[SCM] Debian package checker branch, squeeze, updated. 2.4.3-16-gddd5248
The following commit has been merged in the squeeze branch:
commit 56794746ee3f98544f4b17cae705444622ac9593
Author: Niels Thykier <niels@thykier.net>
Date: Thu Apr 4 23:47:34 2013 +0200
c/menus: Skip maintscripts that are symlink
Signed-off-by: Niels Thykier <niels@thykier.net>
diff --git a/checks/menus b/checks/menus
index 2c95a0f..08622ac 100644
--- a/checks/menus
+++ b/checks/menus
@@ -75,18 +75,10 @@ my $menumethod_file;
my $anymenu_file;
my $documentation;
-if (-f 'control/preinst') {
- check_script($pkg, 'preinst', \%preinst);
-}
-if (-f 'control/postinst') {
- check_script($pkg, 'postinst', \%postinst);
-}
-if (-f 'control/prerm') {
- check_script($pkg, 'prerm', \%prerm);
-}
-if (-f 'control/postrm') {
- check_script($pkg, 'postrm', \%postrm);
-}
+check_script($pkg, 'preinst', \%preinst);
+check_script($pkg, 'postinst', \%postinst);
+check_script($pkg, 'prerm', \%prerm);
+check_script($pkg, 'postrm', \%postrm);
# read package contents
for my $file (sort keys %{$info->index}) {
@@ -589,8 +581,12 @@ sub check_script {
my ($no_check_menu,$no_check_installdocs,$no_check_wmmenu,$calls_wmmenu);
my $interp;
+ # control files are regular files and not symlinks, pipes etc.
+ return if -l "control/$script" or not -f "control/$script";
+
open(IN, '<', "control/$script") or
fail("cannot open maintainer script control/$script for reading: $!");
+
$interp = <IN>;
$interp = '' unless defined $interp;
if ($interp =~ m,^\#\!\s*/bin/$known_shells_regex,) {
diff --git a/debian/changelog b/debian/changelog
index 6e24b82..8006809 100755
--- a/debian/changelog
+++ b/debian/changelog
@@ -9,6 +9,9 @@ lintian (2.4.3+squeeze2) stable; urgency=low
* checks/md5sums:
+ [NT] Fix path traversal issue that could leak information
about the host system.
+ * checks/menus:
+ + [NT] Fix path traversal issue that could leak information
+ about the host system.
-- Niels Thykier <niels@thykier.net> Fri, 05 Apr 2013 22:00:00 +0200
--
Debian package checker
Reply to: