This is an automated email from the git hooks/post-receive script. jamessan pushed a commit to branch master in repository devscripts.
commit 89d0888eb2f3f6625a3f58bf54bc5e9bbc69d090 Author: James McCoy <[email protected]> Date: Fri Dec 13 21:51:49 2013 -0500 Add test for code execution when cleaning up "dirty" tarball Signed-off-by: James McCoy <[email protected]> --- test/test_uscan | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/test/test_uscan b/test/test_uscan index aa8ccf7..30f98b0 100755 --- a/test/test_uscan +++ b/test/test_uscan @@ -69,21 +69,24 @@ Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Files-Excluded: exclude-this END - mkdir -p $TMPDIR/repo/$PKG - touch $TMPDIR/repo/$PKG/include-this - touch $TMPDIR/repo/$PKG/exclude-this + mkdir -p $TMPDIR/repo + touch $TMPDIR/repo/include-this + touch $TMPDIR/repo/exclude-this + mkdir -p "$TMPDIR/repo/; echo baz; #/" ( cd $TMPDIR/repo ; - tar cfz $PKG-1.tar.gz $PKG ; + tar cfz $PKG-1.tar.gz * ; python -m SimpleHTTPServer $PORT & echo $! > pid ) - ( cd $TMPDIR/$PKG ; $COMMAND ) + OUTPUT=$( (cd $TMPDIR/$PKG ; $COMMAND) | grep baz) TARBALL=${PKG}_1+dfsg.orig.tar.gz assertTrue 'pristine tarball is not created' "[ -f $TMPDIR/$TARBALL ]" assertNull 'file that must be excluded is present in the tarball' \ "$( tar tzf $TMPDIR/$TARBALL | grep exclude-this )" + # 731849 + assertNull 'dirty root directory allowed command execution' "$OUTPUT" cleanup -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/collab-maint/devscripts.git _______________________________________________ devscripts-devel mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/devscripts-devel
