Version in base suite: 2.9.4-2

Base version: linuxcnc_2.9.4-2
Target version: linuxcnc_2.9.4-2+deb13u1
Base file: /srv/ftp-master.debian.org/ftp/pool/main/l/linuxcnc/linuxcnc_2.9.4-2.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/l/linuxcnc/linuxcnc_2.9.4-2+deb13u1.dsc

 changelog                             |   11 +++++++++++
 gbp.conf                              |    4 ++++
 patches/0010-sanitize-hal-paths.patch |   23 +++++++++++++++++++++++
 patches/series                        |    1 +
 4 files changed, 39 insertions(+)

dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmpr1s3083c/linuxcnc_2.9.4-2.dsc: no acceptable signature found
dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmpr1s3083c/linuxcnc_2.9.4-2+deb13u1.dsc: no acceptable signature found
diff: /srv/release.debian.org/tmp/zQTRUSzxPy/linuxcnc-2.9.4/configs/sim/axis/orphans/iocontrol-removed/nc_subroutines: No such file or directory
diff: /srv/release.debian.org/tmp/nRvetI8zu9/linuxcnc-2.9.4/configs/sim/axis/orphans/iocontrol-removed/nc_subroutines: No such file or directory
diff: /srv/release.debian.org/tmp/zQTRUSzxPy/linuxcnc-2.9.4/configs/sim/axis/orphans/iocontrol-removed/tool.tbl: No such file or directory
diff: /srv/release.debian.org/tmp/nRvetI8zu9/linuxcnc-2.9.4/configs/sim/axis/orphans/iocontrol-removed/tool.tbl: No such file or directory
diff: /srv/release.debian.org/tmp/zQTRUSzxPy/linuxcnc-2.9.4/tests/trajectory-planner/circular-arcs/configs/axis_manualtoolchange.hal: No such file or directory
diff: /srv/release.debian.org/tmp/nRvetI8zu9/linuxcnc-2.9.4/tests/trajectory-planner/circular-arcs/configs/axis_manualtoolchange.hal: No such file or directory
diff: /srv/release.debian.org/tmp/zQTRUSzxPy/linuxcnc-2.9.4/tests/trajectory-planner/circular-arcs/configs/core_sim9.hal: No such file or directory
diff: /srv/release.debian.org/tmp/nRvetI8zu9/linuxcnc-2.9.4/tests/trajectory-planner/circular-arcs/configs/core_sim9.hal: No such file or directory
diff -Nru linuxcnc-2.9.4/debian/changelog linuxcnc-2.9.4/debian/changelog
--- linuxcnc-2.9.4/debian/changelog	2025-04-13 22:10:01.000000000 +0000
+++ linuxcnc-2.9.4/debian/changelog	2026-06-28 21:02:42.000000000 +0000
@@ -1,3 +1,14 @@
+linuxcnc (1:2.9.4-2+deb13u1) trixie; urgency=medium
+
+  * Team upload.
+
+  * Added 0010-sanitize-hal-paths.patch to sanitize name for module in
+    rtapi_app (Closes: #1140943).
+  * Added d/gbp.conf to enforce the use of pristine-tar and using
+    correct git branch for stable updates.
+
+ -- Petter Reinholdtsen <pere@debian.org>  Sun, 28 Jun 2026 23:02:42 +0200
+
 linuxcnc (1:2.9.4-2) unstable; urgency=medium
 
   * Team upload.
diff -Nru linuxcnc-2.9.4/debian/gbp.conf linuxcnc-2.9.4/debian/gbp.conf
--- linuxcnc-2.9.4/debian/gbp.conf	1970-01-01 00:00:00.000000000 +0000
+++ linuxcnc-2.9.4/debian/gbp.conf	2026-06-28 21:02:37.000000000 +0000
@@ -0,0 +1,4 @@
+[DEFAULT]
+debian-branch   = debian/trixie
+upstream-branch = upstream
+pristine-tar    = True
diff -Nru linuxcnc-2.9.4/debian/patches/0010-sanitize-hal-paths.patch linuxcnc-2.9.4/debian/patches/0010-sanitize-hal-paths.patch
--- linuxcnc-2.9.4/debian/patches/0010-sanitize-hal-paths.patch	1970-01-01 00:00:00.000000000 +0000
+++ linuxcnc-2.9.4/debian/patches/0010-sanitize-hal-paths.patch	2026-06-28 21:02:15.000000000 +0000
@@ -0,0 +1,23 @@
+Description: Fix rtapi_app: Sanitize name for module
+From: Hannes Diethelm <hannes.diethelm@gmail.com>
+Origin: https://github.com/LinuxCNC/linuxcnc/commit/00d534c87464a3ed446656998aa02b8abc74b391
+Reviewed-by: Petter Reinholdtsen <pere@debian.org>
+Forwarded: not-needed
+Last-Update: 2026-06-28
+
+diff --git a/src/rtapi/uspace_rtapi_app.cc b/src/rtapi/uspace_rtapi_app.cc
+index 6e6298831b..8e600cc4b7 100644
+--- a/src/rtapi/uspace_rtapi_app.cc
++++ b/src/rtapi/uspace_rtapi_app.cc
+@@ -274,6 +274,11 @@ static int do_comp_args(void *module, vector<string> args) {
+ static int do_load_cmd(string name, vector<string> args) {
+     void *w = modules[name];
+     if(w == NULL) {
++        //Sanitize the name
++        if(name.find("/") != std::string::npos || name.find("..") != std::string::npos){
++            rtapi_print_msg(RTAPI_MSG_ERR, "%s: Not allowed as module name. Slashes or with \"..\" (even /a..b/) are not allowed.\n", name.c_str());
++            return -1;
++        }
+         char what[LINELEN+1];
+         snprintf(what, LINELEN, "%s/%s.so", EMC2_RTLIB_DIR, name.c_str());
+         void *module = modules[name] = dlopen(what, RTLD_GLOBAL | RTLD_NOW);
diff -Nru linuxcnc-2.9.4/debian/patches/series linuxcnc-2.9.4/debian/patches/series
--- linuxcnc-2.9.4/debian/patches/series	1970-01-01 00:00:00.000000000 +0000
+++ linuxcnc-2.9.4/debian/patches/series	2026-06-28 21:02:15.000000000 +0000
@@ -0,0 +1 @@
+0010-sanitize-hal-paths.patch