Bug#499271: please unblock myspell 1:3.0+pre3.1-22 (was: Re: Bug#499271: verified to be caused by myspell-tools)

Thu, 18 Sep 2008 07:49:27 -0700 

Hi,

Agustin Martin wrote:
> I have been reviewing original patch and seems I found the problem. tmpfiles
> are created in the midle of a pipe. Original program uses implicit
> continuation lines, and there was the tmpfile creation. Seems that with
> attached patch in myspell tools a russian dict can be created with a non
> void aff file.
> 
> See attached patch.
> 
> Rene, let me know if you will do the upload or I should NMU.

I don't mind; I just uploaded it though. Thanks for the patch.

release team: can you please unblock myspell 1:3.0+pre3.1-22 which fixes
a regression e.g. in rus-ispell (#499236) caused by the "symlink attack"
patch.

Almost identical ( I just changed the version, me on the uploader and
thanked Agustin) patch like to what I uploaded is this:

> diff -u myspell-3.0+pre3.1/debian/changelog 
> myspell-3.0+pre3.1/debian/changelog
> --- myspell-3.0+pre3.1/debian/changelog
> +++ myspell-3.0+pre3.1/debian/changelog
> @@ -1,3 +1,10 @@
> +myspell (1:3.0+pre3.1-21.1) unstable; urgency=low
> +
> +  * 10_fix_insecure_tmp.dpatch: Move utils/i2myspell tmpfile
> +    creation out of the pipe it was breaking (Closes: #499271)
> +
> + -- Agustin Martin Domingo <[EMAIL PROTECTED]>  Thu, 18 Sep 2008 15:01:30 
> +0200
> +
>  myspell (1:3.0+pre3.1-21) unstable; urgency=high
>  
>    * fix insecure temp file usage, thanks Thijs Kinkhorst (closes: #496392);
> diff -u myspell-3.0+pre3.1/debian/patches/10_fix_insecure_tmp.dpatch 
> myspell-3.0+pre3.1/debian/patches/10_fix_insecure_tmp.dpatch
> --- myspell-3.0+pre3.1/debian/patches/10_fix_insecure_tmp.dpatch
> +++ myspell-3.0+pre3.1/debian/patches/10_fix_insecure_tmp.dpatch
> @@ -5,9 +5,9 @@
>  ## DP: fix insecure temp file usage
>  
>  @DPATCH@
> -diff -Nur myspell-3.0+pre3.1.orig/utils/i2myspell 
> myspell-3.0+pre3.1/utils/i2myspell
> ---- myspell-3.0+pre3.1.orig/utils/i2myspell  2002-03-08 15:15:53.000000000 
> +0100
> -+++ myspell-3.0+pre3.1/utils/i2myspell       2008-08-26 15:14:45.000000000 
> +0200
> +diff -urNad myspell-3.0+pre3.1~/utils/i2myspell 
> myspell-3.0+pre3.1/utils/i2myspell
> +--- myspell-3.0+pre3.1~/utils/i2myspell      2002-03-08 15:15:53.000000000 
> +0100
> ++++ myspell-3.0+pre3.1/utils/i2myspell       2008-09-18 15:00:46.000000000 
> +0200
>  @@ -32,6 +32,7 @@
>   -d)
>   
> @@ -16,7 +16,7 @@
>   sed 's#/# #' $2 | sort -r -k 1 | uniq | grep -v ^$ |
>   awk '{ 
>       if (p!=$1) { 
> -@@ -41,16 +42,18 @@
> +@@ -41,15 +42,17 @@
>       if ($2!="") printf "/%s", $2; 
>       }
>   }' | sed 's#/##g
> @@ -33,12 +33,11 @@
>   exit;;
>   esac
>   
> - ispell -d $1 -D | # dump affix table from the ispell hash
>  +TEMPFILE1=`mktemp -t i2my1.XXXXXXXXXX`
>  +TEMPFILE2=`mktemp -t i2my2.XXXXXXXXXX`
> + ispell -d $1 -D | # dump affix table from the ispell hash
>   sed 's/ //g
>   /prefixes/,/suffixes/s/flag[*]\(.\):/PFX \1 Y /
> - /prefixes/,/suffixes/s/flag\(.\):/PFX \1 N /
>  @@ -58,7 +61,7 @@
>   /suffixes/,//s/flag\(.\):/SFX \1 N /
>   s/\([^ ]*\).>.\([^,]*\)$/0 \2 \1/

Grüße/Regards,

René
-- 
 .''`.  René Engelhard -- Debian GNU/Linux Developer
 : :' : http://www.debian.org | http://people.debian.org/~rene/
 `. `'  [EMAIL PROTECTED] | GnuPG-Key ID: 248AEB73
   `-   Fingerprint: 41FA F208 28D4 7CA5 19BB  7AD9 F859 90B0 248A EB73




--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to