* Jakub Wilk <[email protected]>, 2014-02-23, 12:11:
Perhaps a more viable way would be to construct a temporary new source package, and let dpkg-source deal with all the corner cases of unpacking it?
Now I realized that this won't work, because dpkg-source insist that patches apply without fuzz.
So here's a different strategy, similar to what tar(1) implements to defend against symlink attacks:
1) Unpack .orig.tar. 2) Delete all symlinks (and maybe also other non-regular files). 3) Apply the diff. 4) Restore all the files deleted in step 2. -- Jakub Wilk _______________________________________________ devscripts-devel mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/devscripts-devel
