[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SCM] Debian package checker branch, wheezy, updated. 2.5.10.4-15-ge0dc594

The following commit has been merged in the wheezy branch:
commit 745a2f77a4fa339ae0f6669534aed4833165aba0
Author: Niels Thykier <niels@thykier.net>
Date:   Thu Apr 4 23:47:34 2013 +0200

    c/menus: Skip maintscripts that are symlink
    
    Signed-off-by: Niels Thykier <niels@thykier.net>

diff --git a/checks/menus b/checks/menus
index 01be751..9803a71 100644
--- a/checks/menus
+++ b/checks/menus
@@ -70,18 +70,10 @@ my $menumethod_file;
 my $anymenu_file;
 my $documentation;
 
-if (-f $info->control('preinst')) {
-    check_script($pkg, $info->control('preinst'), 'preinst', \%preinst);
-}
-if (-f $info->control('postinst')) {
-    check_script($pkg, $info->control('postinst'), 'postinst', \%postinst);
-}
-if (-f $info->control('prerm')) {
-    check_script($pkg, $info->control('prerm'), 'prerm', \%prerm);
-}
-if (-f $info->control('postrm')) {
-    check_script($pkg, $info->control('postrm'), 'postrm', \%postrm);
-}
+check_script($pkg, $info->control('preinst'), 'preinst', \%preinst);
+check_script($pkg, $info->control('postinst'), 'postinst', \%postinst);
+check_script($pkg, $info->control('prerm'), 'prerm', \%prerm);
+check_script($pkg, $info->control('postrm'), 'postrm', \%postrm);
 
 # read package contents
 for my $file ($info->sorted_index) {
@@ -575,6 +567,9 @@ sub check_script {
     my ($no_check_menu,$no_check_installdocs);
     my $interp;
 
+    # control files are regular files and not symlinks, pipes etc.
+    return if -l $spath or not -f $spath;
+
     open(IN, '<', $spath) or
         fail("cannot open maintainer script control/$script for reading: $!");
     $interp = <IN>;
diff --git a/debian/changelog b/debian/changelog
index c3d20b6..fd02807 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -9,6 +9,9 @@ lintian (2.5.10.5) unstable; urgency=low
   * checks/md5sums:
     + [NT] Fix path traversal issue that could leak information
       about the host system.
+  * checks/menus:
+    + [NT] Fix path traversal issue that could leak information
+      about the host system.
 
  -- Niels Thykier <niels@thykier.net>  Fri, 05 Apr 2013 17:15:00 +0200
 

-- 
Debian package checker
Reply to: