[DebianGIS-dev] r1763 - in packages/gpsdrive/trunk/debian: . patches

nd-guest at alioth.debian.org nd-guest at alioth.debian.org
Sun Aug 31 22:12:02 UTC 2008 

Author: nd-guest
Date: 2008-08-31 22:12:00 +0000 (Sun, 31 Aug 2008)
New Revision: 1763

Added:
   packages/gpsdrive/trunk/debian/patches/100-fix-insecure-tempfiles.dpatch
Modified:
   packages/gpsdrive/trunk/debian/patches/00list
   packages/gpsdrive/trunk/debian/rules
Log:
patch for insecure tempfiles in geo-code


Modified: packages/gpsdrive/trunk/debian/patches/00list
===================================================================
--- packages/gpsdrive/trunk/debian/patches/00list	2008-08-31 22:10:49 UTC (rev 1762)
+++ packages/gpsdrive/trunk/debian/patches/00list	2008-08-31 22:12:00 UTC (rev 1763)
@@ -15,3 +15,4 @@
 97-osmxml
 98-mapnik-exception
 99-autobestmap
+100-fix-insecure-tempfiles

Added: packages/gpsdrive/trunk/debian/patches/100-fix-insecure-tempfiles.dpatch
===================================================================
--- packages/gpsdrive/trunk/debian/patches/100-fix-insecure-tempfiles.dpatch	                        (rev 0)
+++ packages/gpsdrive/trunk/debian/patches/100-fix-insecure-tempfiles.dpatch	2008-08-31 22:12:00 UTC (rev 1763)
@@ -0,0 +1,78 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 100-fix-insecure-tempfiles.dpatch by Andreas Putzo <andreas at putzo.net>
+##
+## DP: Fix insecure tempfile creation in geo-code.
+## DP: Thanks Moritz Muehlenhoff <jmm at inutil.org>.
+
+ at DPATCH@
+diff -urNad gpsdrive-2.10~pre4-6.dfsg~/scripts/geo-code gpsdrive-2.10~pre4-6.dfsg/scripts/geo-code
+--- gpsdrive-2.10~pre4-6.dfsg~/scripts/geo-code	2007-09-14 21:47:07.000000000 +0000
++++ gpsdrive-2.10~pre4-6.dfsg/scripts/geo-code	2008-08-31 21:51:50.000000000 +0000
+@@ -83,6 +83,7 @@
+ #
+ error() {
+ 	echo "`basename $PROGNAME`: $1" >&2
++    remove_cruft
+ 	exit 1
+ }
+ 
+@@ -130,8 +131,9 @@
+ 	a)	SQLMATCH=all;;
+ 	D)	DEBUG="$OPTARG";;
+ 	U)	echo "Getting latest version of this script..."
+-		curl -o$UPDATEcodeFILE "$UPDATEcodeURL"
+-		echo "Latest version is in $UPDATEcodeFILE"
++		destdir=`mktemp -d`
++		curl -o$destdir/$UPDATEcodeFILE "$UPDATEcodeURL"
++		echo "Latest version is in $destdir/$UPDATEcodeFILE"
+ 		exit
+ 		;;
+ 	h|\?)	usage;;
+@@ -239,7 +241,7 @@
+ #	procedure to remove cruft files
+ #
+ remove_cruft() {
+-	for i in $STYLE $COORDS $OUTWAY $MAP
++	for i in $STYLE $COORDS $OUTWAY $MAP $TMP
+ 	do
+ 		[ -f $i ] && rm -f $i
+ 	done
+@@ -248,7 +250,7 @@
+ #
+ #	Main Program
+ #
+-TMP=/tmp/geo$$
++TMP=`mktemp`
+ STYLE=${TMP}.style
+ COORDS=${TMP}.coords
+ OUTWAY=${TMP}.way
+@@ -269,7 +271,6 @@
+ 		| head -n1 \
+ 		`
+ 	if [ "$URL" = "" ]; then
+-		cp $COORDS /tmp/geo.google
+ 		error "Unable to lookup telephone number or name with Google"
+ 	else
+ 		URL="http://maps.yahoo.com/$URL"
+@@ -295,7 +296,7 @@
+ fi
+ 
+ if [ $DEBUG -gt 0 ]; then
+-    filter="tee /tmp/geo.yahoo"
++    filter="tee `mktemp`"
+ else
+     filter=cat
+ fi
+@@ -306,9 +307,9 @@
+ 	-e 's/.*slt=\([^%]*\).*sln=\([^%]*\).*Create.*/\1 \2/p' \
+ > $COORDS
+ 
+-if [ $DEBUG -gt 0 ]; then
+-	cp $COORDS /tmp/geo.coords
+-fi
++#if [ $DEBUG -gt 0 ]; then
++#	cp -d $COORDS /tmp/geo.coords
++#fi
+ 
+ #
+ #	Convert the coords, address, and type to the desired


Property changes on: packages/gpsdrive/trunk/debian/patches/100-fix-insecure-tempfiles.dpatch
___________________________________________________________________
Name: svn:executable
   + *

Modified: packages/gpsdrive/trunk/debian/rules
===================================================================
--- packages/gpsdrive/trunk/debian/rules	2008-08-31 22:10:49 UTC (rev 1762)
+++ packages/gpsdrive/trunk/debian/rules	2008-08-31 22:12:00 UTC (rev 1763)
@@ -10,8 +10,8 @@
 DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE)
 DEB_VERSION := $(shell dpkg-parsechangelog |egrep  '^Version:' | cut -f 2 -d ' ')
 DEB_NOEPOCH_VERSION := $(shell echo $(DEB_VERSION) | cut -d: -f2-)
-DEB_UPSTREAM_VERSION := $(shell echo $(DEB_NOEPOCH_VERSION) | sed 's/-[^-]*$$//')
-UPSTREAM_VERSION := $(strip $(shell (echo $(DEB_UPSTREAM_VERSION)|sed 's/~//')))
+DEB_UPSTREAM_VERSION := 2.10~pre4-6.dfsg
+UPSTREAM_VERSION := 2.10pre4
 DESTDIR  := ${CURDIR}/debian/tmp
 MAPNIK_PATH = $(shell mapnik-plugin-base)

More information about the Pkg-grass-devel mailing list