[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SCM] Debian package checker branch, master, updated. 2.1.3-37-gfad5411



The following commit has been merged in the master branch:
commit f68b8f057a27e34a43426a4f3c700334f3adbf30
Author: Russ Allbery <rra@debian.org>
Date:   Tue Dec 30 16:18:38 2008 -0800

    Improve collection of symlinked copyright files
    
    * collection/copyright-file:
      + [RA] Copy copyright files that are relative links, provided that the
        link is safe, and otherwise treat symlinked copyright files as if
        they were empty.  Fixes a Lintian crash on packages where the
        copyright file is a relative symlink.

diff --git a/collection/copyright-file b/collection/copyright-file
index efd474b..04425dd 100755
--- a/collection/copyright-file
+++ b/collection/copyright-file
@@ -24,6 +24,8 @@ use strict;
 use lib "$ENV{'LINTIAN_ROOT'}/lib";
 use Util;
 
+use File::Copy qw(copy);
+
 ($#ARGV == 1) or fail("syntax: copyright-file <pkg> <type>");
 my $pkg = shift;
 my $type = shift;
@@ -39,7 +41,17 @@ my $file;
 if (-f $file1 ) { $file = $file1; }
 else { $file = $file2; }
 
-if (-f $file) {
+# If copyright was a symlink, we need to make a copy of it.  Just hardlinking
+# to the symlink may leave a relative symlink into a directory we can't
+# unpack.  Be careful about what symlinks we allow, though.
+if (-l $file) {
+    my $link = readlink($file) or fail("cannot readlink $file: $!");
+    if ($link =~ /\.\./ || ($link =~ m%/% && $link !~ m%^[^/]+(/+[^/]+)*\z%)) {
+        touch_file("copyright");
+    } else {
+        copy($file, "copyright") or fail("cannot copy $file: $!");
+    }
+} elsif (-f $file) {
     link($file, "copyright")
 	or fail("cannot link $file to copyright: $!");
 } elsif (-f "$file.gz") {
diff --git a/debian/changelog b/debian/changelog
index 82e3c05..a330a9b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -68,6 +68,12 @@ lintian (2.1.4) UNRELEASED; urgency=low
       (Closes: #381485)
     + [RA] Allow dpkg-dev to satisfy a make dependency.  (Closes: #510190)
 
+  * collection/copyright-file:
+    + [RA] Copy copyright files that are relative links, provided that the
+      link is safe, and otherwise treat symlinked copyright files as if
+      they were empty.  Fixes a Lintian crash on packages where the
+      copyright file is a relative symlink.
+
   * debian/rules:
     + [RA] New check-tag target which runs all test cases in the new test
       suite that check for or against a particular tag.

-- 
Debian package checker


Reply to: