diff options
author | Jörg Frings-Fürst <debian@jff-webhosting.net> | 2015-02-11 13:30:53 +0100 |
---|---|---|
committer | Jörg Frings-Fürst <debian@jff-webhosting.net> | 2015-02-11 13:30:53 +0100 |
commit | 9a662942b1f1138b8466ea5909cca2716327e8fb (patch) | |
tree | 48c08a834a74d5467a6e2e5b5ad964d12c6a2a19 | |
parent | 7895cb65d6b3b89dd914d1108a8de37a72c70f8d (diff) |
Remove the search of libs in local source dirs for security reasons
-rw-r--r-- | debian/changelog | 8 | ||||
-rw-r--r-- | debian/copyright | 2 | ||||
-rw-r--r-- | debian/patches/0020-secure_script_scons.patch | 21 | ||||
-rw-r--r-- | debian/patches/series | 1 |
4 files changed, 28 insertions, 4 deletions
diff --git a/debian/changelog b/debian/changelog index d0c3d68..7d7180d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,4 @@ -scons (2.3.4-1) experimental; urgency=medium +scons (2.3.4-1) unstable; urgency=medium * New upstream release - Remove obsolete debian/patches/manpages.patch. @@ -14,11 +14,13 @@ scons (2.3.4-1) experimental; urgency=medium - Add new section debian/* with license GPL-3.0+. - Add new section debian/patches/* with license Expat. - Add myself to the list of authors for debian/*. - - Update copyright years for 2014. + - Update copyright years for 2014-2015. * debian/watch - Rewrite regex for finding all file extensions. + * Remove the search of libs in local source dirs for security reasons: + - New debian/patches/0020-secure_script_scons.patch. - -- Jörg Frings-Fürst <debian@jff-webhosting.net> Sat, 08 Nov 2014 14:30:56 +0100 + -- Jörg Frings-Fürst <debian@jff-webhosting.net> Mon, 05 Jan 2015 13:26:18 +0100 scons (2.3.1-2) unstable; urgency=medium diff --git a/debian/copyright b/debian/copyright index 7b2f947..b9c4909 100644 --- a/debian/copyright +++ b/debian/copyright @@ -17,7 +17,7 @@ Files: debian/* Copyright: 2002 Moshe Zadka <moshez@debian.org> 2003-2008 Mark Brown <broonie@debian.org> 2008-2014 Luca Falavigna <dktrkranz@ubuntu.com> - 2014 Jörg Frings-Fürst <debian@jff-webhosting.net> + 2014-2015 Jörg Frings-Fürst <debian@jff-webhosting.net> License: GPL-3.0+ Files: debian/patches/* diff --git a/debian/patches/0020-secure_script_scons.patch b/debian/patches/0020-secure_script_scons.patch new file mode 100644 index 0000000..7463f32 --- /dev/null +++ b/debian/patches/0020-secure_script_scons.patch @@ -0,0 +1,21 @@ +Description: Comment out the search for libs in local source dirs +Author: Jörg Frings-Fürst <debian@jff-webhosting.net> +Forwarded: https://pairlist2.pair.net/pipermail/scons-dev/2014-November/002008.html +Last-Update: 2015-02-11 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +Index: trunk/script/scons +=================================================================== +--- trunk.orig/script/scons ++++ trunk/script/scons +@@ -75,8 +75,8 @@ if "SCONS_LIB_DIR" in os.environ: + + # - running from source takes priority (since 2.3.2), excluding SCONS_LIB_DIR settings + script_path = os.path.abspath(os.path.dirname(__file__)) +-source_path = os.path.join(script_path, '..', 'engine') +-libs.append(source_path) ++# source_path = os.path.join(script_path, '..', 'engine') ++# libs.append(source_path) + + local_version = 'scons-local-' + __version__ + local = 'scons-local' diff --git a/debian/patches/series b/debian/patches/series index b5afaea..cd8e885 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,3 +1,4 @@ +0020-secure_script_scons.patch manpage-spelling.patch java_ignore_nonexistent_files.patch remove_stale_files.patch |