Le Mon, Aug 25, 2008 at 10:17:02PM -0700, Steve Langasek a écrit :
> On Tue, Aug 26, 2008 at 01:40:01PM +0900, Charles Plessy wrote:
>
> > Would you accept this package in Lenny to fix #496366?
>
> If the diff is in line with this description, yes.
Hi Steve, hi all,
thank you for your patience. I have been in contact with Upstream who
reviewd kindly finished the patching work (I did not manage to produce a
working patch for the Ruby file).
Here is the final changelog:
mafft (6.240-2) unstable; urgency=high
.
[ Charles Plessy ]
* debian/control:
- Moved the Homepage: field out from the package's description.
- Enhances: t-coffee.
* Updated my email address.
* Securisation of the temorary files of mafft-homologs:
- debian/control: build-depend on quilt.
- debian/rules: modified to use quilt.
- debian/README.source: signals that the package uses quilt.
- debian/patches: added a patch to use non-guessable temporary files
(Closes: #496366). Thanks to Dmitry E. Oboukhov for finding the bug,
Thijs Kinkhorst for preliminary patch and Kazutaka Katoh for the
final implementation.
- debian/mafft-homologs.1*, debian/README.Debian: document that the
program is patched.
.
[ David Paleino ]
* debian/mafft.1, debian/mafft-homologs.1 added - manpages built statically.
* debian/control:
- B-D updated (see above)
- added myself to Uploaders
- moved XS-Vcs-* fields to Vcs-*
- Updated to Standards-Version 3.7.3 (no changes needed)
* debian/rules:
- reflecting static build of manpages
- minor changes
Here is the diffstat:
aqwa『build-area』$ diffstat mafft_6.240-1_6.240-2.debdiff
debian/README.source | 8
debian/mafft-homologs.1 | 112 ++++++
debian/mafft.1 | 370 ++++++++++++++++++++++
debian/patches/Securisation-by-mktemp-usage.patch | 211 ++++++++++++
debian/patches/series | 1
mafft-6.240/debian/README.Debian | 7
mafft-6.240/debian/changelog | 31 +
mafft-6.240/debian/control | 20 -
mafft-6.240/debian/mafft-homologs.1.xml | 9
mafft-6.240/debian/mafft.1.xml | 9
mafft-6.240/debian/rules | 20 -
I added a paragraph about the patch to the manpages, but as the sources are in
XML and the stylesheets evolved, the diff is big. All the changes unrelated to
the bug are documented in the changelog, except the addition of
DM-Upload-Allowed: yes, that is systematic in our packages anyway, and cosmetic
improvements of the description. The patch itself now affects another file in
which a similar security problem was uncovered by Upstream. Here is the full
debdiff.
Have a nice day,
-- Charles Plessy, Debian Med packaging team, Tsurumi, Kanagawa, Japan
diff -u mafft-6.240/debian/mafft.1.xml mafft-6.240/debian/mafft.1.xml
--- mafft-6.240/debian/mafft.1.xml
+++ mafft-6.240/debian/mafft.1.xml
@@ -12,7 +12,7 @@
<!ENTITY dhemail "[EMAIL PROTECTED]">
<!ENTITY dhusername "&dhfirstname; &dhsurname;">
<!ENTITY dhrelease "6.240">
- <!ENTITY dhdate "2007-06-09">
+ <!ENTITY dhdate "2008-09-01">
<!ENTITY dhtitle "Mafft Manual">
<!ENTITY dhucpackage "MAFFT">
<!ENTITY dhpackage "mafft">
@@ -739,4 +739,11 @@
</refsect2>
</refsect1>
+ <refsect1>
+ <title>DIVERGENCE FROM UPSTREAM</title>
+ <para><command>mafft-homologs</command> has been patched to enhance the
+ security of the temporary files it creates. You can consult the patch in
+ the Debian source package. It has been reviewed and amended by Kazutaka
+ Katoh, the upstream author of MAFFT.</para>
+ </refsect1>
</refentry>
diff -u mafft-6.240/debian/control mafft-6.240/debian/control
--- mafft-6.240/debian/control
+++ mafft-6.240/debian/control
@@ -2,18 +2,22 @@
Section: science
Priority: optional
Maintainer: Debian-Med Packaging Team <[EMAIL PROTECTED]>
-Uploaders: Charles Plessy <[EMAIL PROTECTED]>
-Build-Depends: debhelper (>= 5), xsltproc, docbook-xsl, docbook-xml
-Standards-Version: 3.7.2
-XS-Vcs-Browser:
http://svn.debian.org/wsvn/debian-med/trunk/packages/mafft/trunk/
-XS-Vcs-Svn: svn://svn.debian.org/svn/debian-med/trunk/packages/mafft
+DM-Upload-Allowed: yes
+Uploaders: Charles Plessy <[EMAIL PROTECTED]>,
+ David Paleino <[EMAIL PROTECTED]>
+Build-Depends: debhelper (>= 5), quilt
+Standards-Version: 3.7.3
+Vcs-Browser:
http://svn.debian.org/wsvn/debian-med/trunk/packages/mafft/trunk/?rev=0&sc=0
+Vcs-Svn: svn://svn.debian.org/svn/debian-med/trunk/packages/mafft/trunk/
+Homepage: http://align.bmr.kyushu-u.ac.jp/mafft/software/
Package: mafft
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}
Suggests: ruby, lynx, blast2
+Enhances: t-coffee
Description: Multiple alignment program for amino acid or nucleotide sequences
- MAFFT is a multiple sequence alignment program, which offers three
+ MAFFT is a multiple sequence alignment program which offers three
accuracy-oriented methods:
* L-INS-i (probably most accurate; recommended for <200 sequences;
iterative refinement method incorporating local pairwise alignment
@@ -23,7 +27,7 @@
pairwise alignment information),
* E-INS-i (suitable for sequences containing large unalignable regions;
recommended for <200 sequences),
- and five speed-oriented methods:
+ and five speed-oriented methods:
* FFT-NS-i (iterative refinement method; two cycles only),
* FFT-NS-i (iterative refinement method; max. 1000 iterations),
* FFT-NS-2 (fast; progressive method),
@@ -34,2 +37,0 @@
- .
- Homepage: http://align.bmr.kyushu-u.ac.jp/mafft/software/
diff -u mafft-6.240/debian/README.Debian mafft-6.240/debian/README.Debian
--- mafft-6.240/debian/README.Debian
+++ mafft-6.240/debian/README.Debian
@@ -21 +21,6 @@
- -- Charles Plessy <[EMAIL PROTECTED]> Wed, 7 Feb 2007 21:44:40 +0900
+The programs mafft and mafft-homologs have been patched to enhance the security
+of the temporary files they create. You can consult the patch in the Debian
+source package. It has been reviewed and amended by Kazutaka Katoh, the
+upstream author of MAFFT.
+
+ -- Charles Plessy <[EMAIL PROTECTED]> Mon, 25 Aug 2008 23:29:19 +0900
diff -u mafft-6.240/debian/mafft-homologs.1.xml
mafft-6.240/debian/mafft-homologs.1.xml
--- mafft-6.240/debian/mafft-homologs.1.xml
+++ mafft-6.240/debian/mafft-homologs.1.xml
@@ -12,7 +12,7 @@
<!ENTITY dhemail "[EMAIL PROTECTED]">
<!ENTITY dhusername "&dhfirstname; &dhsurname;">
<!ENTITY dhrelease "2.1">
- <!ENTITY dhdate "2007-06-09">
+ <!ENTITY dhdate "2008-09-01">
<!ENTITY dhtitle "Mafft Manual">
<!ENTITY dhucpackage "MAFFT-HOMOLOGS">
<!ENTITY dhpackage "mafft-homologs">
@@ -193,2 +193,9 @@
</refsect1>
+ <refsect1>
+ <title>DIVERGENCE FROM UPSTREAM</title>
+ <para><command>mafft-homologs</command> has been patched to enhance the
+ security of the temporary files it creates. You can consult the patch in
+ the Debian source package. It has been reviewed and amended by Kazutaka
+ Katoh, the upstream author of MAFFT.</para>
+ </refsect1>
</refentry>
diff -u mafft-6.240/debian/rules mafft-6.240/debian/rules
--- mafft-6.240/debian/rules
+++ mafft-6.240/debian/rules
@@ -5,11 +5,14 @@
# Uncomment this to turn on verbose mode.
#export DH_VERBOSE=1
+include /usr/share/quilt/quilt.make
+
XP=xsltproc \
-''-nonet \
-''-param man.charmap.use.subset "0" \
-''-param make.year.ranges "1" \
- -''-param make.single.year.ranges "1"
+ -''-param make.single.year.ranges "1" \
+ -o debian/
CFLAGS = -Wall -g
@@ -26,11 +29,11 @@
mafft-homologs.1: debian/mafft-homologs.1.xml
$(XP) $<
-build-stamp: build
-build: mafft.1 mafft-homologs.1
+build: patch build-stamp
+build-stamp:
dh_testdir
$(MAKE) -C src PREFIX=/usr/lib/mafft
- touch build-stamp
+ touch $@
MAFFT = MAFFT_BINARIES=$(CURDIR)/binaries scripts/mafft
@@ -42,11 +45,11 @@
-$(MAFFT) --localpair test/sample | diff
test/sample.lins1 -
-$(MAFFT) --localpair --maxiterate 100 test/sample | diff
test/sample.linsi -
-clean:
+clean: unpatch
dh_testdir
dh_testroot
- -$(MAKE) -C src clean
- dh_clean mafft.1 mafft-homologs.1 build-stamp
+ [ ! -f Makefile ] || $(MAKE) -C src clean
+ dh_clean build-stamp
install: build-stamp test
dh_testdir
@@ -57,14 +60,13 @@
mv debian/mafft/usr/bin/mafft-homologs.rb
debian/mafft/usr/bin/mafft-homologs
binary-indep: build install
-
binary-arch: build install
dh_testdir
dh_testroot
dh_installchangelogs
dh_installdocs
dh_install test usr/share/doc/mafft/
- dh_installman mafft.1 mafft-homologs.1
+ dh_installman debian/mafft.1 debian/mafft-homologs.1
dh_link
dh_strip
dh_compress
diff -u mafft-6.240/debian/changelog mafft-6.240/debian/changelog
--- mafft-6.240/debian/changelog
+++ mafft-6.240/debian/changelog
@@ -1,3 +1,34 @@
+mafft (6.240-2) unstable; urgency=high
+
+ [ Charles Plessy ]
+ * debian/control:
+ - Moved the Homepage: field out from the package's description.
+ - Enhances: t-coffee.
+ * Updated my email address.
+ * Securisation of the temorary files of mafft-homologs:
+ - debian/control: build-depend on quilt.
+ - debian/rules: modified to use quilt.
+ - debian/README.source: signals that the package uses quilt.
+ - debian/patches: added a patch to use non-guessable temporary files
+ (Closes: #496366). Thanks to Dmitry E. Oboukhov for finding the bug,
+ Thijs Kinkhorst for preliminary patch and Kazutaka Katoh for the
+ final implementation.
+ - debian/mafft-homologs.1*, debian/README.Debian: document that the
+ program is patched.
+
+ [ David Paleino ]
+ * debian/mafft.1, debian/mafft-homologs.1 added - manpages built statically.
+ * debian/control:
+ - B-D updated (see above)
+ - added myself to Uploaders
+ - moved XS-Vcs-* fields to Vcs-*
+ - Updated to Standards-Version 3.7.3 (no changes needed)
+ * debian/rules:
+ - reflecting static build of manpages
+ - minor changes
+
+ -- Charles Plessy <[EMAIL PROTECTED]> Mon, 25 Aug 2008 23:30:20 +0900
+
mafft (6.240-1) unstable; urgency=low
* Initial release (Closes: #409640)
only in patch2:
unchanged:
--- mafft-6.240.orig/debian/mafft.1
+++ mafft-6.240/debian/mafft.1
@@ -0,0 +1,370 @@
+.\" Title: MAFFT
+.\" Author: Kazutaka Katoh <katoh_at_bioreg.kyushu-u.ac.jp.>
+.\" Generator: DocBook XSL Stylesheets v1.73.2 <http://docbook.sf.net/>
+.\" Date: 2008-09-01
+.\" Manual: Mafft Manual
+.\" Source: mafft 6.240
+.\"
+.TH "MAFFT" "1" "2008\-09\-01" "mafft 6.240" "Mafft Manual"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
+mafft \- Multiple alignment program for amino acid or nucleotide sequences
+.SH "SYNOPSIS"
+.HP 6
+\fBmafft\fR [\fBoptions\fR] \fIinput\fR [>\ \fIoutput\fR]
+.HP 6
+\fBlinsi\fR \fIinput\fR [>\ \fIoutput\fR]
+.HP 6
+\fBginsi\fR \fIinput\fR [>\ \fIoutput\fR]
+.HP 6
+\fBeinsi\fR \fIinput\fR [>\ \fIoutput\fR]
+.HP 7
+\fBfftnsi\fR \fIinput\fR [>\ \fIoutput\fR]
+.HP 6
+\fBfftns\fR \fIinput\fR [>\ \fIoutput\fR]
+.HP 14
+\fBmafft\-profile\fR \fIgroup1\fR \fIgroup2\fR [>\ \fIoutput\fR]
+.SH "DESCRIPTION"
+.PP
+\fBMAFFT\fR
+is a multiple sequence alignment program for unix\-like operating systems\&.
It offers a range of multiple alignment methods\&.
+.SS "Accuracy\-oriented methods:"
+.sp
+.RS 4
+\h'-04'\(bu\h'+03'L\-INS\-i (probably most accurate; recommended for <200
sequences; iterative refinement method incorporating local pairwise alignment
information):
+.HP 6
+\fBmafft\fR \fB\-\-localpair\fR \fB\-\-maxiterate\fR\ \fI1000\fR \fIinput\fR
[>\ \fIoutput\fR]
+.HP 6
+\fBlinsi\fR \fIinput\fR [>\ \fIoutput\fR]
+.RE
+.sp
+.RS 4
+\h'-04'\(bu\h'+03'G\-INS\-i (suitable for sequences of similar lengths;
recommended for <200 sequences; iterative refinement method incorporating
global pairwise alignment information):
+.HP 6
+\fBmafft\fR \fB\-\-globalpair\fR \fB\-\-maxiterate\fR\ \fI1000\fR \fIinput\fR
[>\ \fIoutput\fR]
+.HP 6
+\fBginsi\fR \fIinput\fR [>\ \fIoutput\fR]
+.RE
+.sp
+.RS 4
+\h'-04'\(bu\h'+03'E\-INS\-i (suitable for sequences containing large
unalignable regions; recommended for <200 sequences):
+.HP 6
+\fBmafft\fR \fB\-\-ep\fR\ \fI0\fR \fB\-\-genafpair\fR \fB\-\-maxiterate\fR\
\fI1000\fR \fIinput\fR [>\ \fIoutput\fR]
+.HP 6
+\fBeinsi\fR \fIinput\fR [>\ \fIoutput\fR]
+.br
+
+For E\-INS\-i, the
+\fB\-\-ep\fR
+\fI0\fR
+option is recommended to allow large gaps\&.
+.RE
+.SS "Speed\-oriented methods:"
+.sp
+.RS 4
+\h'-04'\(bu\h'+03'FFT\-NS\-i (iterative refinement method; two cycles only):
+.HP 6
+\fBmafft\fR \fB\-\-retree\fR\ \fI2\fR \fB\-\-maxiterate\fR\ \fI2\fR
\fIinput\fR [>\ \fIoutput\fR]
+.HP 7
+\fBfftnsi\fR \fIinput\fR [>\ \fIoutput\fR]
+.RE
+.sp
+.RS 4
+\h'-04'\(bu\h'+03'FFT\-NS\-i (iterative refinement method; max\&. 1000
iterations):
+.HP 6
+\fBmafft\fR \fB\-\-retree\fR\ \fI2\fR \fB\-\-maxiterate\fR\ \fI1000\fR
\fIinput\fR [>\ \fIoutput\fR]
+.RE
+.sp
+.RS 4
+\h'-04'\(bu\h'+03'FFT\-NS\-2 (fast; progressive method):
+.HP 6
+\fBmafft\fR \fB\-\-retree\fR\ \fI2\fR \fB\-\-maxiterate\fR\ \fI0\fR
\fIinput\fR [>\ \fIoutput\fR]
+.HP 6
+\fBfftns\fR \fIinput\fR [>\ \fIoutput\fR]
+.RE
+.sp
+.RS 4
+\h'-04'\(bu\h'+03'FFT\-NS\-1 (very fast; recommended for >2000 sequences;
progressive method with a rough guide tree):
+.HP 6
+\fBmafft\fR \fB\-\-retree\fR\ \fI1\fR \fB\-\-maxiterate\fR\ \fI0\fR
\fIinput\fR [>\ \fIoutput\fR]
+.RE
+.sp
+.RS 4
+\h'-04'\(bu\h'+03'NW\-NS\-PartTree\-1 (recommended for ?50,000 sequences;
progressive method with the PartTree algorithm):
+.HP 6
+\fBmafft\fR \fB\-\-retree\fR\ \fI1\fR \fB\-\-maxiterate\fR\ \fI0\fR
\fB\-\-parttree\fR \fIinput\fR [>\ \fIoutput\fR]
+.RE
+.SS "Group\-to\-group alignments"
+.HP 14
+\fBmafft\-profile\fR \fIgroup1\fR \fIgroup2\fR [>\ \fIoutput\fR]
+.PP
+or:
+.HP 6
+\fBmafft\fR \fB\-\-maxiterate\fR\ \fI1000\fR \fB\-\-seed\fR\ \fIgroup1\fR
\fB\-\-seed\fR\ \fIgroup2\fR /dev/null [>\ \fIoutput\fR]
+.SH "OPTIONS"
+.PP
+\fB\-\-auto\fR
+.RS 4
+.RE
+.PP
+\fB\-\-clustalout\fR
+.RS 4
+.RE
+.PP
+\fB\-\-reorder\fR
+.RS 4
+.RE
+.PP
+\fB\-\-inputorder\fR
+.RS 4
+.RE
+.PP
+\fB\-\-algq\fR
+.RS 4
+.RE
+.PP
+\fB\-\-groupsize\fR
+.RS 4
+.RE
+.PP
+\fB\-\-partsize\fR
+.RS 4
+.RE
+.PP
+\fB\-\-parttree\fR
+.RS 4
+.RE
+.PP
+\fB\-\-dpparttree\fR
+.RS 4
+.RE
+.PP
+\fB\-\-fastaparttree\fR
+.RS 4
+.RE
+.PP
+\fB\-\-treeout\fR
+.RS 4
+.RE
+.PP
+\fB\-\-fastswpair\fR
+.RS 4
+.RE
+.PP
+\fB\-\-fastapair\fR
+.RS 4
+.RE
+.PP
+\fB\-\-noscore\fR
+.RS 4
+.RE
+.PP
+\fB\-\-6merpair\fR
+.RS 4
+.RE
+.PP
+\fB\-\-blastpair\fR
+.RS 4
+.RE
+.PP
+\fB\-\-globalpair\fR
+.RS 4
+.RE
+.PP
+\fB\-\-localpair\fR
+.RS 4
+.RE
+.PP
+\fB\-\-genafpair\fR
+.RS 4
+.RE
+.PP
+\fB\-\-memsave\fR
+.RS 4
+.RE
+.PP
+\fB\-\-nuc\fR
+.RS 4
+.RE
+.PP
+\fB\-\-amino\fR
+.RS 4
+.RE
+.PP
+\fB\-\-fft\fR
+.RS 4
+.RE
+.PP
+\fB\-\-nofft\fR
+.RS 4
+.RE
+.PP
+\fB\-\-quiet\fR
+.RS 4
+.RE
+.PP
+\fB\-\-coreext\fR
+.RS 4
+.RE
+.PP
+\fB\-\-core\fR
+.RS 4
+.RE
+.PP
+\fB\-\-maxiterate\fR
+.RS 4
+.RE
+.PP
+\fB\-\-retree\fR
+.RS 4
+.RE
+.PP
+\fB\-\-aamatrix\fR
+.RS 4
+.RE
+.PP
+\fB\-\-fmodel\fR
+.RS 4
+.RE
+.PP
+\fB\-\-jtt\fR
+.RS 4
+.RE
+.PP
+\fB\-\-tm\fR
+.RS 4
+.RE
+.PP
+\fB\-\-bl\fR
+.RS 4
+.RE
+.PP
+\fB\-\-weighti\fR
+.RS 4
+.RE
+.PP
+\fB\-\-op\fR
+.RS 4
+.RE
+.PP
+\fB\-\-ep\fR
+.RS 4
+.RE
+.PP
+\fB\-\-lop\fR
+.RS 4
+.RE
+.PP
+\fB\-\-LOP\fR
+.RS 4
+.RE
+.PP
+\fB\-\-lep\fR
+.RS 4
+.RE
+.PP
+\fB\-\-lexp\fR
+.RS 4
+.RE
+.PP
+\fB\-\-LEXP\fR
+.RS 4
+.RE
+.PP
+\fB\-\-corethr\fR
+.RS 4
+.RE
+.PP
+\fB\-\-corewin\fR
+.RS 4
+.RE
+.PP
+\fB\-\-seed\fR
+.RS 4
+.RE
+.SH "FILES"
+.PP
+Mafft stores the input sequences and other files in a temporary directory,
which by default is located in
+\fI/tmp\fR\&.
+.SH "ENVIONMENT"
+.PP
+\fBMAFFT_BINARIES\fR
+.RS 4
+Indicates the location of the binary files used by mafft\&. By default, they
are searched in
+\fI/usr/local/lib/mafft\fR, but on Debian systems, they are searched in
+\fI/usr/lib/mafft\fR\&.
+.RE
+.PP
+\fBFASTA_4_MAFFT\fR
+.RS 4
+This variable can be set to indicate to mafft the location to the fasta34
program if it is not in the PATH\&.
+.RE
+.SH "SEE ALSO"
+.PP
+
+\fBmafft-homologs\fR(1)
+.SH "REFERENCES"
+.SS "In English"
+.sp
+.RS 4
+\h'-04'\(bu\h'+03'Katoh and Toh (Bioinformatics 23:372\-374, 2007) PartTree:
an algorithm to build an approximate tree from a large number of unaligned
sequences (describes the PartTree algorithm)\&.
+.RE
+.sp
+.RS 4
+\h'-04'\(bu\h'+03'Katoh, Kuma, Toh and Miyata (Nucleic Acids Res\&.
33:511\-518, 2005) MAFFT version 5: improvement in accuracy of multiple
sequence alignment (describes [ancestral versions of] the G\-INS\-i, L\-INS\-i
and E\-INS\-i strategies)
+.RE
+.sp
+.RS 4
+\h'-04'\(bu\h'+03'Katoh, Misawa, Kuma and Miyata (Nucleic Acids Res\&.
30:3059\-3066, 2002) MAFFT: a novel method for rapid multiple sequence
alignment based on fast Fourier transform (describes the FFT\-NS\-1, FFT\-NS\-2
and FFT\-NS\-i strategies)
+.RE
+.SS "In Japanese"
+.sp
+.RS 4
+\h'-04'\(bu\h'+03'Katoh and Misawa (???? 46:312\-317, 2006) Multiple Sequence
Alignments: the Next Generation
+.RE
+.sp
+.RS 4
+\h'-04'\(bu\h'+03'Katoh and Kuma (????? 44:102\-108, 2006) Jissen\-teki
Multiple Alignment
+.RE
+.SH "DIVERGENCE FROM UPSTREAM"
+.PP
+\fBmafft\-homologs\fR
+has been patched to enhance the security of the temporary files it creates\&.
You can consult the patch in the Debian source package\&. It has been reviewed
and amended by Kazutaka Katoh, the upstream author of MAFFT\&.
+.SH "AUTHORS"
+.PP
+\fBKazutaka Katoh\fR <\&katoh_at_bioreg\&.kyushu\-u\&.ac\&.jp\&.\&>
+.sp -1n
+.IP "" 4
+Wrote Mafft\&.
+.PP
+\fBCharles Plessy\fR <\&[EMAIL PROTECTED]&.org\&>
+.sp -1n
+.IP "" 4
+Wrote this manpage in DocBook XML for the Debian distribution, using Mafft\'s
homepage as a template\&.
+.SH "COPYRIGHT"
+Copyright \(co 2002, 2003, 2004, 2005, 2006, 2007 Kazutaka Katoh (mafft)
+.br
+Copyright \(co 2007 Charles Plessy (this manpage)
+.br
+.PP
+Mafft and its manpage are offered under the following conditions:
+.PP
+Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
+.sp
+.RS 4
+\h'-04' 1.\h'+02'Redistributions of source code must retain the above
copyright notice, this list of conditions and the following disclaimer\&.
+.RE
+.sp
+.RS 4
+\h'-04' 2.\h'+02'Redistributions in binary form must reproduce the above
copyright notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution\&.
+.RE
+.sp
+.RS 4
+\h'-04' 3.\h'+02'The name of the author may not be used to endorse or promote
products derived from this software without specific prior written permission\&.
+.RE
+.PP
+THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED\&. IN NO
EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
OF SUCH DAMAGE\&.
+.sp
only in patch2:
unchanged:
--- mafft-6.240.orig/debian/README.source
+++ mafft-6.240/debian/README.source
@@ -0,0 +1,8 @@
+This package uses quilt to patch the sources. Please refer to
+/usr/share/doc/quilt/README.source for more informations.
+
+This package is maintained by the Debian Med packagign team. Please refer to
+our group policy if you would like to commit to our Subversion repository. All
+Debian developpers have write acces to it.
+
+http://debian-med.alioth.debian.org/docs/policy.html
only in patch2:
unchanged:
--- mafft-6.240.orig/debian/mafft-homologs.1
+++ mafft-6.240/debian/mafft-homologs.1
@@ -0,0 +1,112 @@
+.\" Title: MAFFT-HOMOLOGS
+.\" Author: Kazutaka Katoh <katoh_at_bioreg.kyushu-u.ac.jp.>
+.\" Generator: DocBook XSL Stylesheets v1.73.2 <http://docbook.sf.net/>
+.\" Date: 2008-09-01
+.\" Manual: Mafft Manual
+.\" Source: mafft-homologs 2.1
+.\"
+.TH "MAFFT\-HOMOLOGS" "1" "2008\-09\-01" "mafft-homologs 2.1" "Mafft Manual"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
+mafft-homologs \- aligns sequences together with homologues automatically
collected from SwissProt via NCBI BLAST
+.SH "SYNOPSIS"
+.HP 15
+\fBmafft\-homologs\fR [\fBoptions\fR] \fIinput\fR [>\ \fIoutput\fR]
+.SH "DESCRIPTION"
+.PP
+The accuracy of an alignment of a few distantly related sequences is
considerably improved when being aligned together with their close homologs\&.
The reason for the improvement is probably the same as that for PSI\-BLAST\&.
That is, the positions of highly conserved residues, those with many gaps and
other additional information is brought by close homologs\&. According to Katoh
et al\&. (2005), the improvement by adding close homologs is 10% or so, which
is comparable to the improvement by incorporating structural information of a
pair of sequences\&. Mafft\-homologs in a mafft server works like this:
+.sp
+.RS 4
+\h'-04' 1.\h'+02'Collect a number (50 by default) of close homologs (E=1e\-10
by default) of the input sequences\&.
+.RE
+.sp
+.RS 4
+\h'-04' 2.\h'+02'Align the input sequences and homologs all together using the
L\-INS\-i strategy\&.
+.RE
+.sp
+.RS 4
+\h'-04' 3.\h'+02'Remove the homologs\&.
+.RE
+.SH "OPTIONS"
+.PP
+\fB\-a\fR \fI\fIn\fR\fR
+.RS 4
+The number of collected sequences (default: 50)\&.
+.RE
+.PP
+\fB\-e\fR \fI\fIn\fR\fR
+.RS 4
+Threshold value (default: 1e\-10)\&.
+.RE
+.PP
+\fB\-o\fR \fI\fIxxx\fR\fR
+.RS 4
+options for mafft (default: " \-\-op 1\&.53 \-\-ep 0\&.123 \-\-maxiterate
1000")\&.
+.RE
+.PP
+\fB\-l\fR
+.RS 4
+Locally carries out blast searches instead of NCBI blast (requires locally
installed blast and a database)\&.
+.RE
+.PP
+\fB\-f\fR
+.RS 4
+Outputs collected homologues also (default: off)\&.
+.RE
+.PP
+\fB\-w\fR
+.RS 4
+entire sequences are subjected to BLAST search (default: well\-aligned region
only)
+.RE
+.SH "REQUIREMENTS"
+.PP
+Mafft\-homologs requires a version of mafft higher than 5\&.58\&.
+.SH "REFERENCES"
+.PP
+Katoh, Kuma, Toh and Miyata (Nucleic Acids Res\&. 33:511\-518, 2005) MAFFT
version 5: improvement in accuracy of multiple sequence alignment\&.
+.SH "SEE ALSO"
+.PP
+
+\fBmafft\fR(1)
+.SH "DIVERGENCE FROM UPSTREAM"
+.PP
+\fBmafft\-homologs\fR
+has been patched to enhance the security of the temporary files it creates\&.
You can consult the patch in the Debian source package\&. It has been reviewed
and amended by Kazutaka Katoh, the upstream author of MAFFT\&.
+.SH "AUTHORS"
+.PP
+\fBKazutaka Katoh\fR <\&katoh_at_bioreg\&.kyushu\-u\&.ac\&.jp\&.\&>
+.sp -1n
+.IP "" 4
+Wrote Mafft\&.
+.PP
+\fBCharles Plessy\fR <\&[EMAIL PROTECTED]&.org\&>
+.sp -1n
+.IP "" 4
+Wrote this manpage in DocBook XML for the Debian distribution, using Mafft\'s
homepage as a template\&.
+.SH "COPYRIGHT"
+Copyright \(co 2002, 2003, 2004, 2005, 2006, 2007 Kazutaka Katoh (mafft)
+.br
+Copyright \(co 2007 Charles Plessy (this manpage)
+.br
+.PP
+Mafft and its manpage are offered under the following conditions:
+.PP
+Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
+.sp
+.RS 4
+\h'-04' 1.\h'+02'Redistributions of source code must retain the above
copyright notice, this list of conditions and the following disclaimer\&.
+.RE
+.sp
+.RS 4
+\h'-04' 2.\h'+02'Redistributions in binary form must reproduce the above
copyright notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution\&.
+.RE
+.sp
+.RS 4
+\h'-04' 3.\h'+02'The name of the author may not be used to endorse or promote
products derived from this software without specific prior written permission\&.
+.RE
+.PP
+THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED\&. IN NO
EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
OF SUCH DAMAGE\&.
+.sp
only in patch2:
unchanged:
--- mafft-6.240.orig/debian/patches/Securisation-by-mktemp-usage.patch
+++ mafft-6.240/debian/patches/Securisation-by-mktemp-usage.patch
@@ -0,0 +1,211 @@
+Author: Kazutaka Katoh and Charles Plessy, with the kind help of Thijs
Kinkhorst.
+Description: Securisation of the temporary files of mafft-homologs.
+ Mafft-homologs uses predictable names for its temporary files. This patch
+ replaces the pid-based file names by names constructed with the `mktemp'
+ program.
+ .
+ Quoting its manual page:
+ mktemp is a program to allow shell scripts to safely use temporary files.
+ Traditionally, many shell scripts take the name of the program with the PID
+ as a suffix and use that as a temporary filename. This kind of naming scheme
+ is predictable and the race condition it creates is easy for an attacker
+ to win. A safer, though still inferior approach is to make a temporary
+ directory using the same naming scheme. While this does allow one to
+ guarantee that a temporary file will not be subverted, it still allows a
+ simple denial of service attack. For these reasons it is suggested that
+ mktemp be used instead.
+Forwarded: Kazutaka Katoh <[EMAIL PROTECTED]>
+Reviewed: Kazutaka Katoh
+License: same as MAFFT itself.
+
+Index: mafft-6.240/src/mafft-homologs.tmpl
+===================================================================
+--- mafft-6.240.orig/src/mafft-homologs.tmpl
++++ mafft-6.240/src/mafft-homologs.tmpl
+@@ -31,11 +31,22 @@
+ # -w entire sequences are subjected to BLAST search
+ # (default: well-aligned region only)
+
+-
+ require 'getopts'
++require 'tempfile'
++
++# mktemp
++temp_vf = Tempfile.new("_vf").path
++temp_if = Tempfile.new("_if").path
++temp_pf = Tempfile.new("_pf").path
++temp_af = Tempfile.new("_af").path
++temp_qf = Tempfile.new("_qf").path
++temp_bf = Tempfile.new("_bf").path
++temp_rid = Tempfile.new("_rid").path
++temp_res = Tempfile.new("_res").path
+
+-system( mafftpath + " --help > /tmp/_vf#{$$} 2>&1" )
+-pfp = File.open( "/tmp/_vf#{$$}", 'r' )
++
++system( mafftpath + " --help > #{temp_vf} 2>&1" )
++pfp = File.open( "#{temp_vf}", 'r' )
+ while pfp.gets
+ break if $_ =~ /MAFFT v/
+ end
+@@ -114,35 +125,38 @@
+ mafftopt += " " + $OPT_o + " "
+ end
+
+-system "cat " + ARGV.to_s + " > /tmp/_if#{$$}"
++system "cat " + ARGV.to_s + " > #{temp_if}"
+ ar = mafftopt.split(" ")
+ nar = ar.length
+ for i in 0..(nar-1)
+ if ar[i] == "--seed" then
+- system "cat #{ar[i+1]} >> /tmp/_if#{$$}"
++ system "cat #{ar[i+1]} >> #{temp_if}"
+ end
+ end
+
+ nseq = 0
+-ifp = File.open( "/tmp/_if#{$$}", 'r' )
++ifp = File.open( "#{temp_if}", 'r' )
+ while ifp.gets
+ nseq += 1 if $_ =~ /^>/
+ end
+ ifp.close
+
+-STDERR.puts "Performing preliminary alignment .. "
+-if nseq == 1 then
+- system( "cp /tmp/_if#{$$}" + " /tmp/_pf#{$$}" )
++if nseq >= 100 then
++ STDERR.puts "The number of input sequences must be <100."
++ exit
++elsif nseq == 1 then
++ system( "cp #{temp_if}" + " #{temp_pf}" )
+ else
++ STDERR.puts "Performing preliminary alignment .. "
+ if entiresearch == 1 then
+-# system( mafftpath + " --maxiterate 1000 --localpair
/tmp/_if#{$$} > /tmp/_pf#{$$}" )
+- system( mafftpath + " --maxiterate 0 --retree 2 /tmp/_if#{$$} >
/tmp/_pf#{$$}" )
++# system( mafftpath + " --maxiterate 1000 --localpair #{temp_if}
> #{temp_pf}" )
++ system( mafftpath + " --maxiterate 0 --retree 2 #{temp_if} >
#{temp_pf}" )
+ else
+- system( mafftpath + " --maxiterate 1000 --localpair --core
--coreext --corethr #{corethr.to_s} --corewin #{corewin.to_s} /tmp/_if#{$$} >
/tmp/_pf#{$$}" )
++ system( mafftpath + " --maxiterate 1000 --localpair --core
--coreext --corethr #{corethr.to_s} --corewin #{corewin.to_s} #{temp_if} >
#{temp_pf}" )
+ end
+ end
+
+-pfp = File.open( "/tmp/_pf#{$$}", 'r' )
++pfp = File.open( "#{temp_pf}", 'r' )
+ inname = []
+ inseq = []
+ slen = []
+@@ -155,7 +169,7 @@
+ end
+ pfp.close
+
+-pfp = File.open( "/tmp/_if#{$$}", 'r' )
++pfp = File.open( "#{temp_if}", 'r' )
+ orname = []
+ orseq = []
+ nin = 0
+@@ -188,7 +202,7 @@
+ #p act
+
+
+-afp = File.open( "/tmp/_af#{$$}", 'w' )
++afp = File.open( "#{temp_af}", 'w' )
+
+ STDERR.puts "Searching .. \n"
+ ids = []
+@@ -209,10 +223,10 @@
+ end
+
+ if local == 0 then
+- command = "lynx -source
'http://www.ncbi.nlm.nih.gov/blast/Blast.cgi?QUERY="; + inseq[i] +
"&DATABASE=swissprot&HITLIST_SIZE=" + nadd.to_s + "&FILTER=L&EXPECT='" +
eval.to_s +
"'&FORMAT_TYPE=TEXT&PROGRAM=blastp&SERVICE=plain&NCBI_GI=on&PAGE=Proteins&CMD=Put'
> /tmp/_rid#{$$}"
++ command = "lynx -source
'http://www.ncbi.nlm.nih.gov/blast/Blast.cgi?QUERY="; + inseq[i] +
"&DATABASE=swissprot&HITLIST_SIZE=" + nadd.to_s + "&FILTER=L&EXPECT='" +
eval.to_s +
"'&FORMAT_TYPE=TEXT&PROGRAM=blastp&SERVICE=plain&NCBI_GI=on&PAGE=Proteins&CMD=Put'
> #{temp_rid}"
+ system command
+
+- ridp = File.open( "/tmp/_rid#{$$}", 'r' )
++ ridp = File.open( "#{temp_rid}", 'r' )
+ while ridp.gets
+ break if $_ =~ / RID = (.*)/
+ end
+@@ -224,9 +238,9 @@
+ while 1
+ STDERR.printf "."
+ sleep 10
+- command = "lynx -source
'http://www.ncbi.nlm.nih.gov/blast/Blast.cgi?RID="; + rid +
"&DESCRIPTIONS=500&ALIGNMENTS=" + nadd.to_s +
"&ALIGNMENT_TYPE=Pairwise&OVERVIEW=no&CMD=Get&FORMAT_TYPE=XML' > /tmp/_res#{$$}"
++ command = "lynx -source
'http://www.ncbi.nlm.nih.gov/blast/Blast.cgi?RID="; + rid +
"&DESCRIPTIONS=500&ALIGNMENTS=" + nadd.to_s +
"&ALIGNMENT_TYPE=Pairwise&OVERVIEW=no&CMD=Get&FORMAT_TYPE=XML' > #{temp_res}"
+ system command
+- resp = File.open( "/tmp/_res#{$$}", 'r' )
++ resp = File.open( "#{temp_res}", 'r' )
+ # resp.gets
+ # if $_ =~ /WAITING/ then
+ # resp.close
+@@ -247,17 +261,17 @@
+ else
+ # puts "Not supported"
+ # exit
+- qfp = File.open( "/tmp/_q#{$$}", 'w' )
++ qfp = File.open( "#{temp_qf}", 'w' )
+ qfp.puts "> "
+ qfp.puts inseq[i]
+ qfp.close
+- command = blastpath + " -p blastp -e #{eval} -b 1000 -m 7 -i
/tmp/_q#{$$} -d #{localdb} > /tmp/_res#{$$}"
++ command = blastpath + " -p blastp -e #{eval} -b 1000 -m 7 -i
#{temp_qf} -d #{localdb} > #{temp_res}"
+ system command
+- resp = File.open( "/tmp/_res#{$$}", 'r' )
++ resp = File.open( "#{temp_res}", 'r' )
+ end
+ STDERR.puts " Done.\n\n"
+
+- resp = File.open( "/tmp/_res#{$$}", 'r' )
++ resp = File.open( "#{temp_res}", 'r' )
+ while 1
+ while resp.gets
+ break if $_ =~ /<Hit_id>(.*)<\/Hit_id>/ || $_ =~
/(<Iteration_stat>)/
+@@ -310,17 +324,15 @@
+ afp.close
+
+ STDERR.puts "Performing alignment .. "
+-system( mafftpath + mafftopt + " /tmp/_af#{$$} > /tmp/_bf#{$$}" )
++system( mafftpath + mafftopt + " #{temp_af} > #{temp_bf}" )
+ STDERR.puts "done."
+
+-bfp = File.open( "/tmp/_bf#{$$}", 'r' )
++bfp = File.open( "#{temp_bf}", 'r' )
+ outseq = []
+ outnam = []
+ readfasta( bfp, outnam, outseq )
+ bfp.close
+
+-
+-
+ outseq2 = []
+ outnam2 = []
+
+@@ -357,4 +369,5 @@
+ puts outseq2[i].gsub( /.{1,60}/, "\\0\n" )
+ end
+
+-system( "rm -rf /tmp/_if#{$$} /tmp/_vf#{$$} /tmp/_af#{$$} /tmp/_bf#{$$}
/tmp/_pf#{$$} /tmp/_q#{$$} /tmp/_res#{$$} /tmp/_rid#{$$}" )
++
++#system( "rm -rf #{temp_if} #{temp_vf} #{temp_af} #{temp_bf} #{temp_pf}
#{temp_qf} #{temp_res} #{temp_rid}" )
+Index: mafft-6.240/src/mafft.tmpl
+===================================================================
+--- mafft-6.240.orig/src/mafft.tmpl
++++ mafft-6.240/src/mafft.tmpl
+@@ -240,11 +240,11 @@
+ shift
+ done;
+
+-# TMPFILE=/tmp/`basename $0`.`whoami`.$$.`date +%y%m%d%H%M%S`
+- TMPFILE=/tmp/$progname.$$
++# TMPFILE=/tmp/$progname.$$
++ TMPFILE=`mktemp -dt $progname.XXXXXXXXXX`
+ umask 077
+- mkdir $TMPFILE || er=1
+- trap "rm -r $TMPFILE " 0
++# mkdir $TMPFILE || er=1
++ trap "rm -rf $TMPFILE " 0
+ if [ $# -eq 1 ]; then
+ if [ -r "$1" -o "$1" = - ]; then
+ cat "$1" | tr "\r" "\n" > $TMPFILE/infile
only in patch2:
unchanged:
--- mafft-6.240.orig/debian/patches/series
+++ mafft-6.240/debian/patches/series
@@ -0,0 +1 @@
+Securisation-by-mktemp-usage.patch
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
