tags 598418 + patch
tags 598418 + pending
thanks
Dear maintainer,
I've sponsored an NMU for magics++ (versioned as 2.10.0.dfsg-5.1) and
uploaded it to DELAYED/5. Please feel free to tell me if I should delay
it longer or remove it from the queue.
Regards,
tony
diff -Nru magics++-2.10.0.dfsg/debian/changelog
magics++-2.10.0.dfsg/debian/changelog
--- magics++-2.10.0.dfsg/debian/changelog 2010-09-26 04:44:25.000000000
-0700
+++ magics++-2.10.0.dfsg/debian/changelog 2010-10-24 09:20:57.000000000
-0700
@@ -1,3 +1,13 @@
+magics++ (2.10.0.dfsg-5.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * debian/patches
+ - (cve-2010-3393--bug598418): Refresh patch. Restore deleted line
+ 'python="@MAGICS_PYTHON@"' and adjust $ldlib.
+ (important, security, reopened; Closes: #598418).
+
+ -- Jari Aalto <jari.aa...@cante.net> Sun, 24 Oct 2010 19:20:57 +0300
+
magics++ (2.10.0.dfsg-5) unstable; urgency=low
* CVE-2010-3393: Fix LD_LIBRARY_PATH edit. Closes: #598418.
diff -Nru magics++-2.10.0.dfsg/debian/patches/cve-2010-3393.patch
magics++-2.10.0.dfsg/debian/patches/cve-2010-3393.patch
--- magics++-2.10.0.dfsg/debian/patches/cve-2010-3393.patch 2010-09-26
04:42:47.000000000 -0700
+++ magics++-2.10.0.dfsg/debian/patches/cve-2010-3393.patch 2010-10-24
09:17:41.000000000 -0700
@@ -1,35 +1,37 @@
-Index: magics++-2.10.0.dfsg/magics-config.in
-===================================================================
---- magics++-2.10.0.dfsg.orig/magics-config.in 2010-09-26 12:42:02.000000000
+0100
-+++ magics++-2.10.0.dfsg/magics-config.in 2010-09-26 12:42:42.000000000
+0100
-@@ -9,7 +9,6 @@
- AXX="@AXX@"
- FFLAGS="@FFLAGS@"
- CPPLIBS="@CPPLIBS@"
--python="@MAGICS_PYTHON@"
- py_dir="@PYTHON_SITE_PACKAGES_DIR@"
- suffix=""
-
-@@ -73,6 +72,13 @@
+From 4d974cdaf4547520d6ce335f88f5f67712e97766 Mon Sep 17 00:00:00 2001
+From: Jari Aalto <jari.aa...@cante.net>
+Date: Sat, 16 Oct 2010 19:52:12 +0300
+Subject: [PATCH] CVE-2010-3393 insecure library loading Bug#598418
+Organization: Private
+Content-Type: text/plain; charset="utf-8"
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Jari Aalto <jari.aa...@cante.net>
+---
+ magics-config.in | 3 ++-
+ 1 files changed, 2 insertions(+), 1 deletions(-)
+
+diff --git a/magics-config.in b/magics-config.in
+index dd07ffd..889b2e2 100644
+--- a/magics-config.in
++++ b/magics-config.in
+@@ -73,6 +73,7 @@ if test -h ${prefix}; then
fi
fi
-+if test -h ${LD_LIBRARY_PATH}; then
-+ ldlib=${prefix}/lib
-+else
-+ ldlib=${prefix}/lib:${LD_LIBRARY_PATH}
-+fi
-+
-+
++ldlib="${prefix}/lib${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}"
if test $# -eq 0; then
usage 1 1>&2
fi
-@@ -102,7 +108,7 @@
+@@ -102,7 +103,7 @@ while test $# -gt 0; do
echo ""
echo " export MAGPLUS_HOME=${prefix}"
echo " export PATH=${prefix}/bin:\$PATH"
- echo " export LD_LIBRARY_PATH=${prefix}/lib:\$LD_LIBRARY_PATH"
-+ echo " export LD_LIBRARY_PATH=${ldlib}"
++ echo " export LD_LIBRARY_PATH=\"$ldlib\""
echo " export
PYTHONPATH=\"${py_dir}:\${PYTHONPATH:-/usr/lib}\""
echo ""
echo " You might want add these lines to your login scripts
(.profile, .kshrc or .bashrc)."
+--
+1.7.1
+
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
