Dear Debian Release Team, sabre/0.2.4b-23 from stable is affected by the isecure temp-file creation (CVE-2008-4407) fixed in unstable in sabre/0.2.4b-25. I prepared a 0.2.4b-23+etch1 to upload to stable as suggested by Nico Golde [1]. The diff against 0.2.4b-23 is attached, have you any objections or can we upload it? Regards Evgeni Golov Debian Games Team [1] http://permalink.gmane.org/gmane.linux.debian.devel.games.devel/6887 alias <20081002120323.GA13076@ngolde.de>
diff -u sabre-0.2.4b/debian/patches/030_launch_scripts.diff sabre-0.2.4b/debian/patches/030_launch_scripts.diff --- sabre-0.2.4b/debian/patches/030_launch_scripts.diff +++ sabre-0.2.4b/debian/patches/030_launch_scripts.diff @@ -1,12 +1,14 @@ ---- sabre-0.2.4b.orig/RunSabre -+++ sabre-0.2.4b/RunSabre +Index: sabre-0.2.4b/RunSabre +=================================================================== +--- sabre-0.2.4b.orig/RunSabre 1999-11-25 01:32:16.000000000 +0100 ++++ sabre-0.2.4b/RunSabre 2008-10-01 15:38:12.000000000 +0200 @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 1, or (at your option) -@@ -23,26 +23,23 @@ +@@ -23,26 +23,24 @@ # for high-res Sabre # 04/10/98 Version 0.2.3 patch # 01/01/99 Version 0.2.4 @@ -16,8 +18,9 @@ +# 1999 Miscellanous changes by Milan Zamazal <pdm@debian.org> +banner="$(/usr/games/sabre --print-banner)" +DLG=/usr/bin/dialog -+FOO=${TMPDIR:-/tmp}/sabre.$$ -+LOG=${TMPDIR:-/tmp}/sabre.log ++FOO=$(mktemp -t sabre.XXXXXX) || exit 1 ++LOG=$(mktemp -t sabre.XXXXXX) || exit 1 ++LOADLOG=$(mktemp -t sabre.XXXXXX) || exit 1 MODE="-mode 0" RZ_STEPS= SABRE="-mode $MODE" #default flight parameters @@ -43,7 +46,7 @@ { errname="Unknown error" case $2 in -@@ -60,7 +57,7 @@ +@@ -60,7 +58,7 @@ # view_file( file ) # display file on textbox @@ -52,7 +55,7 @@ { if [ -r $1 ] then -@@ -81,9 +78,9 @@ +@@ -81,10 +79,10 @@ # load_scenario( file, type ) # load mission or demo @@ -60,11 +63,13 @@ +load_scenario() { - path=scenarios/$1 +- echo "$1 $2 = $path $MODE $WINDOW" >> loadlog + path=/usr/share/games/sabre/$1 - echo "$1 $2 = $path $MODE $WINDOW" >> loadlog ++ echo "$1 $2 = $path $MODE $WINDOW" >> $LOADLOG if [ -x $path ] -@@ -94,8 +91,8 @@ + then +@@ -94,8 +92,8 @@ --infobox "Scenario coming up: Please standby!" \ 3 44 export SABRE @@ -75,7 +80,7 @@ stty sane $DLG \ --backtitle "$banner" \ -@@ -103,7 +100,7 @@ +@@ -103,7 +101,7 @@ --yesno "Do you want to see the log?" 5 44 if [ $? = 0 ] then @@ -84,7 +89,7 @@ fi else if [ -e $1 ] -@@ -117,7 +114,7 @@ +@@ -117,7 +115,7 @@ # sabre_documentation() # browse documentation @@ -93,7 +98,7 @@ looping=1 until [ "$looping" = "0" ]; do -@@ -125,7 +122,7 @@ +@@ -125,7 +123,7 @@ --backtitle "$banner" \ --title "Documentation" \ --menu "Miscellaneous Sabre papers" \ @@ -102,7 +107,7 @@ "WHATSNEW" "news on latest" \ "intro" "introduction to the game" \ "keys" "keys used" \ -@@ -136,7 +133,6 @@ +@@ -136,7 +134,6 @@ "CONTRIBUTORS" "people behind this game" \ "README" "general background information" \ "REQUIREMENTS" "the gear needed" \ @@ -110,7 +115,7 @@ "TODO" "future plans and fixes" \ "TROUBLE_SHOOTING" "some noted problems and fixes" \ "JOYSTICK.README" "info on using a joystick" \ -@@ -149,19 +145,19 @@ +@@ -149,19 +146,19 @@ "keys" | \ "takeoff" | \ "gru" | \ @@ -134,7 +139,7 @@ "") looping=0;; esac done -@@ -169,7 +165,7 @@ +@@ -169,7 +166,7 @@ # sabre_missions() # browse missions @@ -143,7 +148,7 @@ DEMO= looping=1 until [ "$looping" = "0" ]; -@@ -224,7 +220,7 @@ +@@ -224,7 +221,7 @@ # sabre_demos() # browse demos @@ -152,7 +157,7 @@ DEMO=-demo until [ "foo" = "bar" ]; do -@@ -261,7 +257,7 @@ +@@ -261,7 +258,7 @@ # sabre_vgamodes() # Allow choosing of the vga mode @@ -161,7 +166,7 @@ { $DLG \ --backtitle "$banner" \ -@@ -293,7 +289,7 @@ +@@ -293,7 +290,7 @@ # recommended. It's also best # to keep a 3:2 width:height # proportion @@ -170,7 +175,7 @@ # until [ "foo" = "bar" ]; # do $DLG \ -@@ -326,43 +322,29 @@ +@@ -326,43 +323,29 @@ } @@ -217,7 +222,7 @@ #clear all flags ST_JOY0=off ST_MS=off -@@ -384,7 +366,7 @@ +@@ -384,7 +367,7 @@ 10 66 3 \ "-j0" "Joystick" "$ST_JOY0" \ "-ms" "Mouse" "$ST_MS" \ @@ -226,7 +231,7 @@ 2> $FOO if [ $? = 0 ] then -@@ -394,7 +376,7 @@ +@@ -394,7 +377,7 @@ # sabre_setup() # default flight parameters @@ -235,7 +240,7 @@ #clear all flags ST_JOY2=off ST_MR=off -@@ -426,7 +408,7 @@ +@@ -426,7 +409,7 @@ # sabre_setup() # default flight parameters @@ -244,7 +249,7 @@ #clear all flags ST_JOY1=off ST_MT=off -@@ -456,18 +438,6 @@ +@@ -456,18 +439,6 @@ fi } @@ -263,12 +268,12 @@ # the main loop if [ ! -f $DLG ]; then -@@ -504,15 +474,7 @@ +@@ -504,15 +475,7 @@ "svgamode") sabre_vgamodes;; "window") sabre_vgawindow;; "documentation") sabre_documentation;; - "quit" | "") runsabre_save;; -+ "quit" | "") rm -f $FOO $FOO1 $LOG loadlog; exit;; ++ "quit" | "") rm -f $FOO $LOG $LOADLOG; exit;; esac done # the end @@ -280,9 +285,11 @@ - - - ---- sabre-0.2.4b.orig/RunSabreSDL -+++ sabre-0.2.4b/RunSabreSDL -@@ -23,26 +23,23 @@ +Index: sabre-0.2.4b/RunSabreSDL +=================================================================== +--- sabre-0.2.4b.orig/RunSabreSDL 1999-11-25 01:32:49.000000000 +0100 ++++ sabre-0.2.4b/RunSabreSDL 2008-10-01 15:38:23.000000000 +0200 +@@ -23,26 +23,24 @@ # for high-res Sabre # 04/10/98 Version 0.2.3 patch # 01/01/99 Version 0.2.4 @@ -292,8 +299,9 @@ +# 1999, 2002 Miscellanous changes by Milan Zamazal <pdm@debian.org> +banner="$(/usr/games/sabresdl --print-banner)" +DLG=/usr/bin/dialog -+FOO=${TMPDIR:-/tmp}/sabre.$$ -+LOG=${TMPDIR:-/tmp}/sabre.log ++FOO=$(mktemp -t sabre.XXXXXX) || exit 1 ++LOG=$(mktemp -t sabre.XXXXXX) || exit 1 ++LOADLOG=$(mktemp -t sabre.XXXXXX) || exit 1 MODE="-mode 0" RZ_STEPS= SABRE="-mode $MODE" #default flight parameters @@ -319,7 +327,7 @@ { errname="Unknown error" case $2 in -@@ -60,7 +57,7 @@ +@@ -60,7 +58,7 @@ # view_file( file ) # display file on textbox @@ -328,7 +336,7 @@ { if [ -r $1 ] then -@@ -81,9 +78,9 @@ +@@ -81,10 +79,10 @@ # load_scenario( file, type ) # load mission or demo @@ -336,11 +344,13 @@ +load_scenario() { - path=scenarios/$1 +- echo "$1 $2 = $path $MODE $WINDOW" >> loadlog + path=/usr/share/games/sabre/$1 - echo "$1 $2 = $path $MODE $WINDOW" >> loadlog ++ echo "$1 $2 = $path $MODE $WINDOW" >> $LOADLOG if [ -x $path ] -@@ -94,8 +91,8 @@ + then +@@ -94,8 +92,8 @@ --infobox "Scenario coming up: Please standby!" \ 3 44 export SABRE @@ -351,7 +361,7 @@ stty sane $DLG \ --backtitle "$banner" \ -@@ -103,7 +100,7 @@ +@@ -103,7 +101,7 @@ --yesno "Do you want to see the log?" 5 44 if [ $? = 0 ] then @@ -360,7 +370,7 @@ fi else if [ -e $1 ] -@@ -117,7 +114,7 @@ +@@ -117,7 +115,7 @@ # sabre_documentation() # browse documentation @@ -369,7 +379,7 @@ looping=1 until [ "$looping" = "0" ]; do -@@ -125,7 +122,7 @@ +@@ -125,7 +123,7 @@ --backtitle "$banner" \ --title "Documentation" \ --menu "Miscellaneous Sabre papers" \ @@ -378,7 +388,7 @@ "WHATSNEW" "news on latest" \ "intro" "introduction to the game" \ "keys" "keys used" \ -@@ -136,7 +133,6 @@ +@@ -136,7 +134,6 @@ "CONTRIBUTORS" "people behind this game" \ "README" "general background information" \ "REQUIREMENTS" "the gear needed" \ @@ -386,7 +396,7 @@ "TODO" "future plans and fixes" \ "TROUBLE_SHOOTING" "some noted problems and fixes" \ "JOYSTICK.README" "info on using a joystick" \ -@@ -149,19 +145,19 @@ +@@ -149,19 +146,19 @@ "keys" | \ "takeoff" | \ "gru" | \ @@ -410,7 +420,7 @@ "") looping=0;; esac done -@@ -169,7 +165,7 @@ +@@ -169,7 +166,7 @@ # sabre_missions() # browse missions @@ -419,7 +429,7 @@ DEMO= looping=1 until [ "$looping" = "0" ]; -@@ -224,7 +220,7 @@ +@@ -224,7 +221,7 @@ # sabre_demos() # browse demos @@ -428,7 +438,7 @@ DEMO=-demo until [ "foo" = "bar" ]; do -@@ -261,7 +257,7 @@ +@@ -261,7 +258,7 @@ # sabre_vgamodes() # Allow choosing of the vga mode @@ -437,7 +447,7 @@ { $DLG \ --backtitle "$banner" \ -@@ -293,7 +289,7 @@ +@@ -293,7 +290,7 @@ # recommended. It's also best # to keep a 3:2 width:height # proportion @@ -446,7 +456,7 @@ # until [ "foo" = "bar" ]; # do $DLG \ -@@ -326,43 +322,29 @@ +@@ -326,43 +323,29 @@ } @@ -493,7 +503,7 @@ #clear all flags ST_JOY0=off ST_MS=off -@@ -384,7 +366,7 @@ +@@ -384,7 +367,7 @@ 10 66 3 \ "-j0" "Joystick" "$ST_JOY0" \ "-ms" "Mouse" "$ST_MS" \ @@ -502,7 +512,7 @@ 2> $FOO if [ $? = 0 ] then -@@ -394,7 +376,7 @@ +@@ -394,7 +377,7 @@ # sabre_setup() # default flight parameters @@ -511,7 +521,7 @@ #clear all flags ST_JOY2=off ST_MR=off -@@ -426,7 +408,7 @@ +@@ -426,7 +409,7 @@ # sabre_setup() # default flight parameters @@ -520,7 +530,7 @@ #clear all flags ST_JOY1=off ST_MT=off -@@ -456,18 +438,6 @@ +@@ -456,18 +439,6 @@ fi } @@ -539,7 +549,7 @@ # the main loop if [ ! -f $DLG ]; then -@@ -487,10 +457,9 @@ +@@ -487,10 +458,9 @@ --backtitle "$banner" \ --title "Main" \ --menu "Welcome to Sabre - enjoy your flight!" \ @@ -551,7 +561,7 @@ "window" "Select Window Size" \ "documentation" "Miscellaneous Sabre papers" \ "controls" "Select Flight Controls" \ -@@ -501,18 +470,9 @@ +@@ -501,18 +471,9 @@ "missions") sabre_missions;; "demos") sabre_demos;; "controls") sabre_controls;; @@ -559,7 +569,7 @@ "window") sabre_vgawindow;; "documentation") sabre_documentation;; - "quit" | "") runsabre_save;; -+ "quit" | "") rm -f $FOO $FOO1 $LOG loadlog; exit;; ++ "quit" | "") rm -f $FOO $LOG $LOADLOG; exit;; esac done # the end @@ -571,93 +581,121 @@ - - - ---- sabre-0.2.4b.orig/scenarios/dogfight -+++ sabre-0.2.4b/scenarios/dogfight +Index: sabre-0.2.4b/scenarios/dogfight +=================================================================== +--- sabre-0.2.4b.orig/scenarios/dogfight 1998-12-17 17:51:26.000000000 +0100 ++++ sabre-0.2.4b/scenarios/dogfight 2008-10-01 15:21:20.000000000 +0200 @@ -1,2 +1,3 @@ +#!/bin/sh $SABRE_BIN -flt dogfight.flt -rnd $1 $2 $3 $4 $5 $6 $7 $8 $9 $10 $11 $12 $13 $14 $15 $16 ---- sabre-0.2.4b.orig/scenarios/furball -+++ sabre-0.2.4b/scenarios/furball +Index: sabre-0.2.4b/scenarios/furball +=================================================================== +--- sabre-0.2.4b.orig/scenarios/furball 1998-12-17 17:51:45.000000000 +0100 ++++ sabre-0.2.4b/scenarios/furball 2008-10-01 15:21:20.000000000 +0200 @@ -1,3 +1,3 @@ -#! /bin/bash +#! /bin/sh # What a mess! $SABRE_BIN -flt furball.flt -rnd -grnd a.gru $1 $2 $3 $4 $5 $6 $7 $8 $9 $10 $11 $12 $13 $14 $15 $16 ---- sabre-0.2.4b.orig/scenarios/gru -+++ sabre-0.2.4b/scenarios/gru +Index: sabre-0.2.4b/scenarios/gru +=================================================================== +--- sabre-0.2.4b.orig/scenarios/gru 1998-12-17 17:51:53.000000000 +0100 ++++ sabre-0.2.4b/scenarios/gru 2008-10-01 15:21:20.000000000 +0200 @@ -1,2 +1,3 @@ +#!/bin/sh $SABRE_BIN -flt gru.flt -grnd b.gru -wld gru.wld $1 $2 $3 $4 $5 $6 $7 $8 $9 $10 $11 $12 $13 $14 $15 $16 ---- sabre-0.2.4b.orig/scenarios/gru2 -+++ sabre-0.2.4b/scenarios/gru2 +Index: sabre-0.2.4b/scenarios/gru2 +=================================================================== +--- sabre-0.2.4b.orig/scenarios/gru2 1998-12-17 17:52:14.000000000 +0100 ++++ sabre-0.2.4b/scenarios/gru2 2008-10-01 15:21:20.000000000 +0200 @@ -1,2 +1,3 @@ +#!/bin/sh $SABRE_BIN -flt gru2.flt -grnd b.gru -wld gru.wld $1 $2 $3 $4 $5 $6 $7 $8 $9 $10 $11 $12 $13 $14 $15 $16 ---- sabre-0.2.4b.orig/scenarios/gru3 -+++ sabre-0.2.4b/scenarios/gru3 +Index: sabre-0.2.4b/scenarios/gru3 +=================================================================== +--- sabre-0.2.4b.orig/scenarios/gru3 1998-12-17 17:52:30.000000000 +0100 ++++ sabre-0.2.4b/scenarios/gru3 2008-10-01 15:21:20.000000000 +0200 @@ -1,2 +1,3 @@ +#!/bin/sh $SABRE_BIN -flt gru3.flt -grnd b.gru -wld gru.wld $1 $2 $3 $4 $5 $6 $7 $8 $9 $10 $11 $12 $13 $14 $15 $16 ---- sabre-0.2.4b.orig/scenarios/melee -+++ sabre-0.2.4b/scenarios/melee +Index: sabre-0.2.4b/scenarios/melee +=================================================================== +--- sabre-0.2.4b.orig/scenarios/melee 1998-12-17 17:52:48.000000000 +0100 ++++ sabre-0.2.4b/scenarios/melee 2008-10-01 15:21:20.000000000 +0200 @@ -1,3 +1,4 @@ +#!/bin/sh $SABRE_BIN -flt melee.flt $1 $2 $3 $4 $5 $6 $7 $8 $9 $10 $11 $12 $13 $14 $15 $16 ---- sabre-0.2.4b.orig/scenarios/migjump -+++ sabre-0.2.4b/scenarios/migjump +Index: sabre-0.2.4b/scenarios/migjump +=================================================================== +--- sabre-0.2.4b.orig/scenarios/migjump 1998-12-17 17:53:11.000000000 +0100 ++++ sabre-0.2.4b/scenarios/migjump 2008-10-01 15:21:20.000000000 +0200 @@ -1 +1,2 @@ +#!/bin/sh $SABRE_BIN -flt migjump.flt $1 $2 $3 $4 $5 $6 $7 $8 $9 $10 $11 $12 $13 $14 $15 $16 ---- sabre-0.2.4b.orig/scenarios/pistons -+++ sabre-0.2.4b/scenarios/pistons +Index: sabre-0.2.4b/scenarios/pistons +=================================================================== +--- sabre-0.2.4b.orig/scenarios/pistons 1998-12-17 17:53:18.000000000 +0100 ++++ sabre-0.2.4b/scenarios/pistons 2008-10-01 15:21:20.000000000 +0200 @@ -1,3 +1,4 @@ +#!/bin/sh $SABRE_BIN -flt pistons.flt $1 $2 $3 $4 $5 $6 $7 $8 $9 $10 $11 $12 $13 $14 $15 $16 ---- sabre-0.2.4b.orig/scenarios/shoot1 -+++ sabre-0.2.4b/scenarios/shoot1 +Index: sabre-0.2.4b/scenarios/shoot1 +=================================================================== +--- sabre-0.2.4b.orig/scenarios/shoot1 1998-12-17 17:53:42.000000000 +0100 ++++ sabre-0.2.4b/scenarios/shoot1 2008-10-01 15:21:20.000000000 +0200 @@ -1,3 +1,4 @@ +#!/bin/sh # MiG in front $SABRE_BIN -flt shoot1.flt $1 $2 $3 $4 $5 $6 $7 $8 $9 $10 $11 $12 $13 $14 $15 $16 ---- sabre-0.2.4b.orig/scenarios/shoot2 -+++ sabre-0.2.4b/scenarios/shoot2 +Index: sabre-0.2.4b/scenarios/shoot2 +=================================================================== +--- sabre-0.2.4b.orig/scenarios/shoot2 1998-12-17 17:53:49.000000000 +0100 ++++ sabre-0.2.4b/scenarios/shoot2 2008-10-01 15:21:20.000000000 +0200 @@ -1,3 +1,4 @@ +#!/bin/sh # MiG in front $SABRE_BIN -flt shoot2.flt $1 $2 $3 $4 $5 $6 $7 $8 $9 $10 $11 $12 $13 $14 $15 $16 ---- sabre-0.2.4b.orig/scenarios/shoot3 -+++ sabre-0.2.4b/scenarios/shoot3 +Index: sabre-0.2.4b/scenarios/shoot3 +=================================================================== +--- sabre-0.2.4b.orig/scenarios/shoot3 1998-12-17 17:53:57.000000000 +0100 ++++ sabre-0.2.4b/scenarios/shoot3 2008-10-01 15:21:20.000000000 +0200 @@ -1,3 +1,4 @@ +#!/bin/sh # MiG in front $SABRE_BIN -flt shoot3.flt $1 $2 $3 $4 $5 $6 $7 $8 $9 $10 $11 $12 $13 $14 $15 $16 ---- sabre-0.2.4b.orig/scenarios/takeoff -+++ sabre-0.2.4b/scenarios/takeoff +Index: sabre-0.2.4b/scenarios/takeoff +=================================================================== +--- sabre-0.2.4b.orig/scenarios/takeoff 1998-12-17 17:54:09.000000000 +0100 ++++ sabre-0.2.4b/scenarios/takeoff 2008-10-01 15:21:20.000000000 +0200 @@ -1,4 +1,4 @@ -#! /bin/bash +#! /bin/sh $SABRE_BIN -flt takeoff.flt $1 $2 $3 $4 $5 $6 $7 $8 $9 $10 $11 $12 $13 $14 $15 $16 ---- sabre-0.2.4b.orig/scenarios/thunder -+++ sabre-0.2.4b/scenarios/thunder +Index: sabre-0.2.4b/scenarios/thunder +=================================================================== +--- sabre-0.2.4b.orig/scenarios/thunder 1998-12-17 17:54:22.000000000 +0100 ++++ sabre-0.2.4b/scenarios/thunder 2008-10-01 15:21:20.000000000 +0200 @@ -1,2 +1,3 @@ +#!/bin/sh $SABRE_BIN -flt thunder.flt $1 $2 $3 $4 $5 $6 $7 $8 $9 $10 $11 $12 $13 $14 $15 $16 ---- sabre-0.2.4b.orig/scenarios/yakattak -+++ sabre-0.2.4b/scenarios/yakattak +Index: sabre-0.2.4b/scenarios/yakattak +=================================================================== +--- sabre-0.2.4b.orig/scenarios/yakattak 1998-12-17 17:54:34.000000000 +0100 ++++ sabre-0.2.4b/scenarios/yakattak 2008-10-01 15:21:20.000000000 +0200 @@ -1,3 +1,3 @@ -#! /bin/bash +#! /bin/sh diff -u sabre-0.2.4b/debian/sabre.postrm sabre-0.2.4b/debian/sabre.postrm --- sabre-0.2.4b/debian/sabre.postrm +++ sabre-0.2.4b/debian/sabre.postrm @@ -1,5 +1,7 @@ #! /bin/sh +set -e + case "$1" in purge|remove) if dpkg-statoverride --list /usr/games/sabre >/dev/null; then diff -u sabre-0.2.4b/debian/control sabre-0.2.4b/debian/control --- sabre-0.2.4b/debian/control +++ sabre-0.2.4b/debian/control @@ -2,7 +2,7 @@ Section: games Priority: optional Maintainer: Debian Games Team <pkg-games-devel@lists.alioth.debian.org> -Uploaders: Sam Hocevar (Debian packages) <sam+deb@zoy.org> +Uploaders: Sam Hocevar (Debian packages) <sam+deb@zoy.org>, Evgeni Golov <sargentd@die-welt.net> Build-Depends: debhelper (>= 4.0), quilt, libncurses-dev, libsdl1.2-dev (>= 1.2.2-3.1), libsvga1-dev [i386] Standards-Version: 3.7.2 diff -u sabre-0.2.4b/debian/sabre.postinst sabre-0.2.4b/debian/sabre.postinst --- sabre-0.2.4b/debian/sabre.postinst +++ sabre-0.2.4b/debian/sabre.postinst @@ -1,9 +1,17 @@ #! /bin/sh +set -e + case "$1" in configure) - if ! dpkg-statoverride --list /usr/games/sabre >/dev/null; then - dpkg-statoverride --update --add root root 2755 /usr/games/sabre + if [ -z "$2" ]; then + dpkg-statoverride --add root root 1755 /usr/games/sabre + else + if dpkg --compare-versions "$2" le-nl 0.2.4b-24; then + if [ "$(dpkg-statoverride --list /usr/games/sabre)" = "root root 2755 /usr/games/sabre" ]; then + dpkg-statoverride --update --add root root 1755 /usr/games/sabre + fi + fi fi ;; abort-upgrade|abort-remove|abort-deconfigure) diff -u sabre-0.2.4b/debian/changelog sabre-0.2.4b/debian/changelog --- sabre-0.2.4b/debian/changelog +++ sabre-0.2.4b/debian/changelog @@ -1,3 +1,19 @@ +sabre (0.2.4b-23+etch1) stable; urgency=high + + * Update for etch to address a security issue. + * debian/patches/030_launch_scripts.diff: + + Update the patch and use mktemp for creating temporary files. + Fixes: CVE-2008-4407 (insecure temp file). + * debian/sabre.postinst: + + Fix the call to dpkg-statoverride in the postinst, + we need setuid root, not setguid root. + + Call "set -e" first. + * debian/sabre.postrm: + + Call "set -e" first. + * Add myself to uploaders. + + -- Evgeni Golov <sargentd@die-welt.net> Sun, 05 Oct 2008 23:25:54 +0200 + sabre (0.2.4b-23) unstable; urgency=high * debian/patches/025_endianness.diff:
Attachment:
pgpPdq5Kc_I4d.pgp
Description: PGP signature