[Pkg-lustre-svn-commit] r487 - in /trunk/debian: changelog patches/00list patches/fix-symlink-attack.dpatch

winnie at users.alioth.debian.org winnie at users.alioth.debian.org
Wed Aug 27 15:01:46 UTC 2008 

Author: winnie
Date: Wed Aug 27 15:01:45 2008
New Revision: 487

URL: http://svn.debian.org/wsvn/pkg-lustre/?sc=1&rev=487
Log:
Fix symlink attack (Closes: #496371)

Added:
    trunk/debian/patches/fix-symlink-attack.dpatch   (with props)
Modified:
    trunk/debian/changelog
    trunk/debian/patches/00list

Modified: trunk/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-lustre/trunk/debian/changelog?rev=487&op=diff
==============================================================================
--- trunk/debian/changelog (original)
+++ trunk/debian/changelog Wed Aug 27 15:01:45 2008
@@ -2,8 +2,9 @@
 
   * New upstream version 
   * Add README.Debian also to lustre-source
-
- -- Patrick Winnertz <winnie at debian.org>  Mon, 21 Jul 2008 16:19:57 +0200
+  * Fix possible symlink attack in lustre-tests. (Closes: #496371)
+
+ -- Patrick Winnertz <winnie at debian.org>  Wed, 27 Aug 2008 16:59:29 +0200
 
 lustre (1.6.5-1) unstable; urgency=low
 

Modified: trunk/debian/patches/00list
URL: http://svn.debian.org/wsvn/pkg-lustre/trunk/debian/patches/00list?rev=487&op=diff
==============================================================================
--- trunk/debian/patches/00list (original)
+++ trunk/debian/patches/00list Wed Aug 27 15:01:45 2008
@@ -21,3 +21,4 @@
 bug13852-quota_includes.dpatch
 fix-lustre-manpage.dpatch
 enable-quota.dpatch
+fix-symlink-attack.dpatch

Added: trunk/debian/patches/fix-symlink-attack.dpatch
URL: http://svn.debian.org/wsvn/pkg-lustre/trunk/debian/patches/fix-symlink-attack.dpatch?rev=487&op=file
==============================================================================
--- trunk/debian/patches/fix-symlink-attack.dpatch (added)
+++ trunk/debian/patches/fix-symlink-attack.dpatch Wed Aug 27 15:01:45 2008
@@ -1,0 +1,23 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## fix-symlink-attack.dpatch by Patrick Winnertz <winnie at debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
+ at DPATCH@
+diff -urNad lustre-1.6.5.1~/lustre/tests/runiozone lustre-1.6.5.1/lustre/tests/runiozone
+--- lustre-1.6.5.1~/lustre/tests/runiozone	2007-02-10 07:33:10.000000000 +0100
++++ lustre-1.6.5.1/lustre/tests/runiozone	2008-08-27 16:58:36.000000000 +0200
+@@ -9,9 +9,11 @@
+ LOOP=0
+ rm -f endiozone
+ echo 0 > /proc/sys/lnet/debug
++tmpfile=$(mktemp -t iozone.XXXXXXXXXXXX)
+ while date; do
+ 	LOOP=`expr $LOOP + 1`
+ 	echo "Test #$LOOP"
+ 	iozone $VERIFY $ODIR -r $REC -i 0 -i 1 -f $FILE -s $SIZE 2>&1 || exit $?
+ 	[ -f endiozone -o $LOOP -ge $COUNT ] && rm -f endiozone && exit 0
+-done | tee /tmp/iozone.log
++done | tee $tmpfile
++echo "You'll find the log of this iozone run at: $tmpfile"

Propchange: trunk/debian/patches/fix-symlink-attack.dpatch
------------------------------------------------------------------------------
    svn:executable = *

More information about the Pkg-lustre-svn-commit mailing list