[DRE-maint] Bug#1108707: unblock: syncache/1.4-1.3
Bastian Germann
bage at debian.org
Thu Jul 3 16:17:18 BST 2025
Package: release.debian.org
Severity: normal
X-Debbugs-Cc: syncache at packages.debian.org
Control: affects -1 + src:syncache
User: release.debian.org at packages.debian.org
Usertags: unblock
Please unblock package syncache
[ Reason ]
Fix for #1106396.
[ Impact ]
Package is going to be auto-removed because it fails to configure without
the bug fix.
[ Tests ]
Installing the unfixed revision leaves the package unconfigured with
error output according to the bug report.
[ Risks ]
Avoids a removed Ruby language feature. Removing the .untainted should
be transparent and will result in the same program flow.
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
[ Other info ]
I have fixed the bug via a NMU. This is not a maintainer request.
unblock syncache/1.4-1.3
-------------- next part --------------
diff -Nru syncache-1.4/debian/changelog syncache-1.4/debian/changelog
--- syncache-1.4/debian/changelog 2024-05-25 10:03:21.000000000 +0200
+++ syncache-1.4/debian/changelog 2025-07-03 08:14:10.000000000 +0200
@@ -1,3 +1,10 @@
+syncache (1.4-1.3) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Remove untaint. Closes: #1106396.
+
+ -- Bastian Germann <bage at debian.org> Thu, 03 Jul 2025 08:14:10 +0200
+
syncache (1.4-1.2) unstable; urgency=medium
* Non-maintainer upload.
diff -Nru syncache-1.4/debian/patches/0002-rm-untaint.patch syncache-1.4/debian/patches/0002-rm-untaint.patch
--- syncache-1.4/debian/patches/0002-rm-untaint.patch 1970-01-01 01:00:00.000000000 +0100
+++ syncache-1.4/debian/patches/0002-rm-untaint.patch 2025-07-03 08:14:10.000000000 +0200
@@ -0,0 +1,39 @@
+Description: Remove untaint
+Author: Bastian Germann <bage at debian.org>
+Bug-Debian: https://bugs.debian.org/1106396
+---
+--- syncache-1.4.orig/bin/syncache-drb
++++ syncache-1.4/bin/syncache-drb
+@@ -90,7 +90,7 @@ Options:
+ @debug = false
+ @pidfile = (0 == Process.uid) ?
+ "/var/run/#{PNAME}/#{PNAME}.pid" :
+- File.join((ENV.has_key?('TMPDIR') ? ENV['TMPDIR'].dup.untaint : '/tmp'),
++ File.join((ENV.has_key?('TMPDIR') ? ENV['TMPDIR'].dup : '/tmp'),
+ "#{PNAME}.pid")
+ @foreground = false
+
+@@ -105,19 +105,19 @@ Options:
+ when '--flush-delay'
+ @flush_delay = arg.to_i
+ when '--user'
+- @user = arg.dup.untaint
++ @user = arg.dup
+ when '--error-log'
+- @error_log = arg.dup.untaint
++ @error_log = arg.dup
+ when '--debug'
+ @debug = true
+ when '--pidfile'
+- @pidfile = arg.dup.untaint
++ @pidfile = arg.dup
+ when '--foreground'
+ @foreground = true
+ end
+ end
+
+- @uri = ARGV[0].dup.untaint if ARGV[0]
++ @uri = ARGV[0].dup if ARGV[0]
+ @user = Etc.getpwnam(@user)
+ end
+
diff -Nru syncache-1.4/debian/patches/series syncache-1.4/debian/patches/series
--- syncache-1.4/debian/patches/series 2016-04-16 09:51:28.000000000 +0200
+++ syncache-1.4/debian/patches/series 2025-07-03 08:14:10.000000000 +0200
@@ -1 +1,2 @@
0001-syncache.gemspec-drop-git-invokation-fix-license.patch
+0002-rm-untaint.patch
More information about the Pkg-ruby-extras-maintainers
mailing list