Viewing all changes in revision 4.
- Committer: Package Import Robot
- Date: 2012-04-04 12:02:31 UTC
- mfrom: (1.1.2)
- Revision ID: package-import@ubuntu.com-20120404120231-7zjwd0oxb4fsaopi
* debian/copyright, upload/go/index.html, upload/index.html,
usr/bin/zEscrow, www/deposit/go/index.html, www/deposit/index.html,
www/include/above.html, www/include/below.html,
www/include/credentials.html.CHANGE_ME, www/include/escrow.css,
www/include/functions.html, www/index.html, www/not-
found/index.html, www/openid/index.html, www/openid/return.html,
www/privacy.html, www/retrieve/go/index.html,
www/retrieve/index.html, www/terms.html:
- Copyright updated to include Gazzang, Inc.
* usr/bin/zEscrow:
- Multiple security fixes, according to line-by-line code audit by
Kees Cook <kees@ubuntu.com>
- use 'set -e' rather than sh -e, to ensure errors are caught if an
interpreter other than sh is used
- store the stty earlier and restore on trapped exits
- generate the tempfile with the required extensions
- drop redundant chmodding
- note specifically that the user's passphrase is NOT sent to the server
- remove one of the client/server roundtrips, fetching the key
fingerprint
- instead, use gpg's --status-fd to parse machine readable output and
retrieve the fingerprint from there
- catch curl errors
- catch gpg import errors
- validate the fingerprint
- drop use of wildcard in copying to tempdir
- make the $url more readable
- handle the browser launching prompt correctly
usr/bin/zEscrow, www/deposit/go/index.html, www/deposit/index.html,
www/include/above.html, www/include/below.html,
www/include/credentials.html.CHANGE_ME, www/include/escrow.css,
www/include/functions.html, www/index.html, www/not-
found/index.html, www/openid/index.html, www/openid/return.html,
www/privacy.html, www/retrieve/go/index.html,
www/retrieve/index.html, www/terms.html:
- Copyright updated to include Gazzang, Inc.
* usr/bin/zEscrow:
- Multiple security fixes, according to line-by-line code audit by
Kees Cook <kees@ubuntu.com>
- use 'set -e' rather than sh -e, to ensure errors are caught if an
interpreter other than sh is used
- store the stty earlier and restore on trapped exits
- generate the tempfile with the required extensions
- drop redundant chmodding
- note specifically that the user's passphrase is NOT sent to the server
- remove one of the client/server roundtrips, fetching the key
fingerprint
- instead, use gpg's --status-fd to parse machine readable output and
retrieve the fingerprint from there
- catch curl errors
- catch gpg import errors
- validate the fingerprint
- drop use of wildcard in copying to tempdir
- make the $url more readable
- handle the browser launching prompt correctly
- files added:
- usr/bin/zEscrow.orig
- files modified:
- ChangeLog
expand all
collapse all
added
removed
