Author: nd-guest Date: 2008-08-31 22:12:00 +0000 (Sun, 31 Aug 2008) New Revision: 1763
Added: packages/gpsdrive/trunk/debian/patches/100-fix-insecure-tempfiles.dpatch Modified: packages/gpsdrive/trunk/debian/patches/00list packages/gpsdrive/trunk/debian/rules Log: patch for insecure tempfiles in geo-code Modified: packages/gpsdrive/trunk/debian/patches/00list =================================================================== --- packages/gpsdrive/trunk/debian/patches/00list 2008-08-31 22:10:49 UTC (rev 1762) +++ packages/gpsdrive/trunk/debian/patches/00list 2008-08-31 22:12:00 UTC (rev 1763) @@ -15,3 +15,4 @@ 97-osmxml 98-mapnik-exception 99-autobestmap +100-fix-insecure-tempfiles Added: packages/gpsdrive/trunk/debian/patches/100-fix-insecure-tempfiles.dpatch =================================================================== --- packages/gpsdrive/trunk/debian/patches/100-fix-insecure-tempfiles.dpatch (rev 0) +++ packages/gpsdrive/trunk/debian/patches/100-fix-insecure-tempfiles.dpatch 2008-08-31 22:12:00 UTC (rev 1763) @@ -0,0 +1,78 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 100-fix-insecure-tempfiles.dpatch by Andreas Putzo <[EMAIL PROTECTED]> +## +## DP: Fix insecure tempfile creation in geo-code. +## DP: Thanks Moritz Muehlenhoff <[EMAIL PROTECTED]>. + [EMAIL PROTECTED]@ +diff -urNad gpsdrive-2.10~pre4-6.dfsg~/scripts/geo-code gpsdrive-2.10~pre4-6.dfsg/scripts/geo-code +--- gpsdrive-2.10~pre4-6.dfsg~/scripts/geo-code 2007-09-14 21:47:07.000000000 +0000 ++++ gpsdrive-2.10~pre4-6.dfsg/scripts/geo-code 2008-08-31 21:51:50.000000000 +0000 +@@ -83,6 +83,7 @@ + # + error() { + echo "`basename $PROGNAME`: $1" >&2 ++ remove_cruft + exit 1 + } + +@@ -130,8 +131,9 @@ + a) SQLMATCH=all;; + D) DEBUG="$OPTARG";; + U) echo "Getting latest version of this script..." +- curl -o$UPDATEcodeFILE "$UPDATEcodeURL" +- echo "Latest version is in $UPDATEcodeFILE" ++ destdir=`mktemp -d` ++ curl -o$destdir/$UPDATEcodeFILE "$UPDATEcodeURL" ++ echo "Latest version is in $destdir/$UPDATEcodeFILE" + exit + ;; + h|\?) usage;; +@@ -239,7 +241,7 @@ + # procedure to remove cruft files + # + remove_cruft() { +- for i in $STYLE $COORDS $OUTWAY $MAP ++ for i in $STYLE $COORDS $OUTWAY $MAP $TMP + do + [ -f $i ] && rm -f $i + done +@@ -248,7 +250,7 @@ + # + # Main Program + # +-TMP=/tmp/geo$$ ++TMP=`mktemp` + STYLE=${TMP}.style + COORDS=${TMP}.coords + OUTWAY=${TMP}.way +@@ -269,7 +271,6 @@ + | head -n1 \ + ` + if [ "$URL" = "" ]; then +- cp $COORDS /tmp/geo.google + error "Unable to lookup telephone number or name with Google" + else + URL="http://maps.yahoo.com/$URL" +@@ -295,7 +296,7 @@ + fi + + if [ $DEBUG -gt 0 ]; then +- filter="tee /tmp/geo.yahoo" ++ filter="tee `mktemp`" + else + filter=cat + fi +@@ -306,9 +307,9 @@ + -e 's/.*slt=\([^%]*\).*sln=\([^%]*\).*Create.*/\1 \2/p' \ + > $COORDS + +-if [ $DEBUG -gt 0 ]; then +- cp $COORDS /tmp/geo.coords +-fi ++#if [ $DEBUG -gt 0 ]; then ++# cp -d $COORDS /tmp/geo.coords ++#fi + + # + # Convert the coords, address, and type to the desired Property changes on: packages/gpsdrive/trunk/debian/patches/100-fix-insecure-tempfiles.dpatch ___________________________________________________________________ Name: svn:executable + * Modified: packages/gpsdrive/trunk/debian/rules =================================================================== --- packages/gpsdrive/trunk/debian/rules 2008-08-31 22:10:49 UTC (rev 1762) +++ packages/gpsdrive/trunk/debian/rules 2008-08-31 22:12:00 UTC (rev 1763) @@ -10,8 +10,8 @@ DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) DEB_VERSION := $(shell dpkg-parsechangelog |egrep '^Version:' | cut -f 2 -d ' ') DEB_NOEPOCH_VERSION := $(shell echo $(DEB_VERSION) | cut -d: -f2-) -DEB_UPSTREAM_VERSION := $(shell echo $(DEB_NOEPOCH_VERSION) | sed 's/-[^-]*$$//') -UPSTREAM_VERSION := $(strip $(shell (echo $(DEB_UPSTREAM_VERSION)|sed 's/~//'))) +DEB_UPSTREAM_VERSION := 2.10~pre4-6.dfsg +UPSTREAM_VERSION := 2.10pre4 DESTDIR := ${CURDIR}/debian/tmp MAPNIK_PATH = $(shell mapnik-plugin-base) _______________________________________________ Pkg-grass-devel mailing list Pkg-grass-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-grass-devel