This is an automated email from the git hooks/post-receive script. guillem pushed a commit to branch master in repository dpkg.
View the commit online: https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=15416a18f7645dbb9a36edb1e52f30a9e83c6627 commit 15416a18f7645dbb9a36edb1e52f30a9e83c6627 (HEAD -> master) Author: Guillem Jover <guil...@debian.org> AuthorDate: Tue May 5 05:47:22 2020 +0200 dpkg-deb, dpkg: Do not accept relative pathnames in DEBIAN/conffiles The pathnames in the binary package conffiles control file must be absolute. This has not been a problem in dpkg because the lookup function has normalized them by prefixing with a slash if missing, but these pathnames are clearly bogus, and must not be accepted. Reported-by: Niels Thykier <ni...@thykier.net> --- debian/changelog | 2 ++ dpkg-deb/build.c | 6 +++++- src/unpack.c | 4 ++++ t-func/deb-content.at | 10 ++++++++++ 4 files changed, 21 insertions(+), 1 deletion(-) diff --git a/debian/changelog b/debian/changelog index fecdf3aac..75ee4ceb8 100644 --- a/debian/changelog +++ b/debian/changelog @@ -14,6 +14,8 @@ dpkg (1.20.1) UNRELEASED; urgency=medium Based on a patch by Baptiste BEAUPLAT <lykn...@cilg.org>. Closes: #956321 * dpkg-source: Check that debian/tests/control has the required fields. Prompted by Felix Lechner <felix.lech...@lease-up.com>. + * dpkg-deb, dpkg: Do not accept relative pathnames in DEBIAN/conffiles. + Reported by Niels Thykier <ni...@thykier.net>. * Perl modules: - Dpkg: Add a LICENSE section to the POD. - Dpkg::Source::Package: Add new get_upstream_signing_key() method. diff --git a/dpkg-deb/build.c b/dpkg-deb/build.c index 3317b517a..faaf09122 100644 --- a/dpkg-deb/build.c +++ b/dpkg-deb/build.c @@ -278,8 +278,12 @@ check_conffiles(const char *ctrldir, const char *rootdir) conffilename); conffilename[n - 1] = '\0'; + + if (conffilename[0] != '/') + ohshit(_("conffile name '%s' is not an absolute pathname"), conffilename); + varbuf_reset(&controlfile); - varbuf_printf(&controlfile, "%s/%s", rootdir, conffilename); + varbuf_printf(&controlfile, "%s%s", rootdir, conffilename); if (lstat(controlfile.buf, &controlstab)) { if (errno == ENOENT) { if ((n > 1) && c_isspace(conffilename[n - 2])) diff --git a/src/unpack.c b/src/unpack.c index ee453a88d..23425c5dc 100644 --- a/src/unpack.c +++ b/src/unpack.c @@ -356,6 +356,10 @@ deb_parse_conffiles(struct pkginfo *pkg, const char *control_conffiles, continue; *p = '\0'; + if (conffilenamebuf[0] != '/') + ohshit(_("conffile name '%s' is not an absolute pathname"), + conffilenamebuf); + namenode = fsys_hash_find_node(conffilenamebuf, 0); namenode->oldhash = NEWCONFFILEFLAG; newconff = tar_fsys_namenode_queue_push(newconffiles, namenode); diff --git a/t-func/deb-content.at b/t-func/deb-content.at index ed9aef56c..52fbecc71 100644 --- a/t-func/deb-content.at +++ b/t-func/deb-content.at @@ -29,6 +29,16 @@ dpkg-deb -b pkg-conff-noeol pkg-conff-noeol.deb ], [2], [ignore], [dpkg-deb: error: conffile name '/test-conffile-1' is too long, or missing final newline ]) +DPKG_GEN_CONTROL([pkg-conff-noabs]) +DPKG_GEN_FILE([pkg-conff-noabs], [conffiles], [test-conffile-rel]) +AT_DATA([pkg-conff-noabs/test-conffile-rel], [test init +]) +AT_CHECK([ +# Conffiles must use absolute pathnames. +dpkg-deb -b pkg-conff-noabs pkg-conff-noabs.deb +], [2], [ignore], [dpkg-deb: error: conffile name 'test-conffile-rel' is not an absolute pathname +]) + DPKG_GEN_CONTROL([pkg-deb-newline]) touch 'pkg-deb-newline/file newline' -- Dpkg.Org's dpkg
