From 046f107622bfffedb3109c14fd607c60e5b60cc6 Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Fri, 15 Oct 2010 16:47:43 -0400
Subject: [PATCH] resolve http://bugs.debian.org/600304 -- do not place
 arbitrary/escaped user ids into the shell

---
 debian/changelog           |  6 ++++++
 debian/patches/600304.diff | 13 +++++++++++++
 debian/patches/series      |  1 +
 3 files changed, 20 insertions(+)
 create mode 100644 debian/patches/600304.diff

diff --git a/debian/changelog b/debian/changelog
index aa9b05a..b03dff7 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+monkeysphere (0.31-3) unstable; urgency=high
+
+  * avoid mis-escaping uids, fixes a security issue. (Closes: #600304)
+
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net>  Fri, 15 Oct 2010 16:46:17 -0400
+
 monkeysphere (0.31-2) unstable; urgency=low
 
   * sleep a bit in keytrans suite to ensure that at least a full second
diff --git a/debian/patches/600304.diff b/debian/patches/600304.diff
new file mode 100644
index 0000000..6588ead
--- /dev/null
+++ b/debian/patches/600304.diff
@@ -0,0 +1,13 @@
+diff --git a/src/share/ma/keys_for_user b/src/share/ma/keys_for_user
+index f48d5d3..b0c3cf5 100644
+--- a/src/share/ma/keys_for_user
++++ b/src/share/ma/keys_for_user
+@@ -44,7 +44,7 @@ export GNUPGHOME
+ # extract user IDs from authorized_user_ids file
+ IFS=$'\n'
+ for line in $(meat "$authorizedUserIDs") ; do
+-    su_monkeysphere_user ". ${SYSSHAREDIR}/common; keys_for_userid '$line'"
++    printf '%s\n' "$line" | su_monkeysphere_user ". ${SYSSHAREDIR}/common; keys_for_userid \"\$X\"" || true
+ done
+ 
+ }
diff --git a/debian/patches/series b/debian/patches/series
index 101870b..af8e9c7 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1 +1,2 @@
 591118.diff
+600304.diff
-- 
2.26.2