Your message dated Tue, 07 Jul 2020 06:33:49 +0000
with message-id <[email protected]>
and subject line Bug#964111: fixed in dpkg 1.20.4
has caused the Debian Bug report #964111,
regarding dpkg-source: False positive 'points outside source root'
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
964111: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964111
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: dpkg-source
Severity: minor
Tags: patch
X-Debbugs-CC: [email protected]
Hi,
The new version of dpkg-source recently caused the failures of three
Lintian tests. All had link targets pointing outside the source root,
which caused the failures, but there was an additional warning:
Use of uninitialized value $canon_pathname in pattern match (m//)
at /usr/share/perl5/Dpkg/Source/Package.pm line 555.
Here are the tests:
checks/files/encoding/testsuite-in-western-encoding
checks/testsuite/national-encoding
checks/testsuite/testsuite-general
The patch below caused the warning to disappear. Thank you for your
hard work on Dpkg.
Kind regards
Felix Lechner
* * *
--- Package.pm 2020-07-01 21:35:04.978251308 +0000
+++ /usr/share/perl5/Dpkg/Source/Package.pm 2020-07-01
21:35:42.846687621 +0000
@@ -552,6 +552,7 @@
my $canon_newdir = realpath($newdirectory);
my $check_symlinks = sub {
my $canon_pathname = realpath($_);
+ return unless length $canon_pathname;
return if $canon_pathname =~ m/^\Q$canon_newdir\E/;
error(g_("pathname '%s' points outside source root"), $_);
--- End Message ---
--- Begin Message ---
Source: dpkg
Source-Version: 1.20.4
Done: Guillem Jover <[email protected]>
We believe that the bug you reported is fixed in the latest version of
dpkg, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Guillem Jover <[email protected]> (supplier of updated dpkg package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 07 Jul 2020 07:57:48 +0200
Source: dpkg
Architecture: source
Version: 1.20.4
Distribution: unstable
Urgency: medium
Maintainer: Dpkg Developers <[email protected]>
Changed-By: Guillem Jover <[email protected]>
Closes: 870383 964017 964111 964234
Changes:
dpkg (1.20.4) unstable; urgency=medium
.
[ Guillem Jover ]
* Improve PIE flags support:
- Prefix the specs file spec string self_spec with + instead of *.
This way we do not override any previous setting, otherwise when
passing the -specs options twice (f.ex. to compile and link), only the
last one will take effect, which can break the build. Closes: #870383
* Perl modules:
- Dpkg::Source::Package: Explicitly initialize constructor options to
their implicit values, otherwise other code end up assuming different
defaults. Closes: #964017
- Dpkg::OpenPGP: Use a temporary directory for the GnuPG homedir in
verify_signature(), to make sure we do not write to the user home
directory, except for the trustkeys.db file if present.
- Dpkg::Path: Refactor new check_directory_traversal() function out of
Dpkg::Source::Package->extract().
- Dpkg::Path: Do not do partial matches for directory traversal checks,
expect a trailing slash after the base directory name.
- Dpkg::Path: Catch uncanonicanizable pathnames with a proper error.
Closes: #964111
- Dpkg::Path: Do not consider missing symlink targets a directory
traversal attempt. Closes: #964234
- Dpkg::Path: Allow /dev/null for directory traversals.
Reported by Holger Levsen <[email protected]>.
* Build system:
- Add Module::Signature as configure recommends for CPAN.
* Test suite:
- Use File::Path::make_path() instead of chained mkdir() in Dpkg_Path.t.
- Add unit tests for Dpkg::Path::check_directory_traversal().
.
[ Updated programs translations ]
* German (Sven Joachim).
Checksums-Sha1:
12983dabc712157582b2bcff0c1b0e6f1de9e65c 2109 dpkg_1.20.4.dsc
41a445efe3c51e07b38948defd51e601683a5448 4715020 dpkg_1.20.4.tar.xz
413c302f34195f09a53ef23943c9ebda3f811802 7501 dpkg_1.20.4_amd64.buildinfo
Checksums-Sha256:
2762a810d5c151316d170bc0ab6e610283e6454c5df5c34edd2fd33d0c79a64a 2109
dpkg_1.20.4.dsc
3430d76d75b66eeccad8382dad7148e6f46fedce90587964608f0c5c733abe52 4715020
dpkg_1.20.4.tar.xz
e78395058970d3c8dc03b462de8459104fbe12edc71f88af9c0617264da2bc2b 7501
dpkg_1.20.4_amd64.buildinfo
Files:
19ca3ea2f56ee6cf181a4e5dc14e16e6 2109 admin required dpkg_1.20.4.dsc
58f92b5d3d464629119148a1fa3eb331 4715020 admin required dpkg_1.20.4.tar.xz
6b8be7267af03c5acb91430f3d8e2325 7501 admin required
dpkg_1.20.4_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEETz509DYFDBD1aWV0uXK/PqSuV6MFAl8EET0ACgkQuXK/PqSu
V6Ms6g//Y1YBiJHcObBffo1yrWIVQxmDJx1V52NMjMQcZiJEoRDsCkHJzoBoeyHq
VzI807ztMGXpr4P9+2kdgN1N0JcG6vKEB/VtnIbNdoEmIx13RoBM5WVnG04oRevL
Sh6lCsFkET/in71O/CO6hpMV5KsNaoXuiLsJwZ3ggTeuKBinRhlCRfphU28gM8hE
8HvM+oBnitmuCLItoOT9MUps4B0LU1cCLf+mpsbKcJiTIZinbH8EyDx5BvNxf4fe
avX2++4WTJirlesXkkOh3A/PjwRER6QGJqV24unDDjStQSab2TVKKk5pmna+V0kT
ifI8qqOvLDbflT7MAyOklHTxnVK6TDUNSSNC+CyzO/g+vDuFweIpNQF7fcbtMT8w
HF37am4F6UjiQiVpKEAhlVPK1dunG37IYZAQWAY069ywQ48WJPc9KdsbuEPSqH8J
oAdrdx4OFLwz4KD9c31mMnzPzmJjWNtNMf/rxh0/fHypSbftF1ylVHcmVdy0mk7t
9JdHTS3PV37aQnOS4O450IujaUrbBkSU56By+jfsKaDW9W/nsk0+M2MHHAHfvV4f
qNjopmgDbi8CwIZcf8z4aWbXNSWstMa1fXrDQvMPsCDd20qeH9N6Cb//800l5/jF
E00ilFm/yykwBgBJxR/ujv7R0sWB3oxnXAN9cMT9cAB8qR2A1ZA=
=ra/4
-----END PGP SIGNATURE-----
--- End Message ---
