[med-svn] r2432 - in trunk/packages/mafft/trunk/debian: . patches

plessy at alioth.debian.org plessy at alioth.debian.org
Mon Aug 25 14:40:24 UTC 2008 

Author: plessy
Date: 2008-08-25 14:40:24 +0000 (Mon, 25 Aug 2008)
New Revision: 2432

Added:
   trunk/packages/mafft/trunk/debian/README.source
   trunk/packages/mafft/trunk/debian/patches/
   trunk/packages/mafft/trunk/debian/patches/Securisation-by-mktemp-usage.patch
   trunk/packages/mafft/trunk/debian/patches/series
Modified:
   trunk/packages/mafft/trunk/debian/README.Debian
   trunk/packages/mafft/trunk/debian/changelog
   trunk/packages/mafft/trunk/debian/control
   trunk/packages/mafft/trunk/debian/mafft-homologs.1
   trunk/packages/mafft/trunk/debian/mafft-homologs.1.xml
   trunk/packages/mafft/trunk/debian/rules
Log:
Patched mafft-homolog to use mktemp for increased security.

 - Using quilt as a patch system, and modified build system accrodingly.
 - Documented in manpage and README.Debian that a patched version is distributed.



Modified: trunk/packages/mafft/trunk/debian/README.Debian
===================================================================
--- trunk/packages/mafft/trunk/debian/README.Debian	2008-08-25 06:41:01 UTC (rev 2431)
+++ trunk/packages/mafft/trunk/debian/README.Debian	2008-08-25 14:40:24 UTC (rev 2432)
@@ -18,4 +18,8 @@
 % diff test.linsi sample.linsi
 
 
- -- Charles Plessy <charles-debian-nospam at plessy.org>  Wed,  7 Feb 2007 21:44:40 +0900
+The program mafft-homologs has been patched to enhance the security of
+the temporary files it creates. You can consult the patch in the Debian
+source package.
+
+ -- Charles Plessy <charles-debian-nospam at plessy.org>  Mon, 25 Aug 2008 23:29:19 +0900

Added: trunk/packages/mafft/trunk/debian/README.source
===================================================================
--- trunk/packages/mafft/trunk/debian/README.source	                        (rev 0)
+++ trunk/packages/mafft/trunk/debian/README.source	2008-08-25 14:40:24 UTC (rev 2432)
@@ -0,0 +1,8 @@
+This package uses quilt to patch the sources. Please refer to
+/usr/share/doc/quilt/README.source for more informations.
+
+This package is maintained by the Debian Med packagign team. Please refer to
+our group policy if you would like to commit to our Subversion repository. All
+Debian developpers have write acces to it.
+
+http://debian-med.alioth.debian.org/docs/policy.html

Modified: trunk/packages/mafft/trunk/debian/changelog
===================================================================
--- trunk/packages/mafft/trunk/debian/changelog	2008-08-25 06:41:01 UTC (rev 2431)
+++ trunk/packages/mafft/trunk/debian/changelog	2008-08-25 14:40:24 UTC (rev 2432)
@@ -1,9 +1,17 @@
-mafft (6.240-2) UNRELEASED; urgency=low
+mafft (6.240-2) UNRELEASED; urgency=high
 
   [ Charles Plessy ]
   * debian/control:
     - Moved the Homepage: field out from the package's description.
     - Enhances: t-coffee.
+  * Updated my email address.
+  * Securisation of the temorary files of mafft-homologs:
+    - debian/control: build-depend on quilt.
+    - debian/rules: modified to use quilt.
+    - debian/README.source: signals that the package uses quilt.
+    - debian/patches: added a patch to use mktemp (Closes: #496366).
+    - debian/mafft-homologs.1*, debian/README.Debian: document that the
+      program is patched.
 
   [ David Paleino ]
   * debian/mafft.1, debian/mafft-homologs.1 added - manpages built statically.
@@ -16,11 +24,8 @@
     - reflecting static build of manpages
     - minor changes
 
-  [ Charles Plessy ]
-  * Updated my email address.
+ -- Charles Plessy <plessy at debian.org>  Mon, 25 Aug 2008 23:30:20 +0900
 
- -- Charles Plessy <plessy at debian.org>  Sun, 27 Apr 2008 16:58:30 +0900
-
 mafft (6.240-1) unstable; urgency=low
 
   * Initial release (Closes: #409640)

Modified: trunk/packages/mafft/trunk/debian/control
===================================================================
--- trunk/packages/mafft/trunk/debian/control	2008-08-25 06:41:01 UTC (rev 2431)
+++ trunk/packages/mafft/trunk/debian/control	2008-08-25 14:40:24 UTC (rev 2432)
@@ -5,7 +5,7 @@
 DM-Upload-Allowed: yes
 Uploaders: Charles Plessy <plessy at debian.org>,
  David Paleino <d.paleino at gmail.com>
-Build-Depends: debhelper (>= 5)
+Build-Depends: debhelper (>= 5), quilt
 Standards-Version: 3.7.3
 Vcs-Browser: http://svn.debian.org/wsvn/debian-med/trunk/packages/mafft/trunk/?rev=0&sc=0
 Vcs-Svn: svn://svn.debian.org/svn/debian-med/trunk/packages/mafft/trunk/

Modified: trunk/packages/mafft/trunk/debian/mafft-homologs.1
===================================================================
--- trunk/packages/mafft/trunk/debian/mafft-homologs.1	2008-08-25 06:41:01 UTC (rev 2431)
+++ trunk/packages/mafft/trunk/debian/mafft-homologs.1	2008-08-25 14:40:24 UTC (rev 2432)
@@ -11,50 +11,50 @@
 .\" disable justification (adjust text to left margin only)
 .ad l
 .SH "NAME"
-mafft-homologs - aligns sequences together with homologues automatically collected from SwissProt via NCBI BLAST
+mafft-homologs \- aligns sequences together with homologues automatically collected from SwissProt via NCBI BLAST
 .SH "SYNOPSIS"
 .HP 15
 \fBmafft\-homologs\fR [\fBoptions\fR] \fIinput\fR [>\ \fIoutput\fR]
 .SH "DESCRIPTION"
 .PP
-The accuracy of an alignment of a few distantly related sequences is considerably improved when being aligned together with their close homologs\. The reason for the improvement is probably the same as that for PSI\-BLAST\. That is, the positions of highly conserved residues, those with many gaps and other additional information is brought by close homologs\. According to Katoh et al\. (2005), the improvement by adding close homologs is 10% or so, which is comparable to the improvement by incorporating structural information of a pair of sequences\. Mafft\-homologs in a mafft server works like this:
+The accuracy of an alignment of a few distantly related sequences is considerably improved when being aligned together with their close homologs\&. The reason for the improvement is probably the same as that for PSI\-BLAST\&. That is, the positions of highly conserved residues, those with many gaps and other additional information is brought by close homologs\&. According to Katoh et al\&. (2005), the improvement by adding close homologs is 10% or so, which is comparable to the improvement by incorporating structural information of a pair of sequences\&. Mafft\-homologs in a mafft server works like this:
 .sp
 .RS 4
-\h'-04' 1.\h'+02'Collect a number (50 by default) of close homologs (E=1e\-10 by default) of the input sequences\.
+\h'-04' 1.\h'+02'Collect a number (50 by default) of close homologs (E=1e\-10 by default) of the input sequences\&.
 .RE
 .sp
 .RS 4
-\h'-04' 2.\h'+02'Align the input sequences and homologs all together using the L\-INS\-i strategy\.
+\h'-04' 2.\h'+02'Align the input sequences and homologs all together using the L\-INS\-i strategy\&.
 .RE
 .sp
 .RS 4
-\h'-04' 3.\h'+02'Remove the homologs\.
+\h'-04' 3.\h'+02'Remove the homologs\&.
 .RE
 .SH "OPTIONS"
 .PP
 \fB\-a\fR \fI\fIn\fR\fR
 .RS 4
-The number of collected sequences (default: 50)\.
+The number of collected sequences (default: 50)\&.
 .RE
 .PP
 \fB\-e\fR \fI\fIn\fR\fR
 .RS 4
-Threshold value (default: 1e\-10)\.
+Threshold value (default: 1e\-10)\&.
 .RE
 .PP
 \fB\-o\fR \fI\fIxxx\fR\fR
 .RS 4
-options for mafft (default: " \-\-op 1\.53 \-\-ep 0\.123 \-\-maxiterate 1000")\.
+options for mafft (default: " \-\-op 1\&.53 \-\-ep 0\&.123 \-\-maxiterate 1000")\&.
 .RE
 .PP
 \fB\-l\fR
 .RS 4
-Locally carries out blast searches instead of NCBI blast (requires locally installed blast and a database)\.
+Locally carries out blast searches instead of NCBI blast (requires locally installed blast and a database)\&.
 .RE
 .PP
 \fB\-f\fR
 .RS 4
-Outputs collected homologues also (default: off)\.
+Outputs collected homologues also (default: off)\&.
 .RE
 .PP
 \fB\-w\fR
@@ -63,27 +63,32 @@
 .RE
 .SH "REQUIREMENTS"
 .PP
-Mafft\-homologs requires a version of mafft higher than 5\.58\.
+Mafft\-homologs requires a version of mafft higher than 5\&.58\&.
 .SH "REFERENCES"
 .PP
-Katoh, Kuma, Toh and Miyata (Nucleic Acids Res\. 33:511\-518, 2005) MAFFT version 5: improvement in accuracy of multiple sequence alignment\.
+Katoh, Kuma, Toh and Miyata (Nucleic Acids Res\&. 33:511\-518, 2005) MAFFT version 5: improvement in accuracy of multiple sequence alignment\&.
 .SH "SEE ALSO"
 .PP
 
 \fBmafft\fR(1)
+.SH "DIVERGENCE FROM UPSTREAM"
+.PP
+The program
+\fBmafft\-homologs\fR
+has been patched to enhance the security of the temporary files it creates\&. You can consult the patch in the Debian source package\&.
 .SH "AUTHORS"
 .PP
-\fBKazutaka Katoh\fR <\&katoh_at_bioreg\.kyushu\-u\.ac\.jp\.\&>
+\fBKazutaka Katoh\fR <\&katoh_at_bioreg\&.kyushu\-u\&.ac\&.jp\&.\&>
 .sp -1n
 .IP "" 4
-Wrote Mafft\.
+Wrote Mafft\&.
 .PP
-\fBCharles Plessy\fR <\&charles\-debian\-nospam at plessy\.org\&>
+\fBCharles Plessy\fR <\&charles\-debian\-nospam at plessy\&.org\&>
 .sp -1n
 .IP "" 4
-Wrote this manpage in DocBook XML for the Debian distribution, using Mafft\'s homepage as a template\.
+Wrote this manpage in DocBook XML for the Debian distribution, using Mafft\'s homepage as a template\&.
 .SH "COPYRIGHT"
-Copyright \(co 2002-2007 Kazutaka Katoh (mafft)
+Copyright \(co 2002, 2003, 2004, 2005, 2006, 2007 Kazutaka Katoh (mafft)
 .br
 Copyright \(co 2007 Charles Plessy (this manpage)
 .br
@@ -93,16 +98,16 @@
 Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
 .sp
 .RS 4
-\h'-04' 1.\h'+02'Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer\.
+\h'-04' 1.\h'+02'Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer\&.
 .RE
 .sp
 .RS 4
-\h'-04' 2.\h'+02'Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution\.
+\h'-04' 2.\h'+02'Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution\&.
 .RE
 .sp
 .RS 4
-\h'-04' 3.\h'+02'The name of the author may not be used to endorse or promote products derived from this software without specific prior written permission\.
+\h'-04' 3.\h'+02'The name of the author may not be used to endorse or promote products derived from this software without specific prior written permission\&.
 .RE
 .PP
-THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED\. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE\.
+THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED\&. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE\&.
 .sp

Modified: trunk/packages/mafft/trunk/debian/mafft-homologs.1.xml
===================================================================
--- trunk/packages/mafft/trunk/debian/mafft-homologs.1.xml	2008-08-25 06:41:01 UTC (rev 2431)
+++ trunk/packages/mafft/trunk/debian/mafft-homologs.1.xml	2008-08-25 14:40:24 UTC (rev 2432)
@@ -191,4 +191,10 @@
 			</citerefentry>
     </para>
 	</refsect1>
+  <refsect1>
+    <title>DIVERGENCE FROM UPSTREAM</title>
+    <para>The program <command>mafft-homologs</command> has been patched to
+    enhance the security of the temporary files it creates. You can consult the
+    patch in the Debian source package.</para>
+  </refsect1>
 </refentry>

Added: trunk/packages/mafft/trunk/debian/patches/Securisation-by-mktemp-usage.patch
===================================================================
--- trunk/packages/mafft/trunk/debian/patches/Securisation-by-mktemp-usage.patch	                        (rev 0)
+++ trunk/packages/mafft/trunk/debian/patches/Securisation-by-mktemp-usage.patch	2008-08-25 14:40:24 UTC (rev 2432)
@@ -0,0 +1,180 @@
+Author: Charles Plessy, with the kind help of Thijs Kinkhorst.
+Description: Securisation of the temporary files of mafft-homologs.
+ Mafft-homologs uses predictable names for its temporary files. This patch
+ replaces the pid-based file names by names constructed with the `mktemp'
+ program. 
+ .
+ Quoting its manual page:
+ mktemp is a program to allow shell scripts to safely use temporary files.
+ Traditionally, many shell scripts take the name of the program with the PID
+ as a suffix and use that as a temporary filename.  This kind of naming scheme
+ is predictable and  the race condition  it  creates is  easy for an attacker
+ to win.  A safer, though still inferior approach is to make a temporary
+ directory using the same naming scheme.  While this does allow one to
+ guarantee that a temporary file will not  be  subverted, it still allows a
+ simple denial of service attack.  For these reasons it is suggested that
+ mktemp be used instead.
+Forwarded: not yet.
+Reviewed: not yet.
+License: same as MAFFT itself.
+
+Index: mafft-6.240/src/mafft-homologs.tmpl
+===================================================================
+--- mafft-6.240.orig/src/mafft-homologs.tmpl
++++ mafft-6.240/src/mafft-homologs.tmpl
+@@ -13,6 +13,15 @@
+ # path of blastall. 
+ # if blastall is in your command path, "blastall" is ok.
+ 
++$temp_vf_file = system('mktemp _vf_XXXXXXXXXX')
++$temp_if_file = system('mktemp _if_XXXXXXXXXX')
++$temp_pf_file = system('mktemp _pf_XXXXXXXXXX')
++$temp_af_file = system('mktemp _af_XXXXXXXXXX')
++$temp_rid_file = system('mktemp _rid_XXXXXXXXXX')
++$temp_res_file = system('mktemp _res_XXXXXXXXXX')
++$temp_res_file = system('mktemp _q_XXXXXXXXXX')
++$temp_res_file = system('mktemp _bf_XXXXXXXXXX')
++
+ # mafft-homologs.rb  v. 2.1 aligns sequences together with homologues 
+ # automatically collected from SwissProt via NCBI BLAST.
+ #
+@@ -34,8 +43,8 @@
+ 
+ require 'getopts'
+ 
+-system( mafftpath + " --help > /tmp/_vf#{$$} 2>&1" )
+-pfp = File.open( "/tmp/_vf#{$$}", 'r' )
++system( mafftpath + " --help > $temp_vf_file 2>&1" )
++pfp = File.open( "$temp_vf_file", 'r' )
+ while pfp.gets
+ 	break if $_ =~ /MAFFT v/
+ end
+@@ -114,17 +123,17 @@
+ 	mafftopt += " " + $OPT_o + " "
+ end
+ 
+-system "cat " + ARGV.to_s + " > /tmp/_if#{$$}"
++system "cat " + ARGV.to_s + " > $temp_if_file"
+ ar = mafftopt.split(" ")
+ nar = ar.length
+ for i in 0..(nar-1)
+ 	if ar[i] == "--seed" then
+-		system "cat #{ar[i+1]} >> /tmp/_if#{$$}"
++		system "cat #{ar[i+1]} >> $temp_if_file"
+ 	end
+ end
+ 
+ nseq = 0
+-ifp = File.open( "/tmp/_if#{$$}", 'r' )
++ifp = File.open( "$temp_if_file", 'r' )
+ 	while ifp.gets
+ 		nseq += 1 if $_ =~ /^>/
+ 	end
+@@ -132,17 +141,17 @@
+ 
+ STDERR.puts "Performing preliminary alignment .. "
+ if nseq == 1 then
+-	system( "cp /tmp/_if#{$$}"  + " /tmp/_pf#{$$}" )
++	system( "cp $temp_if_file"  + " $temp_pf_file" )
+ else
+ 	if entiresearch == 1 then
+-#		system( mafftpath + " --maxiterate 1000 --localpair /tmp/_if#{$$} > /tmp/_pf#{$$}" )
+-		system( mafftpath + " --maxiterate 0 --retree 2 /tmp/_if#{$$} > /tmp/_pf#{$$}" )
++#		system( mafftpath + " --maxiterate 1000 --localpair $temp_if_file > $temp_pf_file" )
++		system( mafftpath + " --maxiterate 0 --retree 2 $temp_if_file > temp_pf_file$" )
+ 	else
+-		system( mafftpath + " --maxiterate 1000 --localpair --core --coreext --corethr #{corethr.to_s} --corewin #{corewin.to_s} /tmp/_if#{$$} > /tmp/_pf#{$$}" )
++		system( mafftpath + " --maxiterate 1000 --localpair --core --coreext --corethr #{corethr.to_s} --corewin #{corewin.to_s} $temp_if_file > $temp_pf_file" )
+ 	end
+ end
+ 
+-pfp = File.open( "/tmp/_pf#{$$}", 'r' )
++pfp = File.open( "$temp_pf_file", 'r' )
+ inname = []
+ inseq = []
+ slen = []
+@@ -155,7 +164,7 @@
+ end
+ pfp.close
+ 
+-pfp = File.open( "/tmp/_if#{$$}", 'r' )
++pfp = File.open( "$temp_if_file", 'r' )
+ orname = []
+ orseq = []
+ nin = 0
+@@ -187,8 +196,7 @@
+ end
+ #p act
+ 
+-
+-afp = File.open( "/tmp/_af#{$$}", 'w' )
++afp = File.open( "$temp_af_file", 'w' )
+ 
+ STDERR.puts "Searching .. \n"
+ ids = []
+@@ -209,10 +217,10 @@
+ 	end
+ 
+ 	if local == 0 then
+-		command = "lynx -source 'http://www.ncbi.nlm.nih.gov/blast/Blast.cgi?QUERY=" + inseq[i] + "&DATABASE=swissprot&HITLIST_SIZE=" + nadd.to_s + "&FILTER=L&EXPECT='" + eval.to_s + "'&FORMAT_TYPE=TEXT&PROGRAM=blastp&SERVICE=plain&NCBI_GI=on&PAGE=Proteins&CMD=Put' > /tmp/_rid#{$$}"
++		command = "lynx -source 'http://www.ncbi.nlm.nih.gov/blast/Blast.cgi?QUERY=" + inseq[i] + "&DATABASE=swissprot&HITLIST_SIZE=" + nadd.to_s + "&FILTER=L&EXPECT='" + eval.to_s + "'&FORMAT_TYPE=TEXT&PROGRAM=blastp&SERVICE=plain&NCBI_GI=on&PAGE=Proteins&CMD=Put' > $temp_rid_file"
+ 		system command
+ 	
+-		ridp = File.open( "/tmp/_rid#{$$}", 'r' )
++		ridp = File.open( "$temp_rid_file", 'r' )
+ 		while ridp.gets
+ 			break if $_ =~ / RID = (.*)/
+ 		end
+@@ -224,9 +232,9 @@
+ 		while 1 
+ 			STDERR.printf "."
+ 			sleep 10
+-			command = "lynx -source 'http://www.ncbi.nlm.nih.gov/blast/Blast.cgi?RID=" + rid + "&DESCRIPTIONS=500&ALIGNMENTS=" + nadd.to_s + "&ALIGNMENT_TYPE=Pairwise&OVERVIEW=no&CMD=Get&FORMAT_TYPE=XML' > /tmp/_res#{$$}"
++			command = "lynx -source 'http://www.ncbi.nlm.nih.gov/blast/Blast.cgi?RID=" + rid + "&DESCRIPTIONS=500&ALIGNMENTS=" + nadd.to_s + "&ALIGNMENT_TYPE=Pairwise&OVERVIEW=no&CMD=Get&FORMAT_TYPE=XML' > $temp_res_file"
+ 			system command
+-			resp = File.open( "/tmp/_res#{$$}", 'r' )
++			resp = File.open( "$temp_res_file", 'r' )
+ #			resp.gets
+ #			if $_ =~ /WAITING/ then
+ #				resp.close
+@@ -247,17 +255,17 @@
+ 	else
+ #		puts "Not supported"
+ #		exit
+-		qfp = File.open( "/tmp/_q#{$$}", 'w' )
++		qfp = File.open( "$temp_q_file", 'w' )
+ 			qfp.puts "> "
+ 			qfp.puts inseq[i]
+ 		qfp.close
+-		command = blastpath + "  -p blastp  -e #{eval} -b 1000 -m 7 -i /tmp/_q#{$$} -d #{localdb} > /tmp/_res#{$$}"
++		command = blastpath + "  -p blastp  -e #{eval} -b 1000 -m 7 -i $temp_q_file -d #{localdb} > $temp_res_file"
+ 		system command
+-		resp = File.open( "/tmp/_res#{$$}", 'r' )
++		resp = File.open( "$temp_res_file", 'r' )
+ 	end
+ 	STDERR.puts " Done.\n\n"
+ 
+-	resp = File.open( "/tmp/_res#{$$}", 'r' )
++	resp = File.open( "$temp_res_file", 'r' )
+ 	while 1
+ 		while resp.gets
+ 			break if $_ =~ /<Hit_id>(.*)<\/Hit_id>/ || $_ =~ /(<Iteration_stat>)/
+@@ -310,10 +318,10 @@
+ afp.close
+ 
+ STDERR.puts "Performing alignment .. "
+-system( mafftpath + mafftopt + " /tmp/_af#{$$} > /tmp/_bf#{$$}" )
++system( mafftpath + mafftopt + " $temp_af_file > $temp_bf_file" )
+ STDERR.puts "done."
+ 
+-bfp = File.open( "/tmp/_bf#{$$}", 'r' )
++bfp = File.open( "$temp_bf_file", 'r' )
+ outseq = []
+ outnam = []
+ readfasta( bfp, outnam, outseq )
+@@ -357,4 +365,4 @@
+ 	puts outseq2[i].gsub( /.{1,60}/, "\\0\n" )
+ end
+ 
+-system( "rm -rf /tmp/_if#{$$} /tmp/_vf#{$$} /tmp/_af#{$$} /tmp/_bf#{$$} /tmp/_pf#{$$} /tmp/_q#{$$} /tmp/_res#{$$} /tmp/_rid#{$$}" )
++system( "rm -rf $temp_if_file $temp_vf_file $temp_af_file $temp_bf_file $temp_pf_file $temp_q_file $temp_res_file $temp_rid_file" )

Added: trunk/packages/mafft/trunk/debian/patches/series
===================================================================
--- trunk/packages/mafft/trunk/debian/patches/series	                        (rev 0)
+++ trunk/packages/mafft/trunk/debian/patches/series	2008-08-25 14:40:24 UTC (rev 2432)
@@ -0,0 +1 @@
+Securisation-by-mktemp-usage.patch

Modified: trunk/packages/mafft/trunk/debian/rules
===================================================================
--- trunk/packages/mafft/trunk/debian/rules	2008-08-25 06:41:01 UTC (rev 2431)
+++ trunk/packages/mafft/trunk/debian/rules	2008-08-25 14:40:24 UTC (rev 2432)
@@ -5,6 +5,8 @@
 # Uncomment this to turn on verbose mode.
 #export DH_VERBOSE=1
 
+include /usr/share/quilt/quilt.make
+
 XP=xsltproc  \
       -''-nonet \
       -''-param man.charmap.use.subset "0" \
@@ -27,7 +29,7 @@
 mafft-homologs.1: debian/mafft-homologs.1.xml
 	$(XP) $<
 
-build: build-stamp
+build: patch build-stamp
 build-stamp:
 	dh_testdir
 	$(MAKE) -C src PREFIX=/usr/lib/mafft
@@ -43,7 +45,7 @@
 	-$(MAFFT) --localpair			test/sample | diff test/sample.lins1 -
 	-$(MAFFT) --localpair --maxiterate 100	test/sample | diff test/sample.linsi -
 
-clean:
+clean: unpatch
 	dh_testdir
 	dh_testroot
 	[ ! -f Makefile ] || $(MAKE) -C src clean

More information about the debian-med-commit mailing list