This is an automated email from the git hooks/post-receive script. guillem pushed a commit to branch master in repository dpkg.
commit cb0a2b1ef2781ca3d79a9aeca20c3eb30db08d1c Author: David Kalnischkies <[email protected]> Date: Sun Aug 7 18:42:36 2016 +0200 dpkg-maintscript-helper: Make conffile commands more robust Check that conffile pathname arguments are absolute paths. Verify version number to be valid. [[email protected]: - reword error messages. - add a comment explaining the --compare-versions usage. - use 0 instead of 1-1 as dummy version number. ] Signed-off-by: Guillem Jover <[email protected]> --- debian/changelog | 3 +++ scripts/dpkg-maintscript-helper.sh | 12 ++++++++++++ 2 files changed, 15 insertions(+) diff --git a/debian/changelog b/debian/changelog index ac7d4fd..a87402f 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,6 +1,9 @@ dpkg (1.18.11) UNRELEASED; urgency=medium [ Guillem Jover ] + * Make dpkg-maintscript-helper conffile commands more robust. Check that + conffile pathname arguments are absolute paths and verify version number + to be valid. Thanks to David Kalnischkies <[email protected]>. * Packaging: - Add liblocale-gettext-perl to libdpkg-perl Recommends. - Wrap and document dependency relationships. diff --git a/scripts/dpkg-maintscript-helper.sh b/scripts/dpkg-maintscript-helper.sh index f0e69db..f20d826 100755 --- a/scripts/dpkg-maintscript-helper.sh +++ b/scripts/dpkg-maintscript-helper.sh @@ -46,6 +46,11 @@ rm_conffile() { [ -n "$1" ] || error "maintainer script parameters are missing" [ -n "$DPKG_MAINTSCRIPT_NAME" ] || \ error "environment variable DPKG_MAINTSCRIPT_NAME is required" + [ "${CONFFILE}" != "${CONFFILE#/}" ] || \ + error "conffile '$CONFFILE' is not an absolute path" + # Use --compare-versions to validate the version number. + [ -z "$(dpkg --compare-versions -- "$LASTVERSION" eq '0' 2>&1)" ] || \ + error "version '$LASTVERSION' is not valid" debug "Executing $0 rm_conffile in $DPKG_MAINTSCRIPT_NAME" \ "of $DPKG_MAINTSCRIPT_PACKAGE" @@ -153,6 +158,13 @@ mv_conffile() { [ -n "$1" ] || error "maintainer script parameters are missing" [ -n "$DPKG_MAINTSCRIPT_NAME" ] || \ error "environment variable DPKG_MAINTSCRIPT_NAME is required" + [ "${OLDCONFFILE}" != "${OLDCONFFILE#/}" ] || \ + error "old-conffile '$OLDCONFFILE' is not an absolute path" + [ "${NEWCONFFILE}" != "${NEWCONFFILE#/}" ] || \ + error "new-conffile '$NEWCONFFILE' is not an absolute path" + # Use --compare-versions to validate the version number. + [ -z "$(dpkg --compare-versions -- "$LASTVERSION" eq '0' 2>&1)" ] || \ + error "version '$LASTVERSION' is not valid" debug "Executing $0 mv_conffile in $DPKG_MAINTSCRIPT_NAME" \ "of $DPKG_MAINTSCRIPT_PACKAGE" -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/dpkg/dpkg.git
