summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJörg Frings-Fürst <debian@jff-webhosting.net>2015-02-11 13:30:53 +0100
committerJörg Frings-Fürst <debian@jff-webhosting.net>2015-02-11 13:30:53 +0100
commit9a662942b1f1138b8466ea5909cca2716327e8fb (patch)
tree48c08a834a74d5467a6e2e5b5ad964d12c6a2a19
parent7895cb65d6b3b89dd914d1108a8de37a72c70f8d (diff)
Remove the search of libs in local source dirs for security reasons
-rw-r--r--debian/changelog8
-rw-r--r--debian/copyright2
-rw-r--r--debian/patches/0020-secure_script_scons.patch21
-rw-r--r--debian/patches/series1
4 files changed, 28 insertions, 4 deletions
diff --git a/debian/changelog b/debian/changelog
index d0c3d68..7d7180d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-scons (2.3.4-1) experimental; urgency=medium
+scons (2.3.4-1) unstable; urgency=medium
* New upstream release
- Remove obsolete debian/patches/manpages.patch.
@@ -14,11 +14,13 @@ scons (2.3.4-1) experimental; urgency=medium
- Add new section debian/* with license GPL-3.0+.
- Add new section debian/patches/* with license Expat.
- Add myself to the list of authors for debian/*.
- - Update copyright years for 2014.
+ - Update copyright years for 2014-2015.
* debian/watch
- Rewrite regex for finding all file extensions.
+ * Remove the search of libs in local source dirs for security reasons:
+ - New debian/patches/0020-secure_script_scons.patch.
- -- Jörg Frings-Fürst <debian@jff-webhosting.net> Sat, 08 Nov 2014 14:30:56 +0100
+ -- Jörg Frings-Fürst <debian@jff-webhosting.net> Mon, 05 Jan 2015 13:26:18 +0100
scons (2.3.1-2) unstable; urgency=medium
diff --git a/debian/copyright b/debian/copyright
index 7b2f947..b9c4909 100644
--- a/debian/copyright
+++ b/debian/copyright
@@ -17,7 +17,7 @@ Files: debian/*
Copyright: 2002 Moshe Zadka <moshez@debian.org>
2003-2008 Mark Brown <broonie@debian.org>
2008-2014 Luca Falavigna <dktrkranz@ubuntu.com>
- 2014 Jörg Frings-Fürst <debian@jff-webhosting.net>
+ 2014-2015 Jörg Frings-Fürst <debian@jff-webhosting.net>
License: GPL-3.0+
Files: debian/patches/*
diff --git a/debian/patches/0020-secure_script_scons.patch b/debian/patches/0020-secure_script_scons.patch
new file mode 100644
index 0000000..7463f32
--- /dev/null
+++ b/debian/patches/0020-secure_script_scons.patch
@@ -0,0 +1,21 @@
+Description: Comment out the search for libs in local source dirs
+Author: Jörg Frings-Fürst <debian@jff-webhosting.net>
+Forwarded: https://pairlist2.pair.net/pipermail/scons-dev/2014-November/002008.html
+Last-Update: 2015-02-11
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+Index: trunk/script/scons
+===================================================================
+--- trunk.orig/script/scons
++++ trunk/script/scons
+@@ -75,8 +75,8 @@ if "SCONS_LIB_DIR" in os.environ:
+
+ # - running from source takes priority (since 2.3.2), excluding SCONS_LIB_DIR settings
+ script_path = os.path.abspath(os.path.dirname(__file__))
+-source_path = os.path.join(script_path, '..', 'engine')
+-libs.append(source_path)
++# source_path = os.path.join(script_path, '..', 'engine')
++# libs.append(source_path)
+
+ local_version = 'scons-local-' + __version__
+ local = 'scons-local'
diff --git a/debian/patches/series b/debian/patches/series
index b5afaea..cd8e885 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,4 @@
+0020-secure_script_scons.patch
manpage-spelling.patch
java_ignore_nonexistent_files.patch
remove_stale_files.patch