Bug#559803: cvsnt: diff for NMU version 2.5.04.3236-1.2

[Moritz Muehlenhoff]

On Sun, Jan 24, 2010 at 04:52:25PM +, Thorsten Glaser wrote:
 tags 559803 + patch
 thanks
 
 Dear Andreas,
 
 I have prepared an NMU for cvsnt (version 2.5.04.3236-1.2) to use
 the system libtool/libltdl instead of its own bundled version,
 according to Policy §4.13, thus fixing CVE-2009-3736.
 
 As was suggested here at the BSP, I’ll have it uploaded into
 unstable instead of a DELAYED/2, since it’s a security issue.

Apparently you didn't upload it?

Cheers,
Moritz



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#559803: cvsnt: diff for NMU version 2.5.04.3236-1.2

[Thorsten Glaser]

Moritz Muehlenhoff dixit:

Apparently you didn't upload it?

Interesting. Must have slipped me to look after my sponsors
(I only became DD the weekend after, and have been first busy
then ill since), although I know I did for some.

I'll upload it ASAP. Thanks for the heads-up!

bye,
//mirasudo cowbuilder --updatebilos
-- 
Sometimes they [people] care too much: pretty printers [and syntax highligh-
ting, d.A.] mechanically produce pretty output that accentuates irrelevant
detail in the program, which is as sensible as putting all the prepositions
in English text in bold font.   -- Rob Pike in Notes on Programming in C



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#559803: cvsnt: diff for NMU version 2.5.04.3236-1.2

[Thorsten Glaser]

tags 559803 + patch
thanks

Dear Andreas,

I have prepared an NMU for cvsnt (version 2.5.04.3236-1.2) to use
the system libtool/libltdl instead of its own bundled version,
according to Policy §4.13, thus fixing CVE-2009-3736.

As was suggested here at the BSP, I’ll have it uploaded into
unstable instead of a DELAYED/2, since it’s a security issue.

bye,
//mirabilos
-- 
Sometimes they [people] care too much: pretty printers [and syntax highligh-
ting, d.A.] mechanically produce pretty output that accentuates irrelevant
detail in the program, which is as sensible as putting all the prepositions
in English text in bold font.   -- Rob Pike in Notes on Programming in Creverted: cvsnt-2.5.04.3236/config.sub
reverted: cvsnt-2.5.04.3236/config.guess
(note, these will be auto-reverted by debian/rules clean anyway, hence
the diff for these is not included for brevity)
diff -u cvsnt-2.5.04.3236/debian/control cvsnt-2.5.04.3236/debian/control
--- cvsnt-2.5.04.3236/debian/control
+++ cvsnt-2.5.04.3236/debian/control
@@ -3,7 +3,8 @@
 Priority: optional
 Maintainer: Andreas Tscharner a...@vis.ethz.ch
 Uploaders: Christian Bayle ba...@debian.org
-Build-Depends: debhelper (= 7.0.17), autotools-dev, zlib1g-dev, 
libexpat1-dev, libssl-dev, libkrb5-dev, comerr-dev, libpcre3-dev, libxml2-dev, 
libpam0g-dev, unixodbc-dev, libpq-dev, libsqlite3-dev, dpatch
+Build-Depends: debhelper (= 7.0.17), autotools-dev, zlib1g-dev, 
libexpat1-dev, libssl-dev, libkrb5-dev, comerr-dev, libpcre3-dev, libxml2-dev, 
libpam0g-dev, unixodbc-dev, libpq-dev, libsqlite3-dev, dpatch, autoconf (= 
2.61~), automake1.10, libltdl-dev, libtool
+Build-Conflicts: autoconf2.13, automake1.4
 Standards-Version: 3.8.1
 Homepage: http://www.cvsnt.org/wiki/Download
 
diff -u cvsnt-2.5.04.3236/debian/changelog cvsnt-2.5.04.3236/debian/changelog
--- cvsnt-2.5.04.3236/debian/changelog
+++ cvsnt-2.5.04.3236/debian/changelog
@@ -1,3 +1,11 @@
+cvsnt (2.5.04.3236-1.2) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * Use autoreconf in order to use system libltdl instead of the bundled
+one (upgrading from 1.x to 2.2). (Closes: #559803) (CVE-2009-3736)
+
+ -- Thorsten Glaser t...@mirbsd.de  Sun, 24 Jan 2010 15:40:34 +
+
 cvsnt (2.5.04.3236-1.1) unstable; urgency=medium
 
   [Jari Aalto]
diff -u cvsnt-2.5.04.3236/debian/rules cvsnt-2.5.04.3236/debian/rules
--- cvsnt-2.5.04.3236/debian/rules
+++ cvsnt-2.5.04.3236/debian/rules
@@ -27,15 +27,16 @@
CFLAGS += -O2
 endif
 
-config.status: configure
+config.status: patch-stamp configure.in
dh_testdir
+   autoreconf -fvi
# Add here commands to configure the package.
-   CFLAGS=$(CFLAGS) ./configure --host=$(DEB_HOST_GNU_TYPE) 
--build=$(DEB_BUILD_GNU_TYPE) --prefix=/usr --mandir=\$${prefix}/share/man 
--infodir=\$${prefix}/share/info
+   CFLAGS=$(CFLAGS) ./configure --host=$(DEB_HOST_GNU_TYPE) 
--build=$(DEB_BUILD_GNU_TYPE) --prefix=/usr --mandir=\$${prefix}/share/man 
--infodir=\$${prefix}/share/info --without-included-ltdl
 
 
 build: build-stamp
 
-build-stamp:  config.status patch-stamp
+build-stamp:  config.status
dh_testdir
 
# Add here commands to compile the package.
@@ -51,13 +52,22 @@
 
# Add here commands to clean up after the build process.
[ ! -f Makefile ] || $(MAKE) distclean
-ifneq $(wildcard /usr/share/misc/config.sub) 
-   cp -f /usr/share/misc/config.sub config.sub
-endif
-ifneq $(wildcard /usr/share/misc/config.guess) 
-   cp -f /usr/share/misc/config.guess config.guess
-endif
 
+   rm -rf aclocal.m4 libltdl config.guess config.sub pcre/aclocal.m4 \
+   pcre/config.h.in pcre/configure pcre/ltmain.sh zlib/zconf.h \
+   INSTALL config.h.in configure depcomp install-sh ltmain.sh \
+   missing mkinstalldirs
+   find . -name Makefile.in | while read name; do \
+   test '!' -e $${name%in}am || rm -f $$name; \
+   done
+   cd libxml  rm -f INSTALL aclocal.m4 config.guess config.h.in \
+   config.sub configure depcomp install-sh ltmain.sh missing \
+   mkinstalldirs
+   cd protocols/ntlm  rm -f m4/libtool.m4 m4/ltoptions.m4 \
+   m4/ltsugar.m4 m4/ltversion.m4 m4/'lt~obsolete.m4' INSTALL \
+   aclocal.m4 config.guess config.h.in config.sub configure \
+   depcomp install-sh ltmain.sh missing mkinstalldirs
+   mkdir libltdl
 
dh_clean version_check
 
diff -u cvsnt-2.5.04.3236/debian/patches/01_config.dpatch 
cvsnt-2.5.04.3236/debian/patches/01_config.dpatch
--- cvsnt-2.5.04.3236/debian/patches/01_config.dpatch
+++ cvsnt-2.5.04.3236/debian/patches/01_config.dpatch
@@ -1,28 +1,54 @@
-#! /bin/sh -e
+#! /bin/sh /usr/share/dpatch/dpatch-run
 ## config.dpatch
-## Ralf Treinen trei...@debian.org
+## Thorsten Glaser t...@mirbsd.org
 ##
 ## All lines beginning with `## DP:' are a description of the patch.
-## DP: replace all config.{guess,sub} by the vesion installed in
-## DP: /usr/share/misc
+## DP: fix autoconf system to work