Bug#598501: unblock: bristol/0.60.5-2

2010-10-15 Thread Alessio Treglia 
Ok, now should be fine:

diff --git a/debian/changelog b/debian/changelog
index b2e88d5..942ccb3 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+bristol (0.60.5-3) unstable; urgency=low
+
+  * Drop all unnecessary 'export' statements.
+
+ -- Alessio Treglia ales...@debian.org  Fri, 15 Oct 2010 13:32:22 +0200
+
 bristol (0.60.5-2) unstable; urgency=high

   * Add patch to solve security issue CVE-2010-3351:
diff --git a/debian/patches/90-CVE_insecure_library_loading.patch
b/debian/patches/90-CVE_insecure_library_loading.patch
index a6fc40e..2740582 100644
--- a/debian/patches/90-CVE_insecure_library_loading.patch
+++ b/debian/patches/90-CVE_insecure_library_loading.patch
@@ -2,17 +2,19 @@ Subject: Fix insecure library loading - CVE-2010-3351.
 Origin: upstream, https://sourceforge.net/support/tracker.php?aid=3077160
 Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598285
 ---
- bin/startBristol.in |2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
+ bin/startBristol.in |4 
+ 1 file changed, 4 deletions(-)

 --- bristol.orig/bin/startBristol.in
 +++ bristol/bin/startBristol.in
-@@ -347,7 +347,7 @@ fi
+@@ -347,10 +347,6 @@ fi
  export SLAB_HOME=$BRISTOL
  export BRIGHTON=$BRISTOL

 -export 
LD_LIBRARY_PATH=/usr/local/lib:usr/lib:${LD_LIBRARY_PATH}:${BRISTOL}/lib
-+export ld_library_pa...@bristol_dir@/lib:/usr/local/lib:/usr/lib:/lib
-
- export PATH=${PATH}:$BRISTOL/bin:/usr/local/bin
-
+-
+-export PATH=${PATH}:$BRISTOL/bin:/usr/local/bin
+-
+ if [ $jack -eq 1 ]; then
+   ldd `which bristol` | grep jack  /dev/null 21
+   if [ $? -ne 0 ]; then


-- 
Alessio Treglia ales...@debian.org
Debian  Ubuntu Developer | Homepage: http://www.alessiotreglia.com
0FEC 59A5 E18E E04F 6D40 593B 45D4 8C7C DCFC 3FD0



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#598501: unblock: bristol/0.60.5-2

2010-10-14 Thread Alessio Treglia 
On Thu, Oct 7, 2010 at 9:30 PM, Adam D. Barratt
a...@adam-barratt.org.uk wrote:
 Any news on that?


Back home few hours ago, I'll fix it ASAP.

-- 
Alessio Treglia ales...@debian.org
Debian  Ubuntu Developer | Homepage: http://www.alessiotreglia.com
0FEC 59A5 E18E E04F 6D40 593B 45D4 8C7C DCFC 3FD0



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#598501: unblock: bristol/0.60.5-2

2010-10-14 Thread Alessio Treglia 
Here is the diff.
Built and tested.

diff --git a/debian/changelog b/debian/changelog
index b2e88d5..16d0e66 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+bristol (0.60.5-3) unstable; urgency=low
+
+  * Exporting unmodified PATH is unnecessary. Drop
+/usr/share/bristol/lib from the LD_LIBRARY_PATH.
+
+ -- Alessio Treglia ales...@debian.org  Thu, 14 Oct 2010 12:55:41 +0200
+
 bristol (0.60.5-2) unstable; urgency=high

   * Add patch to solve security issue CVE-2010-3351:
diff --git a/debian/patches/90-CVE_insecure_library_loading.patch
b/debian/patches/90-CVE_insecure_library_loading.patch
index a6fc40e..7fc156d 100644
--- a/debian/patches/90-CVE_insecure_library_loading.patch
+++ b/debian/patches/90-CVE_insecure_library_loading.patch
@@ -2,17 +2,19 @@ Subject: Fix insecure library loading - CVE-2010-3351.
 Origin: upstream, https://sourceforge.net/support/tracker.php?aid=3077160
 Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598285
 ---
- bin/startBristol.in |2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
+ bin/startBristol.in |4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)

 --- bristol.orig/bin/startBristol.in
 +++ bristol/bin/startBristol.in
-@@ -347,7 +347,7 @@ fi
+@@ -347,9 +347,7 @@ fi
  export SLAB_HOME=$BRISTOL
  export BRIGHTON=$BRISTOL

 -export 
LD_LIBRARY_PATH=/usr/local/lib:usr/lib:${LD_LIBRARY_PATH}:${BRISTOL}/lib
-+export ld_library_pa...@bristol_dir@/lib:/usr/local/lib:/usr/lib:/lib
-
- export PATH=${PATH}:$BRISTOL/bin:/usr/local/bin
+-
+-export PATH=${PATH}:$BRISTOL/bin:/usr/local/bin
++export LD_LIBRARY_PATH=/usr/local/lib:/usr/lib:/lib

+ if [ $jack -eq 1 ]; then
+   ldd `which bristol` | grep jack  /dev/null 21



-- 
Alessio Treglia ales...@debian.org
Debian  Ubuntu Developer | Homepage: http://www.alessiotreglia.com
0FEC 59A5 E18E E04F 6D40 593B 45D4 8C7C DCFC 3FD0



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#598501: unblock: bristol/0.60.5-2

2010-10-14 Thread Adam D. Barratt 
On Thu, 2010-10-14 at 14:48 +0200, Alessio Treglia wrote:
 Here is the diff.

Thanks.

 +  * Exporting unmodified PATH is unnecessary. Drop
 +/usr/share/bristol/lib from the LD_LIBRARY_PATH.
[...]
 - export PATH=${PATH}:$BRISTOL/bin:/usr/local/bin
 +-
 +-export PATH=${PATH}:$BRISTOL/bin:/usr/local/bin

That doesn't seem to be an unmodified PATH? (apologies if I'm missing
something)

Regards,

Adam




-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#598501: unblock: bristol/0.60.5-2

2010-10-14 Thread Julien Cristau 
On Thu, Oct 14, 2010 at 14:48:18 +0200, Alessio Treglia wrote:

 ++export LD_LIBRARY_PATH=/usr/local/lib:/usr/lib:/lib
 
That still seems useless.

Cheers,
Julien


signature.asc
Description: Digital signature

Bug#598501: unblock: bristol/0.60.5-2

2010-10-07 Thread Adam D. Barratt 
On Fri, 2010-10-01 at 03:00 +0200, Alessio Treglia wrote:
 On Wed, Sep 29, 2010 at 9:43 PM, Adam D. Barratt
 a...@adam-barratt.org.uk wrote:
  +-export 
  LD_LIBRARY_PATH=/usr/local/lib:usr/lib:${LD_LIBRARY_PATH}:${BRISTOL}/lib
  ++export ld_library_pa...@bristol_dir@/lib:/usr/local/lib:/usr/lib:/lib
  +
  + export PATH=${PATH}:$BRISTOL/bin:/usr/local/bin
 
  Should that be ${BRISTOL} rather than @bristol_...@?
 
 It gets replaced by ${BRISTOL}, which contains /usr/share/bristol/ and
 it is unnecessary at all.
 We may remove it, I think.

Any news on that?

Regards,

Adam




-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#598501: unblock: bristol/0.60.5-2

2010-09-30 Thread Alessio Treglia 
Hi Adam,

thanks for reviewing this!

On Wed, Sep 29, 2010 at 9:43 PM, Adam D. Barratt
a...@adam-barratt.org.uk wrote:
 On Wed, 2010-09-29 at 15:34 +0200, Alessio Treglia wrote:
 Please unblock package bristol 0.60.5-2, which fixes the 'grave' bug
 #598285 (CVE-2010-3351: insecure library loading).

 and removes potentially useful functionality in the process :-/
 (although forcing /usr/local/lib and usr/lib (sic) ahead of
 LD_LIBRARY_PATH is a little odd anyway)

 + export SLAB_HOME=$BRISTOL
 + export BRIGHTON=$BRISTOL
 +
 +-export 
 LD_LIBRARY_PATH=/usr/local/lib:usr/lib:${LD_LIBRARY_PATH}:${BRISTOL}/lib
 ++export ld_library_pa...@bristol_dir@/lib:/usr/local/lib:/usr/lib:/lib
 +
 + export PATH=${PATH}:$BRISTOL/bin:/usr/local/bin

 Should that be ${BRISTOL} rather than @bristol_...@?

It gets replaced by ${BRISTOL}, which contains /usr/share/bristol/ and
it is unnecessary at all.
We may remove it, I think.


-- 
Alessio Treglia ales...@debian.org
Debian  Ubuntu Developer | Homepage: http://www.alessiotreglia.com
0FEC 59A5 E18E E04F 6D40 593B 45D4 8C7C DCFC 3FD0



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#598501: unblock: bristol/0.60.5-2

2010-09-29 Thread Alessio Treglia 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package bristol 0.60.5-2, which fixes the 'grave' bug #598285 
(CVE-2010-3351: insecure library loading).
The changelog entry follows:

bristol (0.60.5-2) unstable; urgency=high

  * Add patch to solve security issue CVE-2010-3351:
- Fix insecure library loading (Closes: #598285);
  bump urgency to high.
  * Add debian/gbp.conf file.
  * Bump Standards.

 -- Alessio Treglia ales...@debian.org  Wed, 29 Sep 2010 14:54:22 +0200


unblock bristol/0.60.5-2

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#598501: unblock: bristol/0.60.5-2

2010-09-29 Thread Adam D. Barratt 
On Wed, 2010-09-29 at 15:34 +0200, Alessio Treglia wrote:
 Please unblock package bristol 0.60.5-2, which fixes the 'grave' bug
 #598285 (CVE-2010-3351: insecure library loading).

and removes potentially useful functionality in the process :-/
(although forcing /usr/local/lib and usr/lib (sic) ahead of
LD_LIBRARY_PATH is a little odd anyway)

+ export SLAB_HOME=$BRISTOL
+ export BRIGHTON=$BRISTOL
+ 
+-export 
LD_LIBRARY_PATH=/usr/local/lib:usr/lib:${LD_LIBRARY_PATH}:${BRISTOL}/lib
++export ld_library_pa...@bristol_dir@/lib:/usr/local/lib:/usr/lib:/lib
+ 
+ export PATH=${PATH}:$BRISTOL/bin:/usr/local/bin

Should that be ${BRISTOL} rather than @bristol_...@?

Regards,

Adam




-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org