[Pkg-privacy-commits] [onionshare] 50/55: Delete patches which have been applied in new upstream version 0.9.1

Thu Sep 8 10:27:45 UTC 2016

This is an automated email from the git hooks/post-receive script.

u-guest pushed a commit to branch debian
in repository onionshare.

commit 09d1b65ec2f8990e59e1d41f86ad68a9f3785913
Author: Ulrike Uhlig <u at 451f.org>
Date:   Thu Sep 8 11:34:31 2016 +0200

    Delete patches which have been applied in new upstream version 0.9.1
---
 debian/patches/fix_CVE-2016-5026 | 50 ----------------------------------------
 debian/patches/series            |  1 -
 2 files changed, 51 deletions(-)

diff --git a/debian/patches/fix_CVE-2016-5026 b/debian/patches/fix_CVE-2016-5026
deleted file mode 100644
index f669c4d..0000000
--- a/debian/patches/fix_CVE-2016-5026
+++ /dev/null
@@ -1,50 +0,0 @@
-Description: Fix CVE-2016-5026.
- See http://www.openwall.com/lists/oss-security/2016/05/23/5 for details
- on a potential convoluted attack. Basically, /tmp/onionshare is
- a predictable name, which mean that a local attacker
- could precreate it on a shared server and later mess with the hidden
- service operations in various way.
-Author: Michael Scherer <misc at zarb.org>
-
---- a/onionshare/hs.py
-+++ b/onionshare/hs.py
-@@ -102,16 +102,7 @@
-                 self.hidserv_dir = self.hidserv_dir.replace('\\', '/')
-
-             else:
--                path = '/tmp/onionshare'
--                try:
--                    if not os.path.exists(path):
--                        os.makedirs(path, 0o700)
--                except:
--                    raise HSDirError(strings._("error_hs_dir_cannot_create").format(path))
--                if not os.access(path, os.W_OK):
--                    raise HSDirError(strings._("error_hs_dir_not_writable").format(path))
--
--                self.hidserv_dir = tempfile.mkdtemp(dir=path)
-+                self.hidserv_dir = tempfile.mkdtemp(suffix='onionshare',dir='/tmp')
-
-             self.cleanup_filenames.append(self.hidserv_dir)
-
-@@ -233,17 +224,17 @@
-                 '80 127.0.0.1:33302'
-             ],
-             'HiddenServiceDir': [
--                '/tmp/onionshare/tmplTfZZu',
--                '/tmp/onionshare/tmpchDai3'
-+                '/tmp/onionsharetmplTfZZu',
-+                '/tmp/onionsharetmpchDai3'
-             ]
-         }
-
-
-         Output will look like this:
-         [
--            ('HiddenServiceDir', '/tmp/onionshare/tmplTfZZu'),
-+            ('HiddenServiceDir', '/tmp/onionsharetmplTfZZu'),
-             ('HiddenServicePort', '80 127.0.0.1:47906'),
--            ('HiddenServiceDir', '/tmp/onionshare/tmpchDai3'),
-+            ('HiddenServiceDir', '/tmp/onionsharetmpchDai3'),
-             ('HiddenServicePort', '80 127.0.0.1:33302')
-         ]
-         """
diff --git a/debian/patches/series b/debian/patches/series
deleted file mode 100644
index 5aea7fc..0000000
--- a/debian/patches/series
+++ /dev/null
@@ -1 +0,0 @@
-fix_CVE-2016-5026

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-privacy/packages/onionshare.git

