[Reproducible-commits] [dpkg] 05/10: scripts: Add test case for patch disabling hunks

Holger Levsen holger at layer-acht.org
Tue May 3 08:43:49 UTC 2016 

This is an automated email from the git hooks/post-receive script.

holger pushed a commit to annotated tag 1.16.15
in repository dpkg.

commit e70ab95082b8c9ec6c36cf79e9e381145135a007
Author: Guillem Jover <guillem at debian.org>
Date:   Thu May 22 00:47:05 2014 +0200

    scripts: Add test case for patch disabling hunks
    
    Cherry picked from commit bb2fe22738675a5a92d65aad03efcc73efd3a368.
    
    This does not pose any security issue, as the hunk parser is strict, and
    will reject a patch if it considers that the hunk marker is not present.
---
 debian/changelog                             | 1 +
 scripts/Makefile.am                          | 1 +
 scripts/t/Dpkg_Source_Patch.t                | 5 ++++-
 scripts/t/Dpkg_Source_Patch/ghost-hunk.patch | 7 +++++++
 4 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/debian/changelog b/debian/changelog
index 94e53ab..5bf135f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,7 @@ dpkg (1.16.15) UNRELEASED; urgency=low
   [ Guillem Jover ]
   * Test suite:
     - Add test cases for Dpkg::Source::Patch CVE-2014-0471 and CVE-2014-3127.
+    - Add test case for patch disabling hunks; not security sensitive.
   * Correctly parse patch headers in Dpkg::Source::Patch, to avoid directory
     traversal attempts from hostile source packages when unpacking them.
     Reported by Javier Serrano Polo <javier at jasp.net> as an unspecified
diff --git a/scripts/Makefile.am b/scripts/Makefile.am
index f10e095..16760d2 100644
--- a/scripts/Makefile.am
+++ b/scripts/Makefile.am
@@ -225,6 +225,7 @@ test_data = \
 	t/200_Dpkg_Shlibs/objdump.dbd-pg \
 	t/200_Dpkg_Shlibs/objdump.ls \
 	t/Dpkg_Source_Patch/c-style.patch \
+	t/Dpkg_Source_Patch/ghost-hunk.patch \
 	t/Dpkg_Source_Patch/index-+++.patch \
 	t/Dpkg_Source_Patch/index-alone.patch \
 	t/Dpkg_Source_Patch/index-inert.patch \
diff --git a/scripts/t/Dpkg_Source_Patch.t b/scripts/t/Dpkg_Source_Patch.t
index 2d067df..0236f3e 100644
--- a/scripts/t/Dpkg_Source_Patch.t
+++ b/scripts/t/Dpkg_Source_Patch.t
@@ -16,7 +16,7 @@
 use strict;
 use warnings;
 
-use Test::More tests => 8;
+use Test::More tests => 9;
 
 use File::Path qw(make_path);
 
@@ -64,4 +64,7 @@ ok(-e "$tmpdir/index-inert-tree/inert-file",
 test_patch_escape('partial', 'symlink', 'partial.patch',
                   'Patch cannot escape using partial +++ header');
 
+test_patch_escape('ghost-hunk', 'symlink', 'ghost-hunk.patch',
+                  'Patch cannot escape using a disabling hunk');
+
 1;
diff --git a/scripts/t/Dpkg_Source_Patch/ghost-hunk.patch b/scripts/t/Dpkg_Source_Patch/ghost-hunk.patch
new file mode 100644
index 0000000..32c3efe
--- /dev/null
+++ b/scripts/t/Dpkg_Source_Patch/ghost-hunk.patch
@@ -0,0 +1,7 @@
+--- a/disable/partial-file
++++ b/disable/partial-file
+@@ -0,0 +1,1 @@disable
++++ b/symlink/hunk-file
+--- a/symlink/hunk-file
+@@ -0,0 +1,1 @@
++Escaped

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/reproducible/dpkg.git

More information about the Reproducible-commits mailing list