Bug#292792: nmu diff

Joey Hess Fri, 04 Feb 2005 11:09:57 -0800

I'm NMUing f2c for unstable, using a version of the diff the security
team used to fix stable. The diff is attached.


-- 
see shy jo

diff --new-file -ur old/f2c-20020621/debian/changelog 
f2c-20020621/debian/changelog
--- old/f2c-20020621/debian/changelog   2005-02-04 13:36:25.000000000 -0500
+++ f2c-20020621/debian/changelog       2005-02-04 13:44:18.000000000 -0500
@@ -1,3 +1,14 @@
+f2c (20020621-3.1) unstable; urgency=HIGH
+
+  * NMU for security issues. Closes: #292792
+  * Corrected creating of temporary files f2c [CAN-2005-0017]
+  * Added patch by Javier Fernandez-Sanguino Peña to fix temporary file
+    problem in fc [CAN-2005-0018]
+  * Removed xsum comparison since it prevents security updates
+    from being applied [src/makefile]
+
+ -- Joey Hess <[EMAIL PROTECTED]>  Fri,  4 Feb 2005 13:28:26 -0500
+
 f2c (20020621-2) unstable; urgency=low
   * fixed longstanding errors in manpage with reference to the f2c
     libraries, closing bug #167660
diff --new-file -ur old/f2c-20020621/fc f2c-20020621/fc
--- old/f2c-20020621/fc 2005-02-04 13:36:25.000000000 -0500
+++ f2c-20020621/fc     2005-02-04 13:36:29.000000000 -0500
@@ -81,8 +81,9 @@
 #              -U def          passed to C compiler (for .c files)
 #                              or to cpp (for .F files) to remove def
 
-s=/tmp/stderr_$$
-t=/tmp/f77_$$.o
+s=`tempfile --prefix=stderr` || { echo "$0: Cannot create temporary file" ; 
exit 1; }
+t=`tempfile --suffix=.o --prefix=f77` || { echo "$0: Cannot create temporary 
file"; exit 1; }
+trap "rm -f $s $t; exit \$rc" 0
 ### On some systems (e.g., IRIX), -common prevents complaints
 ### about multiple definitions of COMMON blocks.
 #CC=${CC_f2c:-'cc -common'}
@@ -95,7 +96,6 @@
 F2CFLAGS=${F2CFLAGS:='-ARw8 -Nn802 -Nq300 -Nx400'}
 CPP=${CPP:-/lib/cpp}
 rc=0
-trap "rm -f $s $t; exit \$rc" 0
 OUTF=a.out
 OUTO=
 cOPT=1
diff --new-file -ur old/f2c-20020621/src/makefile f2c-20020621/src/makefile
--- old/f2c-20020621/src/makefile       2001-03-05 11:54:40.000000000 -0500
+++ f2c-20020621/src/makefile   2005-02-04 13:35:36.000000000 -0500
@@ -98,8 +98,9 @@
 
 #Check validity of transmitted source...
 xsum.out: xsum $b
-       ./xsum $b >xsum1.out
-       cmp xsum0.out xsum1.out && mv xsum1.out xsum.out
+       @echo xsum comparison disabled since it prevents security updates
+#      ./xsum $b >xsum1.out
+#      cmp xsum0.out xsum1.out && mv xsum1.out xsum.out
 
 #On non-Unix systems that end lines with carriage-return/newline pairs,
 #use "make xsumr.out" rather than "make xsum.out".  The -r flag ignores
diff --new-file -ur old/f2c-20020621/src/sysdep.c f2c-20020621/src/sysdep.c
--- old/f2c-20020621/src/sysdep.c       2000-07-04 18:54:54.000000000 -0400
+++ f2c-20020621/src/sysdep.c   2005-02-04 13:36:29.000000000 -0500
@@ -22,6 +22,7 @@
 ****************************************************************/
 #include "defs.h"
 #include "usignal.h"
+#include <stdlib.h>
 
 char binread[] = "rb", textread[] = "r";
 char binwrite[] = "wb", textwrite[] = "w";
@@ -107,6 +108,7 @@
  void
 set_tmp_names(Void)
 {
+#ifdef MSDOS
        int k;
        if (debugflag == 1)
                return;
@@ -118,6 +120,15 @@
        p1_file = blkdfname + k;
        p1_bakfile = p1_file + k;
        sortfname = p1_bakfile + k;
+#else
+       char c_functions[] = TMPDIR "/f2c_func_XXXXXX";
+       char initfname[]   = TMPDIR "/f2c_rc_XXXXXX";
+       char initbname[]   = TMPDIR "/f2c_rc.b_XXXXXX";
+       char blkdfname[]   = TMPDIR "/f2c_blkd_XXXXXX";
+       char p1_file[]     = TMPDIR "/f2c_p1f_XXXXXX";
+       char p1_bakfile[]  = TMPDIR "/f2c_p1fb_XXXXXX";
+       char sortfname[]   = TMPDIR "/f2c_sort_XXXXXX";
+#endif
        {
 #ifdef MSDOS
        char buf[64], *s, *t;
@@ -156,16 +167,21 @@
        sprintf(p1_file, "%s%sp1f", t, f2c);
        sprintf(p1_bakfile, "%s%sp1fb", t, f2c);
        sprintf(sortfname, "%s%ssort", t, f2c);
+       sprintf(initbname, "%s.b", initfname);
 #else
-       long pid = getpid();
-       sprintf(c_functions, "%s/f2c%ld_func", tmpdir, pid);
-       sprintf(initfname, "%s/f2c%ld_rd", tmpdir, pid);
-       sprintf(blkdfname, "%s/f2c%ld_blkd", tmpdir, pid);
-       sprintf(p1_file, "%s/f2c%ld_p1f", tmpdir, pid);
-       sprintf(p1_bakfile, "%s/f2c%ld_p1fb", tmpdir, pid);
-       sprintf(sortfname, "%s/f2c%ld_sort", tmpdir, pid);
+
+       if (mkstemp(c_functions) == -1
+           || mkstemp(initfname) == -1
+           || mkstemp(initbname) == -1
+           || mkstemp(blkdfname) == -1
+           || mkstemp(p1_file) == -1
+           || mkstemp(p1_bakfile) == -1
+           || mkstemp(sortfname) == -1) {
+         fprintf(stderr, "Cannot create temporary files\n");
+         Un_link_all(0);
+         exit(1);
+       }
 #endif
-       sprintf(initbname, "%s.b", initfname);
        }
        if (debugflag)
                fprintf(diagfile, "%s %s %s %s %s %s\n", c_functions,

signature.asc
Description: Digital signature

Bug#292792: nmu diff

Reply via email to