please unblock bzip2/1.0.5-1

To: debian-release@lists.debian.org
Subject: please unblock bzip2/1.0.5-1
From: Aníbal Monsalve Salazar <anibal@debian.org>
Date: Fri, 8 Aug 2008 20:06:28 +1000
Message-id: <[🔎] 20080808100628.GF14057@debianrules.debiancolombia.org>

The bzip2 version in testing has a bug in bzdiff. The $tmp variable is
not double quoted. It may be possible to craft a TMPDIR environment
variable to inject a commad like "rm\ /*" when line #62, "/bin/rm -f
$tmp;;" is executed, but I haven't tested it yet. At least, it doesn't
work if TMPDIR has spaces in it.

Please unblock bzip2/1.0.5-1

The following is the interdiff between the versions in testing and
unstable.

interdiff -zp1 bzip2_1.0.5-0.1.diff.gz bzip2_1.0.5-1.diff.gz
diff -u bzip2-1.0.5/bzdiff bzip2-1.0.5/bzdiff
--- bzip2-1.0.5/bzdiff
+++ bzip2-1.0.5/bzdiff
@@ -49,14 +49,14 @@
                 case "$2" in
 	        *.bz2)
 			F=`echo "$2" | sed 's|.*/||;s|.bz2$||'`
-			tmp=`mktemp ${TMPDIR:-/tmp}/bzdiff.XXXXXXXXXX` || {
+			tmp=`mktemp "${TMPDIR:-/tmp}"/bzdiff.XXXXXXXXXX` || {
 			      echo 'cannot create a temporary file' >&2
 			      exit 1
 			}
-                        bzip2 -cdfq "$2" > $tmp
-                        bzip2 -cdfq "$1" | $comp $OPTIONS - $tmp
+                        bzip2 -cdfq "$2" > "$tmp"
+                        bzip2 -cdfq "$1" | $comp $OPTIONS - "$tmp"
                         STAT="$?"
-			/bin/rm -f $tmp;;
+			/bin/rm -f "$tmp";;
 
                 *)      bzip2 -cdfq "$1" | $comp $OPTIONS - "$2"
                         STAT="$?";;
diff -u bzip2-1.0.5/debian/control bzip2-1.0.5/debian/control
--- bzip2-1.0.5/debian/control
+++ bzip2-1.0.5/debian/control
@@ -3,7 +3,7 @@
 Priority: important
 Maintainer: Anibal Monsalve Salazar <anibal@debian.org>
 Uploaders: Santiago Ruano RincÃ³n <santiago@debian.org>
-Standards-Version: 3.7.3
+Standards-Version: 3.8.0
 Build-depends: texinfo, gcc-multilib [amd64 i386 kfreebsd-amd64 powerpc ppc64 s390 sparc] | gcc-4.1 (<< 4.1.2) [amd64 i386 kfreebsd-amd64 powerpc ppc64 s390 sparc]
 Homepage: http://www.bzip.org/
 
diff -u bzip2-1.0.5/debian/docbase bzip2-1.0.5/debian/docbase
--- bzip2-1.0.5/debian/docbase
+++ bzip2-1.0.5/debian/docbase
@@ -6,7 +6,7 @@
  considerably better than that achieved by more conventional
  LZ77/LZ78-based compressors, and approaches the performance of the PPM
  family of statistical compressors.
-Section: Apps/Tools
+Section: File Management
 
 Format: HTML
 Index: /usr/share/doc/bzip2/manual.html
diff -u bzip2-1.0.5/debian/changelog bzip2-1.0.5/debian/changelog
--- bzip2-1.0.5/debian/changelog
+++ bzip2-1.0.5/debian/changelog
@@ -1,3 +1,13 @@
+bzip2 (1.0.5-1) unstable; urgency=low
+
+  * Fix "bzdiff doesn't work if $TMPDIR contains spaces"; closes: #493710
+    Patch by Vincent Lefevre <vincent@vinc17.org>
+  * Standards-Version is 3.8.0
+  * Fixed the following lintian issues:
+    W: bzip2-doc: doc-base-unknown-section bzip2:9 Apps/Tools
+
+ -- Anibal Monsalve Salazar <anibal@debian.org>  Tue, 05 Aug 2008 19:52:24 +1000
+
 bzip2 (1.0.5-0.1) unstable; urgency=high
 
   * NMU

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Re: please unblock bzip2/1.0.5-1
  - From: Philipp Kern <pkern@debian.org>

Prev by Date: Re: Fixing #493051 (biococoa.app: Contents do not match name and description.) in Lenny.
Next by Date: wdiff stable update for Bug#425254
Previous by thread: Re: please unblock pump/0.8.24-4
Next by thread: Re: please unblock bzip2/1.0.5-1
Index(es):
- Date
- Thread