rigid call to python2.4 instead of relying on /usr/bin/env

2007-11-06 17:57:59 -05:00 · 2007-11-06 17:57:59 -05:00 · 398ae233b5
parent d4e0fc4a34
commit 398ae233b5
3 changed files with 47 additions and 0 deletions
--- a/debian/changelog
+++ b/debian/changelog
@ -10,6 +10,8 @@ fail2ban (0.7.5-2etch1~pre3) stable-security; urgency=low
    (introduced upstream in 0.7.6)
  * Propagated "Fixed removal of host in hosts.deny" from 0.7.6, to prevent
    possible DoS
+  * Rigid call to python2.4 instead of via /usr/bin/env to prevent
+    in-the-middle attack via environment poisoning

 -- Yaroslav Halchenko <debian@onerussian.com>  Tue, 01 May 2007 22:18:03 -0400

--- a/debian/patches/00list
+++ b/debian/patches/00list
@ -9,3 +9,4 @@ X00_rigid_python24
 00_mail-whois-lines
 s00_asctime-0.7.8
 00_hostsdeny
+X00_rigid_usrbinpython
--- a/debian/patches/X00_rigid_usrbinpython.dpatch
+++ b/debian/patches/X00_rigid_usrbinpython.dpatch
@ -0,0 +1,44 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## rigid_python2.4.dpatch by  <debian@onerussian.com>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Due to currently default python2.3 we need to hardcode use of python2.4 
+## DP: for now
+
+@DPATCH@
+diff -urNad fail2ban~/fail2ban-client fail2ban/fail2ban-client
+--- fail2ban~/fail2ban-client	2007-11-06 18:02:02.000000000 -0500
+++ fail2ban/fail2ban-client	2007-11-06 18:02:27.000000000 -0500
+@@ -1,4 +1,4 @@
+-#!/usr/bin/env python2.4
+#!/usr/bin/python2.4
+ # This file is part of Fail2Ban.
+ #
+ # Fail2Ban is free software; you can redistribute it and/or modify
+diff -urNad fail2ban~/fail2ban-server fail2ban/fail2ban-server
+--- fail2ban~/fail2ban-server	2007-11-06 18:02:02.000000000 -0500
+++ fail2ban/fail2ban-server	2007-11-06 18:02:29.000000000 -0500
+@@ -1,4 +1,4 @@
+-#!/usr/bin/env python2.4
+#!/usr/bin/python2.4
+ # This file is part of Fail2Ban.
+ #
+ # Fail2Ban is free software; you can redistribute it and/or modify
+diff -urNad fail2ban~/fail2ban-testcases fail2ban/fail2ban-testcases
+--- fail2ban~/fail2ban-testcases	2007-11-06 18:02:02.000000000 -0500
+++ fail2ban/fail2ban-testcases	2007-11-06 18:02:31.000000000 -0500
+@@ -1,4 +1,4 @@
+-#!/usr/bin/env python2.4
+#!/usr/bin/python2.4
+ # This file is part of Fail2Ban.
+ #
+ # Fail2Ban is free software; you can redistribute it and/or modify
+diff -urNad fail2ban~/setup.py fail2ban/setup.py
+--- fail2ban~/setup.py	2007-11-06 18:02:02.000000000 -0500
+++ fail2ban/setup.py	2007-11-06 18:02:35.000000000 -0500
+@@ -1,4 +1,4 @@
+-#!/usr/bin/env python2.4
+#!/usr/bin/python2.4
+ 
+ # This file is part of Fail2Ban.
+ #