[Reproducible-commits] [dpkg] 04/05: scripts: Add test case for patch disabling hunks
Holger Levsen
holger at layer-acht.org
Tue May 3 08:43:18 UTC 2016
This is an automated email from the git hooks/post-receive script.
holger pushed a commit to annotated tag 1.15.11
in repository dpkg.
commit ceb5b2b38a2c9db3e738a5ad69afdc5aeef7a23b
Author: Guillem Jover <guillem at debian.org>
Date: Thu May 22 00:47:05 2014 +0200
scripts: Add test case for patch disabling hunks
Cherry picked from commit bb2fe22738675a5a92d65aad03efcc73efd3a368.
This does not pose any security issue, as the hunk parser is strict, and
will reject a patch if it considers that the hunk marker is not present.
---
debian/changelog | 1 +
scripts/Makefile.am | 1 +
scripts/t/Dpkg_Source_Patch.t | 5 ++++-
scripts/t/Dpkg_Source_Patch/ghost-hunk.patch | 7 +++++++
4 files changed, 13 insertions(+), 1 deletion(-)
diff --git a/debian/changelog b/debian/changelog
index 621875c..4a5a384 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,7 @@ dpkg (1.15.11) UNRELEASED; urgency=low
[ Guillem Jover ]
* Test suite:
- Add test cases for Dpkg::Source::Patch CVE-2014-0471 and CVE-2014-3127.
+ - Add test case for patch disabling hunks; not security sensitive.
* Correctly parse patch headers in Dpkg::Source::Patch, to avoid directory
traversal attempts from hostile source packages when unpacking them.
Reported by Javier Serrano Polo <javier at jasp.net> as an unspecified
diff --git a/scripts/Makefile.am b/scripts/Makefile.am
index 43bd51a..766cece 100644
--- a/scripts/Makefile.am
+++ b/scripts/Makefile.am
@@ -218,6 +218,7 @@ test_data = \
t/200_Dpkg_Shlibs/objdump.dbd-pg \
t/200_Dpkg_Shlibs/objdump.ls \
t/Dpkg_Source_Patch/c-style.patch \
+ t/Dpkg_Source_Patch/ghost-hunk.patch \
t/Dpkg_Source_Patch/index-+++.patch \
t/Dpkg_Source_Patch/index-alone.patch \
t/Dpkg_Source_Patch/index-inert.patch \
diff --git a/scripts/t/Dpkg_Source_Patch.t b/scripts/t/Dpkg_Source_Patch.t
index 2d067df..0236f3e 100644
--- a/scripts/t/Dpkg_Source_Patch.t
+++ b/scripts/t/Dpkg_Source_Patch.t
@@ -16,7 +16,7 @@
use strict;
use warnings;
-use Test::More tests => 8;
+use Test::More tests => 9;
use File::Path qw(make_path);
@@ -64,4 +64,7 @@ ok(-e "$tmpdir/index-inert-tree/inert-file",
test_patch_escape('partial', 'symlink', 'partial.patch',
'Patch cannot escape using partial +++ header');
+test_patch_escape('ghost-hunk', 'symlink', 'ghost-hunk.patch',
+ 'Patch cannot escape using a disabling hunk');
+
1;
diff --git a/scripts/t/Dpkg_Source_Patch/ghost-hunk.patch b/scripts/t/Dpkg_Source_Patch/ghost-hunk.patch
new file mode 100644
index 0000000..32c3efe
--- /dev/null
+++ b/scripts/t/Dpkg_Source_Patch/ghost-hunk.patch
@@ -0,0 +1,7 @@
+--- a/disable/partial-file
++++ b/disable/partial-file
+@@ -0,0 +1,1 @@disable
++++ b/symlink/hunk-file
+--- a/symlink/hunk-file
+@@ -0,0 +1,1 @@
++Escaped
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/reproducible/dpkg.git
More information about the Reproducible-commits
mailing list