rinse 3.0.9 now adds the cpio dependency and fixes the wrong date in
the changelog of 3.0.7. Here's the debdiff
between the testing and unstable version.
diff -Nru rinse-3.0.7/bin/rinse rinse-3.0.9/bin/rinse
--- rinse-3.0.7/bin/rinse 2014-07-25 13:22:30.000000000 +0200
+++ rinse-3.0.9/bin/rinse 2015-04-13 14:46:04.000000000 +0200
@@ -1147,13 +1147,13 @@
# Run the unpacking command.
#
my $cmd =
- "rpm2cpio $file | (cd $CONFIG{'directory'} ; cpio --extract
--make-directories --no-absolute-filenames --preserve-modification-time)
2>/dev/null >/dev/null";
+ "rpm2cpio $file | (cd $CONFIG{'directory'} ; cpio --extract
--extract-over-symlinks --make-directories --no-absolute-filenames
--preserve-modification-time) 2>/dev/null >/dev/null";
if ( $file =~ /(fedora|centos|redhat|mandriva)-release-/ ) {
my $rpmname = basename($file);
$postcmd =
"cp $file $CONFIG{'directory'}/tmp ; chroot $CONFIG{'directory'} rpm
-ivh --force --nodeps /tmp/$rpmname ; rm $CONFIG{'directory'}/tmp/$rpmname";
}
- system($cmd );
+ system($cmd) == 0 or die "failed to extract $name: $?";
}
print "\r";
diff -Nru rinse-3.0.7/debian/changelog rinse-3.0.9/debian/changelog
--- rinse-3.0.7/debian/changelog 2015-02-25 12:02:18.000000000 +0100
+++ rinse-3.0.9/debian/changelog 2015-04-14 09:05:18.000000000 +0200
@@ -1,3 +1,19 @@
+rinse (3.0.9) unstable; urgency=high
+
+ * add dependency on new cpio version
+ * fix date of 3.0.7 entry, Closes: #782518
+
+ -- Thomas Lange <[email protected]> Tue, 14 Apr 2015 09:03:48 +0200
+
+rinse (3.0.8) unstable; urgency=high
+
+ * add --extract-over-symlinks to cpio call, Closes: #768501
+ this restores the old behaviour of cpio, which changed because of
+ CVE-2015-1197 (see #774669)
+ * add check if cpio call failed
+
+ -- Thomas Lange <[email protected]> Mon, 13 Apr 2015 14:51:41 +0200
+
rinse (3.0.7) unstable; urgency=high
* control: change depends on perl-modules to perl, Closes: #779118,
diff -Nru rinse-3.0.7/debian/control rinse-3.0.9/debian/control
--- rinse-3.0.7/debian/control 2015-02-25 12:04:03.000000000 +0100
+++ rinse-3.0.9/debian/control 2015-04-14 08:55:37.000000000 +0200
@@ -10,7 +10,7 @@
Package: rinse
Architecture: all
-Depends: wget, libterm-size-perl, libwww-perl, perl, rpm
+Depends: wget, libterm-size-perl, libwww-perl, perl, rpm, cpio (>=
2.11+dfsg-4.1)
Description: RPM installation environment
This is a tool for bootstrapping a basic RPM-based distribution of
GNU/Linux.
--
regards Thomas
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
Archive:
https://lists.debian.org/[email protected]
