please unblock bzip2/1.0.5-1

Fri, 08 Aug 2008 03:07:44 -0700 

The bzip2 version in testing has a bug in bzdiff. The $tmp variable is
not double quoted. It may be possible to craft a TMPDIR environment
variable to inject a commad like "rm\ /*" when line #62, "/bin/rm -f
$tmp;;" is executed, but I haven't tested it yet. At least, it doesn't
work if TMPDIR has spaces in it.

Please unblock bzip2/1.0.5-1

The following is the interdiff between the versions in testing and
unstable.

interdiff -zp1 bzip2_1.0.5-0.1.diff.gz bzip2_1.0.5-1.diff.gz
diff -u bzip2-1.0.5/bzdiff bzip2-1.0.5/bzdiff
--- bzip2-1.0.5/bzdiff
+++ bzip2-1.0.5/bzdiff
@@ -49,14 +49,14 @@
                 case "$2" in
                *.bz2)
                        F=`echo "$2" | sed 's|.*/||;s|.bz2$||'`
-                       tmp=`mktemp ${TMPDIR:-/tmp}/bzdiff.XXXXXXXXXX` || {
+                       tmp=`mktemp "${TMPDIR:-/tmp}"/bzdiff.XXXXXXXXXX` || {
                              echo 'cannot create a temporary file' >&2
                              exit 1
                        }
-                        bzip2 -cdfq "$2" > $tmp
-                        bzip2 -cdfq "$1" | $comp $OPTIONS - $tmp
+                        bzip2 -cdfq "$2" > "$tmp"
+                        bzip2 -cdfq "$1" | $comp $OPTIONS - "$tmp"
                         STAT="$?"
-                       /bin/rm -f $tmp;;
+                       /bin/rm -f "$tmp";;
 
                 *)      bzip2 -cdfq "$1" | $comp $OPTIONS - "$2"
                         STAT="$?";;
diff -u bzip2-1.0.5/debian/control bzip2-1.0.5/debian/control
--- bzip2-1.0.5/debian/control
+++ bzip2-1.0.5/debian/control
@@ -3,7 +3,7 @@
 Priority: important
 Maintainer: Anibal Monsalve Salazar <[EMAIL PROTECTED]>
 Uploaders: Santiago Ruano Rincón <[EMAIL PROTECTED]>
-Standards-Version: 3.7.3
+Standards-Version: 3.8.0
 Build-depends: texinfo, gcc-multilib [amd64 i386 kfreebsd-amd64 powerpc ppc64 
s390 sparc] | gcc-4.1 (<< 4.1.2) [amd64 i386 kfreebsd-amd64 powerpc ppc64 s390 
sparc]
 Homepage: http://www.bzip.org/
 
diff -u bzip2-1.0.5/debian/docbase bzip2-1.0.5/debian/docbase
--- bzip2-1.0.5/debian/docbase
+++ bzip2-1.0.5/debian/docbase
@@ -6,7 +6,7 @@
  considerably better than that achieved by more conventional
  LZ77/LZ78-based compressors, and approaches the performance of the PPM
  family of statistical compressors.
-Section: Apps/Tools
+Section: File Management
 
 Format: HTML
 Index: /usr/share/doc/bzip2/manual.html
diff -u bzip2-1.0.5/debian/changelog bzip2-1.0.5/debian/changelog
--- bzip2-1.0.5/debian/changelog
+++ bzip2-1.0.5/debian/changelog
@@ -1,3 +1,13 @@
+bzip2 (1.0.5-1) unstable; urgency=low
+
+  * Fix "bzdiff doesn't work if $TMPDIR contains spaces"; closes: #493710
+    Patch by Vincent Lefevre <[EMAIL PROTECTED]>
+  * Standards-Version is 3.8.0
+  * Fixed the following lintian issues:
+    W: bzip2-doc: doc-base-unknown-section bzip2:9 Apps/Tools
+
+ -- Anibal Monsalve Salazar <[EMAIL PROTECTED]>  Tue, 05 Aug 2008 19:52:24 
+1000
+
 bzip2 (1.0.5-0.1) unstable; urgency=high
 
   * NMU

Attachment: signature.asc
Description: Digital signature

Reply via email to