Package: dpkg
Version: 1.18.4ubuntu1.4
Severity: normal
scripts/Dpkg/Source/Patch.pm has the following code:
while (1) {
if (-l $path) {
error(g_('diff %s modifies file %s through a symlink: %s'),
$diff, $fn{$key}, $path);
}
$diff is a patch file in debian/patches/*.patch.
$path is the path within package's source tree.
The idea here is to prevent dpkg from ever overwriting files from outside the
source tree (CVE-2010-1679).
This protection is overly-broad, because I cannot modify any files that happen
to be symlinks at all. In particular I want to create a debian .patch file that
updates the destination of a symlink in my package's tree.
If I use git-buildpackage to manage my changes in a patch-queue branch,
"git-buildpackage pq export" will generate debian .patches that update symlink
destinations, but then dpkg-source cannot process these .patch files.
-- System Information:
Debian Release: stretch/sid
APT prefers xenial-updates
APT policy: (500, 'xenial-updates'), (500, 'xenial-security'), (500,
'xenial'), (100, 'xenial-backports')
Architecture: amd64 (x86_64)
Kernel: Linux 4.18.8-200.fc28.x86_64 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Init: unable to detect
Versions of packages dpkg depends on:
ii libbz2-1.0 1.0.6-8
ii libc62.23-0ubuntu10
ii liblzma5 5.1.1alpha+20120614-2ubuntu2
ii libselinux1 2.4-3build2
ii tar 1.28-2.1ubuntu0.1
ii zlib1g 1:1.2.8.dfsg-2ubuntu4.1
dpkg recommends no packages.
Versions of packages dpkg suggests:
ii apt 1.2.27
-- no debconf information
