[DRE-maint] Bug#1108707: unblock: syncache/1.4-1.3

[Bastian Germann]

Package: release.debian.org
Severity: normal
X-Debbugs-Cc: syncache at packages.debian.org
Control: affects -1 + src:syncache
User: release.debian.org at packages.debian.org
Usertags: unblock

Please unblock package syncache

[ Reason ]
Fix for #1106396.

[ Impact ]
Package is going to be auto-removed because it fails to configure without
the bug fix.

[ Tests ]
Installing the unfixed revision leaves the package unconfigured with
error output according to the bug report.

[ Risks ]
Avoids a removed Ruby language feature. Removing the .untainted should
be transparent and will result in the same program flow.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

[ Other info ]
I have fixed the bug via a NMU. This is not a maintainer request.

unblock syncache/1.4-1.3
-------------- next part --------------
diff -Nru syncache-1.4/debian/changelog syncache-1.4/debian/changelog
--- syncache-1.4/debian/changelog	2024-05-25 10:03:21.000000000 +0200
+++ syncache-1.4/debian/changelog	2025-07-03 08:14:10.000000000 +0200
@@ -1,3 +1,10 @@
+syncache (1.4-1.3) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Remove untaint. Closes: #1106396.
+
+ -- Bastian Germann <bage at debian.org>  Thu, 03 Jul 2025 08:14:10 +0200
+
 syncache (1.4-1.2) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru syncache-1.4/debian/patches/0002-rm-untaint.patch syncache-1.4/debian/patches/0002-rm-untaint.patch
--- syncache-1.4/debian/patches/0002-rm-untaint.patch	1970-01-01 01:00:00.000000000 +0100
+++ syncache-1.4/debian/patches/0002-rm-untaint.patch	2025-07-03 08:14:10.000000000 +0200
@@ -0,0 +1,39 @@
+Description: Remove untaint
+Author: Bastian Germann <bage at debian.org>
+Bug-Debian: https://bugs.debian.org/1106396
+---
+--- syncache-1.4.orig/bin/syncache-drb
++++ syncache-1.4/bin/syncache-drb
+@@ -90,7 +90,7 @@ Options:
+     @debug = false
+     @pidfile = (0 == Process.uid) ?
+       "/var/run/#{PNAME}/#{PNAME}.pid" :
+-      File.join((ENV.has_key?('TMPDIR') ? ENV['TMPDIR'].dup.untaint : '/tmp'),
++      File.join((ENV.has_key?('TMPDIR') ? ENV['TMPDIR'].dup : '/tmp'),
+                 "#{PNAME}.pid")
+     @foreground = false
+ 
+@@ -105,19 +105,19 @@ Options:
+       when '--flush-delay'
+         @flush_delay = arg.to_i
+       when '--user'
+-        @user = arg.dup.untaint
++        @user = arg.dup
+       when '--error-log'
+-        @error_log = arg.dup.untaint
++        @error_log = arg.dup
+       when '--debug'
+         @debug = true
+       when '--pidfile'
+-        @pidfile = arg.dup.untaint
++        @pidfile = arg.dup
+       when '--foreground'
+         @foreground = true
+       end
+     end
+ 
+-    @uri = ARGV[0].dup.untaint if ARGV[0]
++    @uri = ARGV[0].dup if ARGV[0]
+     @user = Etc.getpwnam(@user)
+   end
+ 
diff -Nru syncache-1.4/debian/patches/series syncache-1.4/debian/patches/series
--- syncache-1.4/debian/patches/series	2016-04-16 09:51:28.000000000 +0200
+++ syncache-1.4/debian/patches/series	2025-07-03 08:14:10.000000000 +0200
@@ -1 +1,2 @@
 0001-syncache.gemspec-drop-git-invokation-fix-license.patch
+0002-rm-untaint.patch