diff -u cecilia-2.0.5/debian/patches/00list cecilia-2.0.5/debian/patches/00list --- cecilia-2.0.5/debian/patches/00list +++ cecilia-2.0.5/debian/patches/00list @@ -3,0 +4,2 @@ +13CVE-2008-1832 +14_dont_hang_on_version_5.dpatch diff -u cecilia-2.0.5/debian/changelog cecilia-2.0.5/debian/changelog --- cecilia-2.0.5/debian/changelog +++ cecilia-2.0.5/debian/changelog @@ -1,3 +1,35 @@ +cecilia (2.0.5-2.1ubuntu1) intrepid; urgency=low + + * Merge from debian unstable, remaining changes: + - debian/control: Update maintainer fields according to debian- + maintainer-field spec. + - Added a .desktop file (Closes: Malone #28759). This is forwarded + as Debian #427810. + * debian/patches/13CVE-2008-1832.dpatch (LP: #241457) + - lib/prefs.tcl in Cecilia 2.0.5 allows local users to overwrite + arbitrary files via a symlink attack on the csvers temporary file. + - References + - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1832 + - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476321 + - Thanks to Debian for the fix. + * debian/patches/14_dont_hang_on_version_5.dpatch (LP: #236251) + - Don't hang eating CPU when started with csound version 5. + (the version we have). This patch doesn't guarantee that + cecilia works with the new version, but not hanging seems + a little better. Thanks to Felipe Sateler. + - The patch originates from Debian bug #476300. + + -- James Westby Fri, 20 Jun 2008 00:33:55 +0100 + +cecilia (2.0.5-2.1) unstable; urgency=high + + * Non-maintainer upload by the security team + * Include 13CVE-2008-1832.dpatch to fix insecure tmp file handling, + which allows a symlink attack (Closes: #476321) + Fixes: CVE-2008-1832 + + -- Steffen Joeris Fri, 09 May 2008 11:47:07 +0000 + cecilia (2.0.5-2ubuntu5) hardy; urgency=low * Reset to Architecture: all. only in patch2: unchanged: --- cecilia-2.0.5.orig/debian/patches/14_dont_hang_on_version_5.dpatch +++ cecilia-2.0.5/debian/patches/14_dont_hang_on_version_5.dpatch @@ -0,0 +1,24 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 14_dont_hang_on_version_5.dpatch by +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Don't hang when using csound version 5. The program may not +## DP: work correctly with that version, but at least with this it +## DP: won't hang eating CPU. Thanks to Felipe Sateler for the patch. +## DP: References: +## DP: - https://bugs.launchpad.net/bugs/236251 +## DP: - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476300 + +@DPATCH@ +diff -urNad cecilia-2.0.5~/lib/prefs.tcl cecilia-2.0.5/lib/prefs.tcl +--- cecilia-2.0.5~/lib/prefs.tcl 2003-02-17 19:26:58.000000000 +0000 ++++ cecilia-2.0.5/lib/prefs.tcl 2008-06-20 00:23:33.000000000 +0100 +@@ -186,7 +186,7 @@ + set f [open /tmp/csvers r] + while ![eof $f] { + set l [gets $f ] +- if [regexp Version $l] { break } ++ if [regexp -nocase Version $l] { break } + } + + close $f only in patch2: unchanged: --- cecilia-2.0.5.orig/debian/patches/13CVE-2008-1832.dpatch +++ cecilia-2.0.5/debian/patches/13CVE-2008-1832.dpatch @@ -0,0 +1,39 @@ +#!/bin/sh -e +## 13CVE-2008-1832.dpatch +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: No description. + +if [ $# -ne 1 ]; then + echo >&2 "`basename $0`: script expects -patch|-unpatch as argument" + exit 1 +fi + +[ -f debian/patches/00patch-opts ] && . debian/patches/00patch-opts +patch_opts="${patch_opts:--f --no-backup-if-mismatch}" + +case "$1" in + -patch) patch $patch_opts -p1 < $0;; + -unpatch) patch $patch_opts -p1 -R < $0;; + *) + echo >&2 "`basename $0`: script expects -patch|-unpatch as argument" + exit 1;; +esac + +exit 0 + +@DPATCH@ +--- ../old/cecilia-2.0.5/lib/prefs.tcl 2003-02-17 19:26:58.000000000 +0000 ++++ cecilia-2.0.5/lib/prefs.tcl 2008-05-06 11:26:21.000000000 +0000 +@@ -182,8 +182,9 @@ + return [localCsound] + } { + puts "info: $csound found; verifying version" +- catch {exec $csound >& /tmp/csvers} +- set f [open /tmp/csvers r] ++ set tmp [exec mktemp -t] ++ catch {exec $csound >& $tmp} ++ set f [open $tmp r] + while ![eof $f] { + set l [gets $f ] + if [regexp Version $l] { break }