r406 - in /debtorrent/trunk/debian: changelog debtorrent.postinst

camrdale-guest at users.alioth.debian.org camrdale-guest at users.alioth.debian.org
Sat Sep 27 18:22:08 UTC 2008 

Author: camrdale-guest
Date: Sat Sep 27 18:22:07 2008
New Revision: 406

URL: http://svn.debian.org/wsvn/debtorrent/?sc=1&rev=406
Log:
Prevent symlink attack when upgrading from pre 0.1.6 (Closes: #500180)

Modified:
    debtorrent/trunk/debian/changelog
    debtorrent/trunk/debian/debtorrent.postinst

Modified: debtorrent/trunk/debian/changelog
URL: http://svn.debian.org/wsvn/debtorrent/debtorrent/trunk/debian/changelog?rev=406&op=diff
==============================================================================
--- debtorrent/trunk/debian/changelog (original)
+++ debtorrent/trunk/debian/changelog Sat Sep 27 18:22:07 2008
@@ -1,3 +1,9 @@
+debtorrent (0.1.9.1) unstable; urgency=low
+
+  * Prevent symlink attack when upgrading from pre 0.1.6 (Closes: #500180)
+
+ -- Cameron Dale <camrdale at gmail.com>  Sat, 27 Sep 2008 11:19:50 -0700
+
 debtorrent (0.1.9) unstable; urgency=low
 
   * Fix download/upload stats are correct after restarting torrents,

Modified: debtorrent/trunk/debian/debtorrent.postinst
URL: http://svn.debian.org/wsvn/debtorrent/debtorrent/trunk/debian/debtorrent.postinst?rev=406&op=diff
==============================================================================
--- debtorrent/trunk/debian/debtorrent.postinst (original)
+++ debtorrent/trunk/debian/debtorrent.postinst Sat Sep 27 18:22:07 2008
@@ -35,13 +35,13 @@
 		
 		if [ -n "$2" ] && dpkg --compare-versions "$2" lt 0.1.6 ; then
 			# Upgrade for the new separate_all options
-			UPGRADE_FILE=/tmp/debtorrent-pre0.1.6-upgrade
+			UPGRADE_FILE="$(mktemp -t debtorrent-pre0.1.6-upgrade.XXXXXX)"
 			echo "Beginning upgrade of debtorrent directories from pre 0.1.6 version"
 			echo "Beginning upgrade of debtorrent directories from pre 0.1.6 version" > $UPGRADE_FILE
 			if [ -r /etc/default/debtorrent-client ] ; then
 				. /etc/default/debtorrent-client
 				echo "Upgrading debtorrent cache..."
-				echo "Upgrading debtorrent cache..." > $UPGRADE_FILE
+				echo "Upgrading debtorrent cache..." >> $UPGRADE_FILE
 				/usr/share/debtorrent/split_cache_for_all $DEBTORRENT_DOWNLOAD_DIR >> $UPGRADE_FILE
 				if [ -z "$DEBTORRENT_CACHE_DIR" ] ; then
 					if [ -z "$DEBTORRENT_DOWNLOAD_DIR" ] ; then

More information about the Debtorrent-commits mailing list