X-Git-Url: https://review.fuel-infra.org/gitweb?a=blobdiff_plain;f=fedora-fix-CVE-2010-0396-00.patch;fp=fedora-fix-CVE-2010-0396-00.patch;h=6f9fc070b56d8f84b7a5fceea8b883133aef5278;hb=7873dbf84dcb4924fa288ea1a5756cf9962bdb65;hp=0000000000000000000000000000000000000000;hpb=e67ebab51c40c917c67af3cc22e50b8645ead389;p=packages%2Fcentos6%2Fdpkg.git

diff --git a/fedora-fix-CVE-2010-0396-00.patch b/fedora-fix-CVE-2010-0396-00.patch
new file mode 100644
index 0000000..6f9fc07
--- /dev/null
+++ b/fedora-fix-CVE-2010-0396-00.patch
@@ -0,0 +1,43 @@
+diff --git a/scripts/Dpkg/Source/Patch.pm b/scripts/Dpkg/Source/Patch.pm
+--- a/scripts/Dpkg/Source/Patch.pm
++++ b/scripts/Dpkg/Source/Patch.pm
+@@ -322,8 +322,9 @@ sub analyze {
+ 	    error(_g("expected ^--- in line %d of diff `%s'"), $., $diff);
+ 	}
+         $_ = strip_ts($_);
+-        if ($_ eq '/dev/null' or s{^(\./)?[^/]+/}{$destdir/}) {
++        if ($_ eq '/dev/null' or s{^[^/]+/}{$destdir/}) {
+             $fn = $_;
++	    error(_g("%s contains an insecure path: %s"), $diff, $_) if m{/\.\./};
+         }
+ 	if (/\.dpkg-orig$/) {
+ 	    error(_g("diff `%s' patches file with name ending .dpkg-orig"), $diff);
+@@ -336,8 +337,9 @@ sub analyze {
+ 	    error(_g("line after --- isn't as expected in diff `%s' (line %d)"), $diff, $.);
+ 	}
+         $_ = strip_ts($_);
+-        if ($_ eq '/dev/null' or s{^(\./)?[^/]+/}{$destdir/}) {
++        if ($_ eq '/dev/null' or s{^[^/]+/}{$destdir/}) {
+             $fn2 = $_;
++	    error(_g("%s contains an insecure path: %s"), $diff, $_) if m{/\.\./};
+         } else {
+             unless (defined $fn) {
+                 error(_g("none of the filenames in ---/+++ are relative in diff `%s' (line %d)"),
+@@ -363,6 +365,17 @@ sub analyze {
+ 	if ($dirname =~ s{/[^/]+$}{} && not -d $dirname) {
+ 	    $dirtocreate{$dirname} = 1;
+ 	}
++
++	# Sanity check, refuse to patch through a symlink
++	$dirname = $fn;
++	while (1) {
++	    if (-l $dirname) {
++		error(_g("diff %s modifies file %s through a symlink: %s"),
++		      $diff, $fn, $dirname);
++	    }
++	    last unless $dirname =~ s{/[^/]+$}{};
++	}
++
+ 	if (-e $fn and not -f _) {
+ 	    error(_g("diff `%s' patches something which is not a plain file"), $diff);
+ 	}