background = "/tmp/circle.eps"];
-+ E [background = "/tmp/circle.svg"];
++ D [background = "/tmp/blockdiag/circle.eps"];
++ E [background = "/tmp/blockdiag/circle.svg"];
Z;
}
diff -Nru blockdiag-1.5.3+dfsg/debian/rules blockdiag-1.5.3+dfsg/debian/rules
--- blockdiag-1.5.3+dfsg/debian/rules 2017-05-26 21:58:39.000000000 +0900
+++ blockdiag-1.5.3+dfsg/debian/rules 2017-05-31 07:19:40.000000000 +0900
@@ -3,8 +3,10 @@
# Uncomment this to turn on verbose mode.
# export DH_VERBOSE=1
+export TMPDIR_TESTING=/tmp/blockdiag
export PYBUILD_NAME=blockdiag
-export PYBUILD_BEFORE_BUILD=cp -a $(CURDIR)/src/blockdiag.egg-info
{build_dir};cp -f $(CURDIR)/debian/circle.* /tmp/
+export PYBUILD_BEFORE_TEST=cp -a $(CURDIR)/src/blockdiag.egg-info
{build_dir};install -d $(TMPDIR_TESTING); cp -f
$(CURDIR)/debian/circle.* $(TMPDIR_TESTING)/
+export PYBUILD_AFTER_TEST=rm -rf $(TMPDIR_TESTING)
%:
dh $@ --with python2,python3 --buildsystem=pybuild
--
Kouhei Maeda <mkouhei at {palmtb.net,debian.or.jp}>
KeyID 4096R/7E37CE41
2017-05-31 7:10 GMT+09:00 Kouhei Maeda <mkou...@palmtb.net>:
> 2017-05-31 5:38 GMT+09:00 Jonathan Wiltshire <j...@debian.org>:
>> On Sun, May 28, 2017 at 08:51:27AM +0900, Kouhei Maeda wrote:
>>> +export PYBUILD_BEFORE_BUILD=cp -a $(CURDIR)/src/blockdiag.egg-info
>>> {build_dir};cp -f $(CURDIR)/debian/circle.* /tmp/
>>
>> Apologies for not spotting it sooner, but there's a symlink vulnerability
>> here (imagine if /tmp/circle.* was a symlink to something important),
>> and I'm not sure that you should hardcode /tmp either ($TMPDIR?).
>>
>> I'm a bit concerned there's more going on here than just the bug fixes.
>> What would the minimum required changes to fix #860689 and #847930 look
>> like?
>
> Thanks,
>
> This change is temporarily copied for use in unit test.
> It is coping with PYBUILD_BEFORE_BUILD, but I should use PYBUILD_BEFORE_TEST.
> And, I had deleted the necessary deletion processing of temporary
> files with PYBUILD_AFTER_TEST.
>
> I will fix these.
>
> Regards,
>
> --
> Kouhei Maeda <mkouhei at {palmtb.net,debian.or.jp}>
> KeyID 4096R/7E37CE41
