Bug#598299: mono-debugger: diff for NMU version 2.6.3-2.1

Wed, 20 Oct 2010 22:39:18 -0700 

Dear maintainer,

I have sponsoned an upload of Jari Aalto's NMU for mono-debugger 
(versioned as 2.6.3-2.1) and uploaded it to DELAYED/3. Please feel 
free to tell me if I should delay it longer.

Regards,
tony mancill

diff -u mono-debugger-2.6.3/debian/changelog 
mono-debugger-2.6.3/debian/changelog
--- mono-debugger-2.6.3/debian/changelog
+++ mono-debugger-2.6.3/debian/changelog
@@ -1,3 +1,12 @@
+mono-debugger (2.6.3-2.1) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * debian/patches
+    - (CVE-*): New patch. Fix CVE-2010-3369 insecure library loading
+      (grave, security; Closes: #598299).
+
+ -- Jari Aalto <jari.aa...@cante.net>  Mon, 18 Oct 2010 13:01:07 +0300
+
 mono-debugger (2.6.3-2) unstable; urgency=low
 
   * Upload to Debian Unstable
diff -u mono-debugger-2.6.3/debian/patches/00list 
mono-debugger-2.6.3/debian/patches/00list
--- mono-debugger-2.6.3/debian/patches/00list
+++ mono-debugger-2.6.3/debian/patches/00list
@@ -2,0 +3 @@
+cve-2010-3369--bug598299
only in patch2:
unchanged:
--- mono-debugger-2.6.3.orig/debian/patches/cve-2010-3369--bug598299.dpatch
+++ mono-debugger-2.6.3/debian/patches/cve-2010-3369--bug598299.dpatch
@@ -0,0 +1,68 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## /tmp/CVE-2010-3369--bug598299.patch.dpatch by jaalto <jari.aa...@cante.net>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: 
+## DP: Author: Jari Aalto <jari.aa...@cante.net>
+## DP: 
+## DP: 
+## DP: 
+## DP:     
+## DP:     Signed-off-by: Jari Aalto <jari.aa...@cante.net>
+
+...@dpatch@
+
+diff --git a/build/mdb-symbolreader.in b/build/mdb-symbolreader.in
+old mode 100644
+new mode 100755
+index 7138bd0..627c2c1
+--- a/build/mdb-symbolreader.in
++++ b/build/mdb-symbolreader.in
+@@ -1,3 +1,18 @@
+ #!/bin/sh
+-export LD_LIBRARY_PATH="@libdir@:${LD_LIBRARY_PATH}"
+-exec @mono@ --debug @twodir@/mdb-symbolreader.exe $*
++
++Pathclean ()
++{
++   # Vulnerability fix for insecure path content
++   # Make sure "::", "^:" or ":$" is not left in path arg $1
++
++   local tmp
++   tmp=$(echo "$1" | sed -e 's/::\+// ; s/^:// ; s/:$//' )
++
++   [ "$tmp" ] && echo "$tmp"
++}
++
++LD_LIBRARY_PATH="@lib...@${ld_library_path:+:$LD_LIBRARY_PATH}"
++LD_LIBRARY_PATH=$(Pathclean "$LD_LIBRARY_PATH")
++export LD_LIBRARY_PATH
++
++exec @mono@ --debug @twodir@/mdb-symbolreader.exe "$@"
+diff --git a/build/mdb.in b/build/mdb.in
+old mode 100644
+new mode 100755
+index 12da6c3..8546d0b
+--- a/build/mdb.in
++++ b/build/mdb.in
+@@ -1,3 +1,18 @@
+ #!/bin/sh
+-export LD_LIBRARY_PATH="@libdir@:${LD_LIBRARY_PATH}"
+-exec @mono@ --debug @twodir@/mdb.exe $*
++
++Pathclean ()
++{
++   # Vulnerability fix for insecure path content
++   # Make sure "::", "^:" or ":$" is not left in path arg $1
++
++   local tmp
++   tmp=$(echo "$1" | sed -e 's/::\+// ; s/^:// ; s/:$//' )
++
++   [ "$tmp" ] && echo "$tmp"
++}
++
++LD_LIBRARY_PATH="@lib...@${ld_library_path:+:$LD_LIBRARY_PATH}"
++LD_LIBRARY_PATH=$(Pathclean "$LD_LIBRARY_PATH")
++export LD_LIBRARY_PATH
++
++exec @mono@ --debug @twodir@/mdb.exe "$@"



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to