Package: release.debian.org Severity: normal X-Debbugs-Cc: synca...@packages.debian.org Control: affects -1 + src:syncache User: release.debian....@packages.debian.org Usertags: unblock
Please unblock package syncache [ Reason ] Fix for #1106396. [ Impact ] Package is going to be auto-removed because it fails to configure without the bug fix. [ Tests ] Installing the unfixed revision leaves the package unconfigured with error output according to the bug report. [ Risks ] Avoids a removed Ruby language feature. Removing the .untainted should be transparent and will result in the same program flow. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing [ Other info ] I have fixed the bug via a NMU. This is not a maintainer request. unblock syncache/1.4-1.3
diff -Nru syncache-1.4/debian/changelog syncache-1.4/debian/changelog --- syncache-1.4/debian/changelog 2024-05-25 10:03:21.000000000 +0200 +++ syncache-1.4/debian/changelog 2025-07-03 08:14:10.000000000 +0200 @@ -1,3 +1,10 @@ +syncache (1.4-1.3) unstable; urgency=medium + + * Non-maintainer upload. + * Remove untaint. Closes: #1106396. + + -- Bastian Germann <b...@debian.org> Thu, 03 Jul 2025 08:14:10 +0200 + syncache (1.4-1.2) unstable; urgency=medium * Non-maintainer upload. diff -Nru syncache-1.4/debian/patches/0002-rm-untaint.patch syncache-1.4/debian/patches/0002-rm-untaint.patch --- syncache-1.4/debian/patches/0002-rm-untaint.patch 1970-01-01 01:00:00.000000000 +0100 +++ syncache-1.4/debian/patches/0002-rm-untaint.patch 2025-07-03 08:14:10.000000000 +0200 @@ -0,0 +1,39 @@ +Description: Remove untaint +Author: Bastian Germann <b...@debian.org> +Bug-Debian: https://bugs.debian.org/1106396 +--- +--- syncache-1.4.orig/bin/syncache-drb ++++ syncache-1.4/bin/syncache-drb +@@ -90,7 +90,7 @@ Options: + @debug = false + @pidfile = (0 == Process.uid) ? + "/var/run/#{PNAME}/#{PNAME}.pid" : +- File.join((ENV.has_key?('TMPDIR') ? ENV['TMPDIR'].dup.untaint : '/tmp'), ++ File.join((ENV.has_key?('TMPDIR') ? ENV['TMPDIR'].dup : '/tmp'), + "#{PNAME}.pid") + @foreground = false + +@@ -105,19 +105,19 @@ Options: + when '--flush-delay' + @flush_delay = arg.to_i + when '--user' +- @user = arg.dup.untaint ++ @user = arg.dup + when '--error-log' +- @error_log = arg.dup.untaint ++ @error_log = arg.dup + when '--debug' + @debug = true + when '--pidfile' +- @pidfile = arg.dup.untaint ++ @pidfile = arg.dup + when '--foreground' + @foreground = true + end + end + +- @uri = ARGV[0].dup.untaint if ARGV[0] ++ @uri = ARGV[0].dup if ARGV[0] + @user = Etc.getpwnam(@user) + end + diff -Nru syncache-1.4/debian/patches/series syncache-1.4/debian/patches/series --- syncache-1.4/debian/patches/series 2016-04-16 09:51:28.000000000 +0200 +++ syncache-1.4/debian/patches/series 2025-07-03 08:14:10.000000000 +0200 @@ -1 +1,2 @@ 0001-syncache.gemspec-drop-git-invokation-fix-license.patch +0002-rm-untaint.patch
