Your message dated Mon, 10 Jan 2005 19:32:02 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#287937: fixed in kernel-package 8.119
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 31 Dec 2004 00:24:50 +0000
>From [EMAIL PROTECTED] Thu Dec 30 16:24:50 2004
Return-path: <[EMAIL PROTECTED]>
Received: from tornado.dat.etsit.upm.es (dat.etsit.upm.es) [138.100.17.73]
by spohr.debian.org with smtp (Exim 3.35 1 (Debian))
id 1CkAb3-0001Mo-00; Thu, 30 Dec 2004 16:24:49 -0800
Received: (qmail 9496 invoked by uid 1013); 31 Dec 2004 00:24:48 -0000
Date: Fri, 31 Dec 2004 01:24:48 +0100
From: Javier =?iso-8859-1?Q?Fern=E1ndez-Sanguino_Pe=F1a?= <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: kernel-package: Improvements for kernel_grub_rm.sh script
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="9Ek0hoCL9XbhcSqy"
Content-Disposition: inline
User-Agent: Mutt/1.5.6+20040722i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no
version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level:
--9Ek0hoCL9XbhcSqy
Content-Type: multipart/mixed; boundary="lEGEL1/lMxI0MVQ2"
Content-Disposition: inline
--lEGEL1/lMxI0MVQ2
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Package: kernel-package
Version: 8.117
Priority: minor
Tags: patch security
Attached is a patch to improve the way the kernel_grub_rm.sh script
provided by kernel-package handles its temporary file. I have been=20
investigated and I don't believe this script is used at all by=20
kernel-package itself, that's why I'm only rating this bug as minor. If it=
=20
were used, since the location of the tempfile was hardcoded it could=20
introduce the possibility of symlink attacks to the user running it=20
(usually root).
Regards
Javier
--lEGEL1/lMxI0MVQ2
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="kernel_grub_rm.sh.diff"
Content-Transfer-Encoding: quoted-printable
--- kernel_grub_rm.sh.old 2004-12-31 01:09:06.000000000 +0100
+++ kernel_grub_rm.sh 2004-12-31 01:20:53.000000000 +0100
@@ -16,7 +16,6 @@
=20
CONFIG_FILE=3D/etc/kernel_grub.conf
=20
-
### Defaults
grub_menu_lst=3D/boot/grub/menu.lst
grub_kernel_partition=3D'(hd0,0)'
@@ -43,19 +42,22 @@
echo $vmlinuz_location
fi
=20
+TMPFILE=3D`mktemp -t kpkg-postrm-grub.XXXXXX` || { echo "Cannot create tem=
porary file" >&2 ; exit 1; }
+trap "[ -f $TMPFILE ] && rm -f $TMPFILE; exit 1" 1 2 3 13 15
if [ -f $grub_menu_lst ]; then
if grep "^kernel $grub_kernel_partition.*$vmlinuz_location" $grub_men=
u_lst >/dev/null 2>&1; then
echo "Removing kernel entry from $grub_menu_lst"
perl -nle "print unless /^#Autogenerated by kernel-image $version/
.. /^#End kernel-image $version/" < $grub_menu_lst \
- > /tmp/kpkg-postrm-grub.t=
mp
- mv -f /tmp/kpkg-postrm-grub.tmp $grub_menu_lst
+ > $TMPFILE
+ mv -f $TMPFILE $grub_menu_lst
else
echo "Seems like this kernel (version $version) is not"
echo "installed in $grub_menu_lst. Skipping."
fi
fi
=20
+rm -f $TMPFILE
exit 0
=20
=20
@@ -64,8 +66,9 @@
if [ -f $grub_menu_lst ]; then
perl -nle "print unless /^#Autogenerated by kernel-image $version/
.. /^#End kernel-image $version/" < $grub_menu_lst \
- > /tmp/kpkg-postrm-grub.tmp
- mv -f /tmp/kpkg-postrm-grub.tmp $grub_menu_lst
+ > $TMPFILE
+ mv -f $TMPFILE $grub_menu_lst
fi
=20
+rm -f $TMPFILE
exit 0
--lEGEL1/lMxI0MVQ2--
--9Ek0hoCL9XbhcSqy
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFB1JxPi4sehJTrj0oRAi1tAJ9Pof/qYKODiBpZiHxRz82ScNHpxgCeJZhl
Su0JzVPbLsxV2uM+Na/nhE8=
=BUV4
-----END PGP SIGNATURE-----
--9Ek0hoCL9XbhcSqy--
---------------------------------------
Received: (at 287937-close) by bugs.debian.org; 11 Jan 2005 00:38:37 +0000
>From [EMAIL PROTECTED] Mon Jan 10 16:38:37 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CoA3R-00063L-00; Mon, 10 Jan 2005 16:38:37 -0800
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1Co9x4-0007BW-00; Mon, 10 Jan 2005 19:32:02 -0500
From: Manoj Srivastava <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.54 $
Subject: Bug#287937: fixed in kernel-package 8.119
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Mon, 10 Jan 2005 19:32:02 -0500
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
X-CrossAssassin-Score: 2
Source: kernel-package
Source-Version: 8.119
We believe that the bug you reported is fixed in the latest version of
kernel-package, which is due to be installed in the Debian FTP archive:
kernel-package_8.119.dsc
to pool/main/k/kernel-package/kernel-package_8.119.dsc
kernel-package_8.119.tar.gz
to pool/main/k/kernel-package/kernel-package_8.119.tar.gz
kernel-package_8.119_all.deb
to pool/main/k/kernel-package/kernel-package_8.119_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Manoj Srivastava <[EMAIL PROTECTED]> (supplier of updated kernel-package
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 10 Jan 2005 17:39:31 -0600
Source: kernel-package
Binary: kernel-package
Architecture: source all
Version: 8.119
Distribution: unstable
Urgency: low
Maintainer: Manoj Srivastava <[EMAIL PROTECTED]>
Changed-By: Manoj Srivastava <[EMAIL PROTECTED]>
Description:
kernel-package - A utility for building Linux kernel related Debian packages.
Closes: 285166 287937 288540
Changes:
kernel-package (8.119) unstable; urgency=low
.
* Bug fix: "kernel-package: Improvements for kernel_grub_rm.sh script",
thanks to Javier Fernández-Sanguino Peña. I created my own patch,
rather than using the one in the report, but thanks for pointing this
out. (Closes: #287937).
* Bug fix: "mismatch between lilo.conf and the actual filename
"initrd.old".", thanks to David Robin. The fix is actually
thanks to Khalid Aziz, who noticed that in one corner case the
symbolic link was moved to the wrong location. (Closes: #288540).
* Bug fix: "bash_completion.d/make-kpkg prints grep error messages if
.config doesn't exist", thanks to Josh Triplett (Closes: #285166).
Files:
b49f41970b5ac5ea3d39f83c59a4c51f 483 misc optional kernel-package_8.119.dsc
1eba1747d5c2bf18fc3e66c72ec07ecd 491966 misc optional
kernel-package_8.119.tar.gz
b26a0a29ce1d12cd353b992dc9376345 349848 misc optional
kernel-package_8.119_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFB4xtBIbrau78kQkwRAp0eAJ9GIfesGll5TEi2M01vU2oCn8q0ZACgkKSq
l2lkHx+VFNOBC/mFdYKfIrk=
=dYJA
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
