Merge lp:~jtaylor/ubuntu/lucid/gajim/multiple-CVE into lp:ubuntu/lucid/gajim
- Lucid (10.04)
- multiple-CVE
- Merge into lucid
Proposed by
Julian Taylor
Status: | Merged | ||||||||
---|---|---|---|---|---|---|---|---|---|
Merge reported by: | Marc Deslauriers | ||||||||
Merged at revision: | not available | ||||||||
Proposed branch: | lp:~jtaylor/ubuntu/lucid/gajim/multiple-CVE | ||||||||
Merge into: | lp:ubuntu/lucid/gajim | ||||||||
Diff against target: |
376 lines (+347/-0) 5 files modified
debian/changelog (+19/-0) debian/patches/00list (+3/-0) debian/patches/CVE-2012-2085.dpatch (+54/-0) debian/patches/CVE-2012-2086.dpatch (+157/-0) debian/patches/CVE-2012-2093.dpatch (+114/-0) |
||||||||
To merge this branch: | bzr merge lp:~jtaylor/ubuntu/lucid/gajim/multiple-CVE | ||||||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Ubuntu Development Team | Pending | ||
Review via email: mp+104264@code.launchpad.net |
Commit message
Description of the change
To post a comment you must log in.
- 54. By Julian Taylor
-
fix missing jid tuple in patch
- 55. By Julian Taylor
-
fix missing wait on process end
Revision history for this message
Marc Deslauriers (mdeslaur) wrote : | # |
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1 | === modified file 'debian/changelog' | |||
2 | --- debian/changelog 2009-12-15 02:32:45 +0000 | |||
3 | +++ debian/changelog 2012-05-10 19:54:17 +0000 | |||
4 | @@ -1,3 +1,22 @@ | |||
5 | 1 | gajim (0.13-0ubuntu2.10.04.1) lucid-security; urgency=low | ||
6 | 2 | |||
7 | 3 | * SECURITY UPDATE: assisted code execution (LP: #992618) | ||
8 | 4 | - debian/patches/CVE-2012-2085.dpatch: fix subprocess call to prevent | ||
9 | 5 | shell escape from via crafted messages | ||
10 | 6 | https://trac.gajim.org/changeset/bc296e96ac10 | ||
11 | 7 | - CVE-2012-2085 | ||
12 | 8 | * SECURITY UPDATE: sql injection in logging code (LP: #992618) | ||
13 | 9 | - debian/patches/CVE-2012-2086.dpatch: use a prepated statement | ||
14 | 10 | https://trac.gajim.org/changeset/bfd5f94489d8 | ||
15 | 11 | - CVE-2012-2086 | ||
16 | 12 | * SECURITY UPDATE: insecure tmpfile creation (LP: #992613) | ||
17 | 13 | - debian/patches/CVE-2012-2093.dpatch: use safe tmpfile functions | ||
18 | 14 | when convering LaTeX IM messages to png images | ||
19 | 15 | Thanks to Nico Golde | ||
20 | 16 | - CVE-2012-2093 | ||
21 | 17 | |||
22 | 18 | -- Julian Taylor <jtaylor@ubuntu.com> Tue, 01 May 2012 15:21:25 +0200 | ||
23 | 19 | |||
24 | 1 | gajim (0.13-0ubuntu2) lucid; urgency=low | 20 | gajim (0.13-0ubuntu2) lucid; urgency=low |
25 | 2 | 21 | ||
26 | 3 | * debian/control: | 22 | * debian/control: |
27 | 4 | 23 | ||
28 | === modified file 'debian/patches/00list' | |||
29 | --- debian/patches/00list 2009-11-25 08:33:47 +0000 | |||
30 | +++ debian/patches/00list 2012-05-10 19:54:17 +0000 | |||
31 | @@ -1,2 +1,5 @@ | |||
32 | 1 | config-write-sync.patch | 1 | config-write-sync.patch |
33 | 2 | ubuntu-keyring.patch | 2 | ubuntu-keyring.patch |
34 | 3 | CVE-2012-2085.dpatch | ||
35 | 4 | CVE-2012-2086.dpatch | ||
36 | 5 | CVE-2012-2093.dpatch | ||
37 | 3 | 6 | ||
38 | === added file 'debian/patches/CVE-2012-2085.dpatch' | |||
39 | --- debian/patches/CVE-2012-2085.dpatch 1970-01-01 00:00:00 +0000 | |||
40 | +++ debian/patches/CVE-2012-2085.dpatch 2012-05-10 19:54:17 +0000 | |||
41 | @@ -0,0 +1,54 @@ | |||
42 | 1 | #! /bin/sh /usr/share/dpatch/dpatch-run | ||
43 | 2 | ## Description: prevent assisted code execution CVE-2012-2085 | ||
44 | 3 | ## Origin: https://trac.gajim.org/changeset/bc296e96ac10 | ||
45 | 4 | ## Bug: https://trac.gajim.org/ticket/7031 | ||
46 | 5 | ## CVE-2012-2085.dpatch by Julian Taylor <jtaylor@ubuntu.com> | ||
47 | 6 | ## | ||
48 | 7 | ## All lines beginning with `## DP:' are a description of the patch. | ||
49 | 8 | ## DP: No description. | ||
50 | 9 | |||
51 | 10 | @DPATCH@ | ||
52 | 11 | diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' gajim-lucid.orig~/src/common/helpers.py gajim-lucid.orig/src/common/helpers.py | ||
53 | 12 | --- gajim-lucid.orig~/src/common/helpers.py 2012-05-01 15:19:52.000000000 +0200 | ||
54 | 13 | +++ gajim-lucid.orig/src/common/helpers.py 2012-05-01 15:20:49.347118151 +0200 | ||
55 | 14 | @@ -39,6 +39,7 @@ | ||
56 | 15 | import base64 | ||
57 | 16 | import sys | ||
58 | 17 | import hashlib | ||
59 | 18 | +import shlex | ||
60 | 19 | |||
61 | 20 | from encodings.punycode import punycode_encode | ||
62 | 21 | |||
63 | 22 | @@ -355,8 +356,18 @@ | ||
64 | 23 | pass | ||
65 | 24 | return False | ||
66 | 25 | |||
67 | 26 | -def exec_command(command): | ||
68 | 27 | - subprocess.Popen('%s &' % command, shell=True).wait() | ||
69 | 28 | +def exec_command(command, use_shell=False): | ||
70 | 29 | + """ | ||
71 | 30 | + execute a command. if use_shell is True, we run the command as is it was | ||
72 | 31 | + typed in a console. So it may be dangerous if you are not sure about what | ||
73 | 32 | + is executed. | ||
74 | 33 | + """ | ||
75 | 34 | + if use_shell: | ||
76 | 35 | + subprocess.Popen('%s &' % command, shell=True).wait() | ||
77 | 36 | + else: | ||
78 | 37 | + args = shlex.split(command.encode('utf-8')) | ||
79 | 38 | + p = subprocess.Popen(args) | ||
80 | 39 | + gajim.thread_interface(p.wait) | ||
81 | 40 | |||
82 | 41 | def build_command(executable, parameter): | ||
83 | 42 | # we add to the parameter (can hold path with spaces) | ||
84 | 43 | diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' gajim-lucid.orig~/src/notify.py gajim-lucid.orig/src/notify.py | ||
85 | 44 | --- gajim-lucid.orig~/src/notify.py 2012-05-01 15:19:52.000000000 +0200 | ||
86 | 45 | +++ gajim-lucid.orig/src/notify.py 2012-05-01 15:21:18.347117755 +0200 | ||
87 | 46 | @@ -323,7 +323,7 @@ | ||
88 | 47 | command = gajim.config.get_per('notifications', str(advanced_notif_num), | ||
89 | 48 | 'command') | ||
90 | 49 | try: | ||
91 | 50 | - helpers.exec_command(command) | ||
92 | 51 | + helpers.exec_command(command, use_shell=True) | ||
93 | 52 | except Exception: | ||
94 | 53 | pass | ||
95 | 54 | |||
96 | 0 | 55 | ||
97 | === added file 'debian/patches/CVE-2012-2086.dpatch' | |||
98 | --- debian/patches/CVE-2012-2086.dpatch 1970-01-01 00:00:00 +0000 | |||
99 | +++ debian/patches/CVE-2012-2086.dpatch 2012-05-10 19:54:17 +0000 | |||
100 | @@ -0,0 +1,157 @@ | |||
101 | 1 | #! /bin/sh /usr/share/dpatch/dpatch-run | ||
102 | 2 | ## Description: prevent sql injections CVE-2012-2086 | ||
103 | 3 | ## Origin: https://trac.gajim.org/changeset/bc296e96ac10 | ||
104 | 4 | ## Bug: https://trac.gajim.org/ticket/7031 | ||
105 | 5 | ## CVE-2012-2086.dpatch by Julian Taylor <jtaylor@ubuntu.com> | ||
106 | 6 | ## | ||
107 | 7 | ## All lines beginning with `## DP:' are a description of the patch. | ||
108 | 8 | ## DP: No description. | ||
109 | 9 | |||
110 | 10 | @DPATCH@ | ||
111 | 11 | diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' gajim-lucid.orig~/src/common/logger.py gajim-lucid.orig/src/common/logger.py | ||
112 | 12 | --- gajim-lucid.orig~/src/common/logger.py 2012-05-01 15:19:52.000000000 +0200 | ||
113 | 13 | +++ gajim-lucid.orig/src/common/logger.py 2012-05-01 15:23:03.891116311 +0200 | ||
114 | 14 | @@ -527,7 +527,7 @@ | ||
115 | 15 | except exceptions.PysqliteOperationalError, e: | ||
116 | 16 | # Error trying to create a new jid_id. This means there is no log | ||
117 | 17 | return [] | ||
118 | 18 | - where_sql = self._build_contact_where(account, jid) | ||
119 | 19 | + where_sql, jid_tuple = self._build_contact_where(account, jid) | ||
120 | 20 | |||
121 | 21 | now = int(float(time.time())) | ||
122 | 22 | timed_out = now - (timeout * 60) # before that they are too old | ||
123 | 23 | @@ -539,10 +539,9 @@ | ||
124 | 24 | WHERE (%s) AND kind IN (%d, %d, %d, %d, %d) AND time > %d | ||
125 | 25 | ORDER BY time DESC LIMIT %d OFFSET %d | ||
126 | 26 | ''' % (where_sql, constants.KIND_SINGLE_MSG_RECV, | ||
127 | 27 | - constants.KIND_CHAT_MSG_RECV, constants.KIND_SINGLE_MSG_SENT, | ||
128 | 28 | - constants.KIND_CHAT_MSG_SENT, constants.KIND_ERROR, | ||
129 | 29 | - timed_out, restore_how_many_rows, pending_how_many) | ||
130 | 30 | - ) | ||
131 | 31 | + constants.KIND_CHAT_MSG_RECV, constants.KIND_SINGLE_MSG_SENT, | ||
132 | 32 | + constants.KIND_CHAT_MSG_SENT, constants.KIND_ERROR, timed_out, | ||
133 | 33 | + restore_how_many_rows, pending_how_many), jid_tuple) | ||
134 | 34 | |||
135 | 35 | results = self.cur.fetchall() | ||
136 | 36 | except sqlite.DatabaseError: | ||
137 | 37 | @@ -569,7 +568,7 @@ | ||
138 | 38 | except exceptions.PysqliteOperationalError, e: | ||
139 | 39 | # Error trying to create a new jid_id. This means there is no log | ||
140 | 40 | return [] | ||
141 | 41 | - where_sql = self._build_contact_where(account, jid) | ||
142 | 42 | + where_sql, jid_tuple = self._build_contact_where(account, jid) | ||
143 | 43 | |||
144 | 44 | start_of_day = self.get_unix_time_from_date(year, month, day) | ||
145 | 45 | seconds_in_a_day = 86400 # 60 * 60 * 24 | ||
146 | 46 | @@ -580,7 +579,7 @@ | ||
147 | 47 | WHERE (%s) | ||
148 | 48 | AND time BETWEEN %d AND %d | ||
149 | 49 | ORDER BY time | ||
150 | 50 | - ''' % (where_sql, start_of_day, last_second_of_day)) | ||
151 | 51 | + ''' % (where_sql, start_of_day, last_second_of_day), jid_tuple) | ||
152 | 52 | |||
153 | 53 | results = self.cur.fetchall() | ||
154 | 54 | return results | ||
155 | 55 | @@ -603,13 +602,13 @@ | ||
156 | 56 | return results | ||
157 | 57 | |||
158 | 58 | else: # user just typed something, we search in message column | ||
159 | 59 | - where_sql = self._build_contact_where(account, jid) | ||
160 | 60 | + where_sql, jid_tuple = self._build_contact_where(account, jid) | ||
161 | 61 | like_sql = '%' + query.replace("'", "''") + '%' | ||
162 | 62 | self.cur.execute(''' | ||
163 | 63 | SELECT contact_name, time, kind, show, message, subject FROM logs | ||
164 | 64 | WHERE (%s) AND message LIKE '%s' | ||
165 | 65 | ORDER BY time | ||
166 | 66 | - ''' % (where_sql, like_sql)) | ||
167 | 67 | + ''' % (where_sql, like_sql), jid_tuple) | ||
168 | 68 | |||
169 | 69 | results = self.cur.fetchall() | ||
170 | 70 | return results | ||
171 | 71 | @@ -622,7 +621,7 @@ | ||
172 | 72 | # Error trying to create a new jid_id. This means there is no log | ||
173 | 73 | return [] | ||
174 | 74 | days_with_logs = [] | ||
175 | 75 | - where_sql = self._build_contact_where(account, jid) | ||
176 | 76 | + where_sql, jid_tuple = self._build_contact_where(account, jid) | ||
177 | 77 | |||
178 | 78 | # First select all date of month whith logs we want | ||
179 | 79 | start_of_month = self.get_unix_time_from_date(year, month, 1) | ||
180 | 80 | @@ -640,7 +639,7 @@ | ||
181 | 81 | AND kind NOT IN (%d, %d) | ||
182 | 82 | ORDER BY time | ||
183 | 83 | ''' % (where_sql, start_of_month, last_second_of_month, | ||
184 | 84 | - constants.KIND_STATUS, constants.KIND_GCSTATUS)) | ||
185 | 85 | + constants.KIND_STATUS, constants.KIND_GCSTATUS), jid_tuple) | ||
186 | 86 | result = self.cur.fetchall() | ||
187 | 87 | |||
188 | 88 | # convert timestamps to day of month | ||
189 | 89 | @@ -654,19 +653,21 @@ | ||
190 | 90 | we had logs (excluding statuses)''' | ||
191 | 91 | where_sql = '' | ||
192 | 92 | if not is_room: | ||
193 | 93 | - where_sql = self._build_contact_where(account, jid) | ||
194 | 94 | + where_sql, jid_tuple = self._build_contact_where(account, jid) | ||
195 | 95 | else: | ||
196 | 96 | try: | ||
197 | 97 | jid_id = self.get_jid_id(jid, 'ROOM') | ||
198 | 98 | except exceptions.PysqliteOperationalError, e: | ||
199 | 99 | # Error trying to create a new jid_id. This means there is no log | ||
200 | 100 | return None | ||
201 | 101 | - where_sql = 'jid_id = %s' % jid_id | ||
202 | 102 | + where_sql = 'jid_id = ?' | ||
203 | 103 | + jid_tuple = (jid_id,) | ||
204 | 104 | self.cur.execute(''' | ||
205 | 105 | SELECT MAX(time) FROM logs | ||
206 | 106 | WHERE (%s) | ||
207 | 107 | AND kind NOT IN (%d, %d) | ||
208 | 108 | - ''' % (where_sql, constants.KIND_STATUS, constants.KIND_GCSTATUS)) | ||
209 | 109 | + ''' % (where_sql, constants.KIND_STATUS, constants.KIND_GCSTATUS), | ||
210 | 110 | + jid_tuple) | ||
211 | 111 | |||
212 | 112 | results = self.cur.fetchone() | ||
213 | 113 | if results is not None: | ||
214 | 114 | @@ -683,11 +684,13 @@ | ||
215 | 115 | except exceptions.PysqliteOperationalError, e: | ||
216 | 116 | # Error trying to create a new jid_id. This means there is no log | ||
217 | 117 | return None | ||
218 | 118 | - where_sql = 'jid_id = %s' % jid_id | ||
219 | 119 | + where_sql = 'jid_id = ?' | ||
220 | 120 | + jid_tuple = (jid_id,) | ||
221 | 121 | + | ||
222 | 122 | self.cur.execute(''' | ||
223 | 123 | SELECT time FROM rooms_last_message_time | ||
224 | 124 | WHERE (%s) | ||
225 | 125 | - ''' % (where_sql)) | ||
226 | 126 | + ''' % (where_sql), jid_tuple) | ||
227 | 127 | |||
228 | 128 | results = self.cur.fetchone() | ||
229 | 129 | if results is not None: | ||
230 | 130 | @@ -709,6 +712,7 @@ | ||
231 | 131 | '''build the where clause for a jid, including metacontacts | ||
232 | 132 | jid(s) if any''' | ||
233 | 133 | where_sql = '' | ||
234 | 134 | + jid_tuple = () | ||
235 | 135 | # will return empty list if jid is not associated with | ||
236 | 136 | # any metacontacts | ||
237 | 137 | family = gajim.contacts.get_metacontacts_family(account, jid) | ||
238 | 138 | @@ -718,13 +722,15 @@ | ||
239 | 139 | jid_id = self.get_jid_id(user['jid']) | ||
240 | 140 | except exceptions.PysqliteOperationalError, e: | ||
241 | 141 | continue | ||
242 | 142 | - where_sql += 'jid_id = %s' % jid_id | ||
243 | 143 | + where_sql += 'jid_id = ?' | ||
244 | 144 | + jid_tuple += (jid_id,) | ||
245 | 145 | if user != family[-1]: | ||
246 | 146 | where_sql += ' OR ' | ||
247 | 147 | else: # if jid was not associated with metacontacts | ||
248 | 148 | jid_id = self.get_jid_id(jid) | ||
249 | 149 | - where_sql = 'jid_id = %s' % jid_id | ||
250 | 150 | - return where_sql | ||
251 | 151 | + where_sql = 'jid_id = ?' | ||
252 | 152 | + jid_tuple += (jid_id,) | ||
253 | 153 | + return where_sql,jid_tuple | ||
254 | 154 | |||
255 | 155 | def save_transport_type(self, jid, type_): | ||
256 | 156 | '''save the type of the transport in DB''' | ||
257 | 157 | |||
258 | 0 | 158 | ||
259 | === added file 'debian/patches/CVE-2012-2093.dpatch' | |||
260 | --- debian/patches/CVE-2012-2093.dpatch 1970-01-01 00:00:00 +0000 | |||
261 | +++ debian/patches/CVE-2012-2093.dpatch 2012-05-10 19:54:17 +0000 | |||
262 | @@ -0,0 +1,114 @@ | |||
263 | 1 | #! /bin/sh /usr/share/dpatch/dpatch-run | ||
264 | 2 | ## Description: fix insecure tmpfile creation CVE-2012-2093 | ||
265 | 3 | ## Origin: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668710 | ||
266 | 4 | ## Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668710 | ||
267 | 5 | ## CVE-2012-2093.dpatch by Julian Taylor <jtaylor@ubuntu.com> | ||
268 | 6 | ## | ||
269 | 7 | ## All lines beginning with `## DP:' are a description of the patch. | ||
270 | 8 | ## DP: No description. | ||
271 | 9 | |||
272 | 10 | @DPATCH@ | ||
273 | 11 | diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' gajim-lucid.orig~/src/common/latex.py gajim-lucid.orig/src/common/latex.py | ||
274 | 12 | --- gajim-lucid.orig~/src/common/latex.py 2012-05-01 15:19:52.000000000 +0200 | ||
275 | 13 | +++ gajim-lucid.orig/src/common/latex.py 2012-05-01 15:26:22.031113594 +0200 | ||
276 | 14 | @@ -29,7 +29,7 @@ | ||
277 | 15 | |||
278 | 16 | import os | ||
279 | 17 | import random | ||
280 | 18 | -from tempfile import gettempdir | ||
281 | 19 | +from tempfile import gettempdir,mkstemp,mkdtemp | ||
282 | 20 | from subprocess import Popen, PIPE | ||
283 | 21 | |||
284 | 22 | import logging | ||
285 | 23 | @@ -57,10 +57,10 @@ | ||
286 | 24 | return True | ||
287 | 25 | return False | ||
288 | 26 | |||
289 | 27 | -def get_tmpfile_name(): | ||
290 | 28 | +def get_tmpfile_name(tmpdir): | ||
291 | 29 | random.seed() | ||
292 | 30 | int_ = random.randint(0, 100) | ||
293 | 31 | - return os.path.join(gettempdir(), 'gajimtex_' + int_.__str__()) | ||
294 | 32 | + return os.path.join(tmpdir, 'gajimtex_' + int_.__str__()) | ||
295 | 33 | |||
296 | 34 | def write_latex(filename, str_): | ||
297 | 35 | texstr = '\\documentclass[12pt]{article}\\usepackage[dvips]{graphicx}' | ||
298 | 36 | @@ -78,12 +78,12 @@ | ||
299 | 37 | # a wrapper for Popen so that no window gets opened on Windows | ||
300 | 38 | # (i think this is the reason we're using Popen rather than just system()) | ||
301 | 39 | # stdout goes to a pipe so that it can be read | ||
302 | 40 | -def popen_nt_friendly(command): | ||
303 | 41 | +def popen_nt_friendly(command, directory): | ||
304 | 42 | if os.name == 'nt': | ||
305 | 43 | # CREATE_NO_WINDOW | ||
306 | 44 | - return Popen(command, creationflags=0x08000000, cwd=gettempdir(), stdout=PIPE) | ||
307 | 45 | + return Popen(command, creationflags=0x08000000, cwd=directory, stdout=PIPE) | ||
308 | 46 | else: | ||
309 | 47 | - return Popen(command, cwd=gettempdir(), stdout=PIPE) | ||
310 | 48 | + return Popen(command, cwd=directory, stdout=PIPE) | ||
311 | 49 | |||
312 | 50 | def check_for_latex_support(): | ||
313 | 51 | '''check is latex is available and if it can create a picture.''' | ||
314 | 52 | @@ -98,9 +98,9 @@ | ||
315 | 53 | except LatexError: | ||
316 | 54 | return False | ||
317 | 55 | |||
318 | 56 | -def try_run(argv): | ||
319 | 57 | +def try_run(argv, directory): | ||
320 | 58 | try: | ||
321 | 59 | - p = popen_nt_friendly(argv) | ||
322 | 60 | + p = popen_nt_friendly(argv, directory) | ||
323 | 61 | out = p.communicate()[0] | ||
324 | 62 | log.info(out) | ||
325 | 63 | return p.wait() | ||
326 | 64 | @@ -125,21 +125,28 @@ | ||
327 | 65 | # we triggered the blacklist, immediately return None | ||
328 | 66 | return None | ||
329 | 67 | |||
330 | 68 | - tmpfile = get_tmpfile_name() | ||
331 | 69 | + tmpdir = "" | ||
332 | 70 | + tmppng = "" | ||
333 | 71 | + try: | ||
334 | 72 | + tmpdir = mkdtemp(prefix="gajim") | ||
335 | 73 | + tmppng = mkstemp(suffix=".png")[1] | ||
336 | 74 | + except Exception: | ||
337 | 75 | + raise LatexError("could not securely create one or more temporary files for LaTeX conversion") | ||
338 | 76 | |||
339 | 77 | + tmpfile = get_tmpfile_name(tmpdir) | ||
340 | 78 | # build latex string | ||
341 | 79 | write_latex(os.path.join(tmpfile + '.tex'), str_) | ||
342 | 80 | |||
343 | 81 | # convert TeX to dvi | ||
344 | 82 | exitcode = try_run(['latex', '--interaction=nonstopmode', | ||
345 | 83 | - tmpfile + '.tex']) | ||
346 | 84 | + tmpfile + '.tex'], tmpdir) | ||
347 | 85 | |||
348 | 86 | if exitcode == 0: | ||
349 | 87 | # convert dvi to png | ||
350 | 88 | latex_png_dpi = gajim.config.get('latex_png_dpi') | ||
351 | 89 | exitcode = try_run(['dvipng', '-bg', bg_str, '-fg', fg_str, '-T', | ||
352 | 90 | 'tight', '-D', latex_png_dpi, tmpfile + '.dvi', '-o', | ||
353 | 91 | - tmpfile + '.png']) | ||
354 | 92 | + tmpfile + '.png'], tmpdir) | ||
355 | 93 | |||
356 | 94 | # remove temp files created by us and TeX | ||
357 | 95 | extensions = ['.tex', '.log', '.aux', '.dvi'] | ||
358 | 96 | @@ -149,11 +156,17 @@ | ||
359 | 97 | except Exception: | ||
360 | 98 | pass | ||
361 | 99 | |||
362 | 100 | + if exitcode == 0: | ||
363 | 101 | + os.rename(tmpfile + '.png', tmppng) | ||
364 | 102 | + else: | ||
365 | 103 | + os.remove(tmppng) | ||
366 | 104 | + | ||
367 | 105 | + os.rmdir(tmpdir) | ||
368 | 106 | if isinstance(exitcode, (unicode, str)): | ||
369 | 107 | raise LatexError(exitcode) | ||
370 | 108 | |||
371 | 109 | if exitcode == 0: | ||
372 | 110 | - result = tmpfile + '.png' | ||
373 | 111 | + result = tmppng | ||
374 | 112 | |||
375 | 113 | return result | ||
376 | 114 |
Julian, could you please update the status of this merge request so it gets removed from the sponsors list? Thanks.