[Pkg-ocaml-maint-commits] r1457 - in trunk/packages/mysql-ocaml/trunk: . debian debian/patches

Samuel Mimram smimram-guest at costa.debian.org
Mon Jul 18 22:14:56 UTC 2005 

Author: smimram-guest
Date: 2005-07-18 22:14:55 +0000 (Mon, 18 Jul 2005)
New Revision: 1457

Added:
   trunk/packages/mysql-ocaml/trunk/debian/patches/
   trunk/packages/mysql-ocaml/trunk/debian/patches/00list
   trunk/packages/mysql-ocaml/trunk/debian/patches/shtool_tempfile.dpatch
   trunk/packages/mysql-ocaml/trunk/debian/svn-deblayout
Removed:
   trunk/packages/mysql-ocaml/trunk/mysql-ocaml_1.0.3.orig.tar.gz
Modified:
   trunk/packages/mysql-ocaml/trunk/debian/
   trunk/packages/mysql-ocaml/trunk/debian/changelog
   trunk/packages/mysql-ocaml/trunk/debian/control
   trunk/packages/mysql-ocaml/trunk/debian/libmysql-ocaml-dev.doc-base
   trunk/packages/mysql-ocaml/trunk/debian/rules
Log:
Switched to svn-buildpackage + fixed shtool vulnerability.


Property changes on: trunk/packages/mysql-ocaml/trunk/debian
___________________________________________________________________
Name: mergeWithUpstream
   + 1

Modified: trunk/packages/mysql-ocaml/trunk/debian/changelog
===================================================================
--- trunk/packages/mysql-ocaml/trunk/debian/changelog	2005-07-18 22:14:46 UTC (rev 1456)
+++ trunk/packages/mysql-ocaml/trunk/debian/changelog	2005-07-18 22:14:55 UTC (rev 1457)
@@ -1,3 +1,11 @@
+mysql-ocaml (1.0.3-6) unstable; urgency=low
+
+  * Patched shtool's vulnerability CAN-2005-1751, closes: #314464.
+  * Using dpatch to handle patches.
+  * Updated standards version to 3.6.2.
+
+ -- Samuel Mimram <smimram at debian.org>  Mon, 18 Jul 2005 23:27:28 +0200
+
 mysql-ocaml (1.0.3-5) unstable; urgency=medium
 
   * Updated to OCaml 3.08.3.

Modified: trunk/packages/mysql-ocaml/trunk/debian/control
===================================================================
--- trunk/packages/mysql-ocaml/trunk/debian/control	2005-07-18 22:14:46 UTC (rev 1456)
+++ trunk/packages/mysql-ocaml/trunk/debian/control	2005-07-18 22:14:55 UTC (rev 1457)
@@ -2,8 +2,8 @@
 Section: devel
 Priority: optional
 Maintainer: Samuel Mimram <smimram at debian.org>
-Build-Depends: debhelper (>= 4.0.0), libmysqlclient12-dev, ocaml-nox-3.08.3, ocaml-findlib
-Standards-Version: 3.6.1.1
+Build-Depends: debhelper (>= 4.0.0), libmysqlclient12-dev, ocaml-nox-3.08.3, ocaml-findlib, dpatch
+Standards-Version: 3.6.2
 
 Package: libmysql-ocaml
 Section: libs

Modified: trunk/packages/mysql-ocaml/trunk/debian/libmysql-ocaml-dev.doc-base
===================================================================
--- trunk/packages/mysql-ocaml/trunk/debian/libmysql-ocaml-dev.doc-base	2005-07-18 22:14:46 UTC (rev 1456)
+++ trunk/packages/mysql-ocaml/trunk/debian/libmysql-ocaml-dev.doc-base	2005-07-18 22:14:55 UTC (rev 1457)
@@ -1,7 +1,7 @@
 Document: libmysql-ocaml-dev
-Title: OCaml MySql API documentation
+Title: OCaml MySql Module Documentation
 Author: Shawn Wagner
-Abstract: Documentation of the OCaml MySql API
+Abstract: OCaml MySql module documentation
 Section: Apps/Programming
 
 Format: HTML

Added: trunk/packages/mysql-ocaml/trunk/debian/patches/00list
===================================================================
--- trunk/packages/mysql-ocaml/trunk/debian/patches/00list	2005-07-18 22:14:46 UTC (rev 1456)
+++ trunk/packages/mysql-ocaml/trunk/debian/patches/00list	2005-07-18 22:14:55 UTC (rev 1457)
@@ -0,0 +1 @@
+shtool_tempfile

Added: trunk/packages/mysql-ocaml/trunk/debian/patches/shtool_tempfile.dpatch
===================================================================
--- trunk/packages/mysql-ocaml/trunk/debian/patches/shtool_tempfile.dpatch	2005-07-18 22:14:46 UTC (rev 1456)
+++ trunk/packages/mysql-ocaml/trunk/debian/patches/shtool_tempfile.dpatch	2005-07-18 22:14:55 UTC (rev 1457)
@@ -0,0 +1,28 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## shtool_tempfile.dpatch by Samuel Mimram <smimram at debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: shtool creates temporary files in an insecure manner, which can be
+## DP: exploited through symlink attacks. Please see these URLs for details:
+## DP: http://www.zataz.net/adviso/shtool-05252005.txt
+## DP: http://bugs.gentoo.org/show_bug.cgi?id=93782
+
+ at DPATCH@
+diff -urNad --exclude=CVS --exclude=.svn ./etc/shtool /tmp/dpep-work.f6mb29/mysql-ocaml-1.0.3/etc/shtool
+--- ./etc/shtool	2004-01-27 20:46:36.000000000 +0100
++++ /tmp/dpep-work.f6mb29/mysql-ocaml-1.0.3/etc/shtool	2005-07-18 23:52:08.000000000 +0200
+@@ -378,7 +378,13 @@
+             tmpdir="$TEMPDIR"
+         fi
+     fi
+-    tmpfile="$tmpdir/.shtool.$$"
++    if mkdir "$tmpdir/.shtool.$$"; then
++        tmpfile="$tmpdir/.shtool.$$/shtool.tmp"
++    else
++        echo "$msgprefix:Error: failed to create temporary file" 1>&2
++        exit 1
++    fi
++    tmpfile="$tmpdir/.shtool.$$/shtool.tmp"
+     rm -f $tmpfile >/dev/null 2>&1
+     touch $tmpfile
+ fi


Property changes on: trunk/packages/mysql-ocaml/trunk/debian/patches/shtool_tempfile.dpatch
___________________________________________________________________
Name: svn:executable
   + *

Modified: trunk/packages/mysql-ocaml/trunk/debian/rules
===================================================================
--- trunk/packages/mysql-ocaml/trunk/debian/rules	2005-07-18 22:14:46 UTC (rev 1456)
+++ trunk/packages/mysql-ocaml/trunk/debian/rules	2005-07-18 22:14:55 UTC (rev 1457)
@@ -3,6 +3,9 @@
 # Uncomment this to turn on verbose mode.
 #export DH_VERBOSE=1
 
+# We want to use dpatch
+include /usr/share/dpatch/dpatch.make
+
 OCAML_LIB_DIR = $(shell ocamlc -where)
 DESTDIR = $(CURDIR)/debian/tmp$(OCAML_LIB_DIR)
 
@@ -22,7 +25,7 @@
 	CFLAGS="$(CFLAGS)" ./configure --prefix=/usr \
 	 --mandir=\$${prefix}/share/man --infodir=\$${prefix}/share/info
 
-build: build-stamp
+build: patch-stamp build-stamp
 build-stamp:  config.status
 	dh_testdir
 
@@ -31,20 +34,20 @@
 
 	touch build-stamp
 
-clean:
+clean: unpatch
 	dh_testdir
 	dh_testroot
-	rm -f build-stamp 
+	rm -f build-stamp
 
 	-$(MAKE) clean
 	rm -f config.log config.status
 
-	dh_clean 
+	dh_clean
 
 install: build
 	dh_testdir
 	dh_testroot
-	dh_clean -k 
+	dh_clean -k
 	dh_installdirs
 
 	mkdir -p $(DESTDIR)
@@ -61,7 +64,7 @@
 	dh_installdocs
 	dh_installexamples
 	dh_install  --sourcedir=debian/tmp --list-missing
-#	dh_installman
+	dh_installman
 	dh_link
 	dh_strip
 	dh_compress
@@ -74,4 +77,4 @@
 	dh_builddeb
 
 binary: binary-indep binary-arch
-.PHONY: build clean binary-indep binary-arch binary install 
+.PHONY: build clean binary-indep binary-arch binary install

Added: trunk/packages/mysql-ocaml/trunk/debian/svn-deblayout
===================================================================
--- trunk/packages/mysql-ocaml/trunk/debian/svn-deblayout	2005-07-18 22:14:46 UTC (rev 1456)
+++ trunk/packages/mysql-ocaml/trunk/debian/svn-deblayout	2005-07-18 22:14:55 UTC (rev 1457)
@@ -0,0 +1,3 @@
+origDir=../upstream
+origUrl=svn+ssh://svn.debian.org/svn/pkg-ocaml-maint/trunk/packages/mysql-ocaml/upstream
+tagsUrl=svn+ssh://svn.debian.org/svn/pkg-ocaml-maint/tags/packages/mysql-ocaml

Deleted: trunk/packages/mysql-ocaml/trunk/mysql-ocaml_1.0.3.orig.tar.gz
===================================================================
(Binary files differ)

More information about the Pkg-ocaml-maint-commits mailing list