Hi, attached is the new patch which has just been uploaded. Thanks for your help in this issue! Nico
-- Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
diff -u guilt-0.27/debian/changelog guilt-0.27/debian/changelog
--- guilt-0.27/debian/changelog
+++ guilt-0.27/debian/changelog
@@ -1,3 +1,20 @@
+guilt (0.27-1.2) unstable; urgency=high
+
+ * Non-maintainer upload by testing security team
+ * Updated patch to fix insecure file handling
+ (CVE-2007-5207) provided by upstream author since the last
+ patch introduces some problems (Closes: #445308).
+
+ -- Nico Golde <[EMAIL PROTECTED]> Sat, 06 Oct 2007 18:31:30 +0200
+
+guilt (0.27-1.1) unstable; urgency=high
+
+ * Non-maintainer upload by testing security team.
+ * Included CVE-2007-5207.patch to fix insecure handling
+ of temporary files (CVE-2007-5207) (Closes: #445308).
+
+ -- Nico Golde <[EMAIL PROTECTED]> Sat, 06 Oct 2007 12:47:08 +0200
+
guilt (0.27-1) unstable; urgency=low
* New upstream release
only in patch2:
unchanged:
--- guilt-0.27.orig/guilt-header
+++ guilt-0.27/guilt-header
@@ -38,16 +38,21 @@
# FIXME: warn if we're editing an applied patch
+TMP_MSG=`get_tmp_file msg`
+TMP_DIFF=`get_tmp_file diff`
+
if [ -z "$edit" ]; then
do_get_header "$GUILT_DIR/$branch/$patch"
else
- do_get_full_header "$GUILT_DIR/$branch/$patch" > /tmp/guilt.msg.$$
- do_get_patch "$GUILT_DIR/$branch/$patch" > /tmp/guilt.diff.$$
- $editor "/tmp/guilt.msg.$$"
+ do_get_full_header "$GUILT_DIR/$branch/$patch" > "$TMP_MSG"
+ do_get_patch "$GUILT_DIR/$branch/$patch" > "$TMP_DIFF"
+ $editor "$TMP_MSG"
mv "$GUILT_DIR/$branch/$patch" "$GUILT_DIR/$branch/$patch~"
(
- cat /tmp/guilt.msg.$$
- cat /tmp/guilt.diff.$$
+ cat "$TMP_MSG"
+ cat "$TMP_DIFF"
) > "$GUILT_DIR/$branch/$patch"
fi
+
+rm -f "$TMP_MSG" "$TMP_DIFF"
only in patch2:
unchanged:
--- guilt-0.27.orig/guilt
+++ guilt-0.27/guilt
@@ -378,6 +378,9 @@
__push_patch_bail=0
(
+ TMP_LOG=`get_tmp_file log`
+ TMP_MSG=`get_tmp_file msg`
+
p="$GUILT_DIR/$branch/$1"
pname="$1"
bail_action="$2"
@@ -392,23 +395,23 @@
reject=""
fi
git-apply -C$guilt_push_diff_context --index \
- $reject "$p" > /dev/null 2> /tmp/guilt.log.$$
+ $reject "$p" > /dev/null 2> "$TMP_LOG"
__push_patch_bail=$?
if [ $__push_patch_bail -ne 0 ]; then
- cat /tmp/guilt.log.$$ >&2
+ cat "$TMP_LOG" >&2
if [ "$bail_action" = "abort" ]; then
- rm -f /tmp/guilt.log.$$ /tmp/guilt.msg.$$
+ rm -f "$TMP_LOG" "$TMP_MSG"
return $__push_patch_bail
fi
fi
fi
# grab a commit message out of the patch
- do_get_header "$p" > /tmp/guilt.msg.$$
+ do_get_header "$p" > "$TMP_MSG"
# make a default commit message if patch doesn't contain one
- [ ! -s /tmp/guilt.msg.$$ ] && echo "patch $pname" > /tmp/guilt.msg.$$
+ [ ! -s "$TMP_MSG" ] && echo "patch $pname" > "$TMP_MSG"
# extract a From line from the patch header, and set
# GIT_AUTHOR_{NAME,EMAIL}
@@ -423,11 +426,13 @@
# commit
treeish=`git-write-tree`
- commitish=`git-commit-tree $treeish -p HEAD < /tmp/guilt.msg.$$`
+ commitish=`git-commit-tree $treeish -p HEAD < "$TMP_MSG"`
echo $commitish > $GIT_DIR/`git-symbolic-ref HEAD`
# mark patch as applied
echo "$commitish:$pname" >> $applied
+
+ rm -f "$TMP_MSG" "$TMP_LOG"
)
# sub-shell funky-ness
@@ -436,7 +441,6 @@
# update references to top, bottom, and base of the stack
update_stack_tags
- rm -f /tmp/guilt.msg.$$ /tmp/guilt.log.$$
return $__push_patch_bail
}
@@ -474,13 +478,15 @@
assert_head_check
(
+ TMP_DIFF=`get_tmp_file diff`
+
cd "$TOP_DIR"
p="$GUILT_DIR/$branch/$1"
git-diff-files --name-only | (while read n; do git-update-index "$n" ; done)
# get the patch header
- do_get_full_header "$p" > /tmp/guilt.diff.$$
+ do_get_full_header "$p" > "$TMP_DIFF"
[ ! -z "$4" ] && diffopts="-C -M --find-copies-harder"
@@ -489,15 +495,15 @@
echo "---"
git-diff --stat $diffopts "$2"
echo ""
- ) >> /tmp/guilt.diff.$$
+ ) >> "$TMP_DIFF"
fi
# get the new patch
- git-diff $diffopts "$2" >> /tmp/guilt.diff.$$
+ git-diff $diffopts "$2" >> "$TMP_DIFF"
# move the new patch in
mv "$p" "$p~"
- mv /tmp/guilt.diff.$$ $p
+ mv "$TMP_DIFF" $p
)
# drop the currently applied patch, pop_many_patches does it's own
@@ -541,6 +547,16 @@
return 0
}
+# usage: get_tmp_file <prefix>
+#
+# Get a unique filename and create the file in a non-racy way
+get_tmp_file()
+{
+ while true; do
+ mktemp "/tmp/guilt.$1.XXXXXXXXXXXXXXX" && break
+ done
+}
+
# usage: guilt_hook <hook name> <args....>
guilt_hook()
{
only in patch2:
unchanged:
--- guilt-0.27.orig/guilt-patchbomb
+++ guilt-0.27/guilt-patchbomb
@@ -8,6 +8,8 @@
USAGE="[-n] [--in-reply-to <msgid>] [<hash> | <since>..[<until>] | ..<until>]"
. `dirname $0`/guilt
+TMP_FILE=`get_tmp_file file`
+
while [ $# -gt 0 ]; do
case "$1" in
-n)
@@ -83,15 +85,15 @@
x
s/\n/, /g
p
-}' > /tmp/guilt.$$.tmp
- if [ -s /tmp/guilt.$$.tmp ]; then
+}' > "$TMP_FILE"
+ if [ -s "$TMP_FILE" ]; then
head -1 "$fulln" > "$fulln~"
echo -n "Cc: " >> "$fulln~"
- cat /tmp/guilt.$$.tmp >> "$fulln~"
+ cat "$TMP_FILE" >> "$fulln~"
tail -n +2 "$fulln" >> "$fulln~"
mv "$fulln~" "$fulln"
echo "${n:0:4}: Including Cc from patch description"
- rm -f /tmp/guilt.$$.tmp
+ rm -f "$TMP_FILE"
else
echo "${n:0:4}: No Cc found in patch description"
fi
pgpCynkX8BaxP.pgp
Description: PGP signature
