rpms/coccinelle/F-11 coccinelle-0.1.8-debian-unsafe-tmp-handling.patch, NONE, 1.1 .cvsignore, 1.2, 1.3 coccinelle.spec, 1.1, 1.2 sources, 1.2, 1.3 coccinelle-0.1.4-python26.patch, 1.1, NONE

Fri May 22 11:23:55 UTC 2009

Author: rjones

Update of /cvs/pkgs/rpms/coccinelle/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv24751

Modified Files:
	.cvsignore coccinelle.spec sources 
Added Files:
	coccinelle-0.1.8-debian-unsafe-tmp-handling.patch 
Removed Files:
	coccinelle-0.1.4-python26.patch 
Log Message:
* Fri May 22 2009 Richard W.M. Jones <rjones at redhat.com> - 0.1.8-1
- New upstream version 0.1.8.
- Include patch from Debian to fix CVE-2009-1753 (RHBZ#502174).


coccinelle-0.1.8-debian-unsafe-tmp-handling.patch:

--- NEW FILE coccinelle-0.1.8-debian-unsafe-tmp-handling.patch ---
Patch fixes unsafe temporary file handling (reported to upstream).

Signed-off-by: Eugeniy Meshcheryakov <eugen at debian.org>

diff -ur coccinelle-0.1.8/main.ml coccinelle-0.1.8.unsafe-tmp-handling/main.ml
--- coccinelle-0.1.8/main.ml	2009-05-08 18:58:02.000000000 +0100
+++ coccinelle-0.1.8.unsafe-tmp-handling/main.ml	2009-05-22 12:09:23.094841485 +0100
@@ -798,9 +798,11 @@
 	      
 	      if !output_file =$= "" 
 	      then begin
+		(*
                 let tmpfile = "/tmp/"^Common.basename infile in
                 pr2 (spf "One file modified. Result is here: %s" tmpfile);
                 Common.command2 ("cp "^outfile^" "^tmpfile);
+		*)
 	      end
 	    ));
           if !output_file <> "" then


Index: .cvsignore
===================================================================
RCS file: /cvs/pkgs/rpms/coccinelle/F-11/.cvsignore,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -p -r1.2 -r1.3
--- .cvsignore	18 Mar 2009 09:32:42 -0000	1.2
+++ .cvsignore	22 May 2009 11:23:24 -0000	1.3
@@ -1 +1 @@
-coccinelle-0.1.5.tgz
+coccinelle-0.1.8.tgz


Index: coccinelle.spec
===================================================================
RCS file: /cvs/pkgs/rpms/coccinelle/F-11/coccinelle.spec,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -p -r1.1 -r1.2
--- coccinelle.spec	18 Mar 2009 09:32:42 -0000	1.1
+++ coccinelle.spec	22 May 2009 11:23:24 -0000	1.2
@@ -7,8 +7,8 @@
 %endif
 
 Name:           coccinelle
-Version:        0.1.5
-Release:        3%{?dist}
+Version:        0.1.8
+Release:        1%{?dist}
 Summary:        Semantic patching for Linux (spatch)
 
 Group:          Development/Libraries
@@ -19,8 +19,8 @@ BuildRoot:      %{_tmppath}/%{name}-%{ve
 URL:            http://www.emn.fr/x-info/coccinelle/
 Source0:        http://www.emn.fr/x-info/coccinelle/distrib/%{name}-%{version}.tgz
 
-# Patch for Python 2.6, sent upstream on 2009-03-17.
-Patch0:         coccinelle-0.1.4-python26.patch
+# RHBZ#502174, CVE-2009-1753
+Patch0:         coccinelle-0.1.8-debian-unsafe-tmp-handling.patch
 
 BuildRequires:  ocaml >= 3.10.0
 BuildRequires:  ocaml-findlib-devel
@@ -62,7 +62,7 @@ The %{name}-examples package contains ex
 %prep
 %setup -q
 
-%patch0 -p0
+%patch0 -p1
 
 # Remove .cvsignore files.
 find -name .cvsignore -delete
@@ -155,6 +155,10 @@ rm -rf $RPM_BUILD_ROOT
 
 
 %changelog
+* Fri May 22 2009 Richard W.M. Jones <rjones at redhat.com> - 0.1.8-1
+- New upstream version 0.1.8.
+- Include patch from Debian to fix CVE-2009-1753 (RHBZ#502174).
+
 * Tue Mar 17 2009 Richard W.M. Jones <rjones at redhat.com> - 0.1.5-3
 - Make the documentation subpackage "-doc" not "-docs".
 - Comment about patch0 and send upstream.


Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/coccinelle/F-11/sources,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -p -r1.2 -r1.3
--- sources	18 Mar 2009 09:32:42 -0000	1.2
+++ sources	22 May 2009 11:23:24 -0000	1.3
@@ -1 +1 @@
-c6a8cdb9bb2bd22cb48cca456be63837  coccinelle-0.1.5.tgz
+29565a4b1904809b57ed255f1df67567  coccinelle-0.1.8.tgz


--- coccinelle-0.1.4-python26.patch DELETED ---


