This is an automated email from the git hooks/post-receive script. guillem pushed a commit to branch master in repository dpkg.
View the commit online: https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=157a4e6c0f1dda42b1ae3bae8086a9a64d85e2f9 commit 157a4e6c0f1dda42b1ae3bae8086a9a64d85e2f9 Author: Guillem Jover <[email protected]> AuthorDate: Mon Nov 2 11:15:47 2020 +0100 Dpkg::Source::Package: Honor no_check for directory traversal checks While this is a potential security issue, we should let the user disable the check in case it has been requested explicitly. Ref: #971203 --- scripts/Dpkg/Source/Package.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/Dpkg/Source/Package.pm b/scripts/Dpkg/Source/Package.pm index 1b52b0ee3..19a49eeba 100644 --- a/scripts/Dpkg/Source/Package.pm +++ b/scripts/Dpkg/Source/Package.pm @@ -553,7 +553,7 @@ sub extract { $self->do_extract($newdirectory); # Check for directory traversals. - if (not $self->{options}{skip_debianization}) { + if (not $self->{options}{skip_debianization} and not $self->{no_check}) { # We need to add a trailing slash to handle the debian directory # possibly being a symlink. check_directory_traversal($newdirectory, "$newdirectory/debian/"); -- Dpkg.Org's dpkg
