[SCM] Debian package checker branch, master, updated. 2.5.11-269-g4fa9095
The following commit has been merged in the master branch:
commit b5a961618ae310edc34ac7df16f5c823322af2df
Author: Niels Thykier <niels@thykier.net>
Date: Thu Apr 4 23:33:42 2013 +0200
c/init.d: Guard against possible symlink traversals
Signed-off-by: Niels Thykier <niels@thykier.net>
diff --git a/checks/init.d b/checks/init.d
index 2c139ef..2604bf2 100644
--- a/checks/init.d
+++ b/checks/init.d
@@ -89,7 +89,9 @@ my $action_r = qr/\w+/;
my $exclude_r = qr/if\s+\[\s+-x\s+\S*update-rc\.d/;
# read postinst control file
-if (open(IN, '<', $postinst)) {
+if ( -f $postinst and not -l $postinst) {
+ open(IN, '<', $postinst)
+ or fail "open postinst: $!";
while (<IN>) {
next if /$exclude_r/o;
s/\#.*$//o;
@@ -105,11 +107,13 @@ if (open(IN, '<', $postinst)) {
tag 'output-of-updaterc.d-not-redirected-to-dev-null', "$name postinst";
}
}
+ close(IN);
}
-close(IN);
# read preinst control file
-if (open(IN, '<', $preinst)) {
+if ( -f $preinst and not -l $preinst) {
+ open(IN, '<', $preinst)
+ or fail "open preinst: $!";
while (<IN>) {
next if /$exclude_r/o;
s/\#.*$//o;
@@ -124,7 +128,9 @@ if (open(IN, '<', $preinst)) {
}
# read postrm control file
-if (open(IN, '<', $postrm)) {
+if ( -f $postrm and not -l $postrm) {
+ open(IN, '<', $postrm)
+ or fail "open postrm: $!";
while (<IN>) {
next if /$exclude_r/o;
s/\#.*$//o;
@@ -141,7 +147,9 @@ if (open(IN, '<', $postrm)) {
}
# read prerm control file
-if (open(IN, '<', $prerm)) {
+if ( -f $prerm and not -l $prerm) {
+ open(IN, '<', $prerm)
+ or fail "open prerm: $!";
while (<IN>) {
next if /$exclude_r/o;
s/\#.*$//o;
diff --git a/debian/changelog b/debian/changelog
index 7e47fbd..96e262c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -109,6 +109,8 @@ lintian (2.5.12) UNRELEASED; urgency=low
+ [NT] Fix regression where Lintian would not properly match
init.d passed to update-rc.d. Thanks to Michael Meskes for
reporting. (Closes: #698602)
+ + [NT] Fix possible symlink traversal that could leak
+ information about the host system.
* checks/java{,.desc}:
+ [NT] Report possibly broken jar files.
* checks/md5sums:
--
Debian package checker
Reply to: