Bug#698490: git-extras: diff for NMU version 1.7.0-1.2

[Jonathan Wiltshire]

tags 698490 + pending
thanks

The patch is incomplete, this problem affects git-changelog too. Patch
attached; I have uploaded it to DELAYED/2.

Maintainer, please ensure this patch gets applied upstream (who also seem
not to understand set -e). I do not and will not have a github account.

-- 
Jonathan Wiltshire                                      j...@debian.org
Debian Developer                         http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51


diff -Nru git-extras-1.7.0/debian/changelog git-extras-1.7.0/debian/changelog
--- git-extras-1.7.0/debian/changelog	2012-09-08 14:04:47.000000000 +0100
+++ git-extras-1.7.0/debian/changelog	2013-01-20 18:08:59.000000000 +0000
@@ -1,3 +1,11 @@
+git-extras (1.7.0-1.2) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * git-changelog, git-effort: Correct unsafe temporary file usage
+    (Closes: #698490)
+
+ -- Jonathan Wiltshire <j...@debian.org>  Sun, 20 Jan 2013 18:07:43 +0000
+
 git-extras (1.7.0-1.1) unstable; urgency=low
 
   * Non-maintainer upload to fix Release Critical bug.
diff -Nru git-extras-1.7.0/debian/patches/series git-extras-1.7.0/debian/patches/series
--- git-extras-1.7.0/debian/patches/series	2012-09-08 14:01:34.000000000 +0100
+++ git-extras-1.7.0/debian/patches/series	2013-01-20 18:15:13.000000000 +0000
@@ -1,3 +1,4 @@
 git-rename-tag-add-shebang
 change-sh-shebang-to-bash-shebang
 fix-git-ignore-manpage
+unsafe-tmp
diff -Nru git-extras-1.7.0/debian/patches/unsafe-tmp git-extras-1.7.0/debian/patches/unsafe-tmp
--- git-extras-1.7.0/debian/patches/unsafe-tmp	1970-01-01 01:00:00.000000000 +0100
+++ git-extras-1.7.0/debian/patches/unsafe-tmp	2013-01-20 18:19:31.000000000 +0000
@@ -0,0 +1,46 @@
+Description: correct unsafe usage of temporary files (git-changelog,
+ git-effort)
+Author: Jonathan Wiltshire <j...@debian.org>
+Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698490
+Forwarded: no
+Last-Update: 2013-01-20
+
+
+Index: git-extras-1.7.0/bin/git-changelog
+===================================================================
+--- git-extras-1.7.0.orig/bin/git-changelog	2013-01-20 18:15:00.000000000 +0000
++++ git-extras-1.7.0/bin/git-changelog	2013-01-20 18:04:22.692229726 +0000
+@@ -19,7 +19,8 @@
+       CHANGELOG=`ls | egrep 'change|history' -i`
+       if test "$CHANGELOG" = ""; then CHANGELOG='History.md'; fi
+     fi
+-    tmp="/tmp/changelog"
++    tmp="$(mktemp --suffix=git-changelog)"
++    trap "rm -rf '$tmp'" EXIT
+     printf "$HEAD" > $tmp
+     git-changelog --list >> $tmp
+     printf '\n' >> $tmp
+@@ -27,4 +28,4 @@
+     mv $tmp $CHANGELOG
+     test -n "$EDITOR" && $EDITOR $CHANGELOG
+     ;;
+-esac
+\ No newline at end of file
++esac
+Index: git-extras-1.7.0/bin/git-effort
+===================================================================
+--- git-extras-1.7.0.orig/bin/git-effort	2013-01-20 18:15:00.000000000 +0000
++++ git-extras-1.7.0/bin/git-effort	2013-01-20 18:05:35.402409644 +0000
+@@ -1,9 +1,11 @@
+ #!/bin/bash
+ 
+-tmp=/tmp/.git-effort
++tmp="$(mktemp --suffix=-git-effort)"
+ above='0'
+ color=
+ 
++trap "rm -rf '$tmp'" EXIT
++
+ #
+ # get date for the given <commit>
+ #

signature.asc
Description: Digital signature