1 diff --git a/scripts/Dpkg/Source/Patch.pm b/scripts/Dpkg/Source/Patch.pm
2 --- a/scripts/Dpkg/Source/Patch.pm
3 +++ b/scripts/Dpkg/Source/Patch.pm
4 @@ -322,8 +322,9 @@ sub analyze {
5 error(_g("expected ^--- in line %d of diff `%s'"), $., $diff);
8 - if ($_ eq '/dev/null' or s{^(\./)?[^/]+/}{$destdir/}) {
9 + if ($_ eq '/dev/null' or s{^[^/]+/}{$destdir/}) {
11 + error(_g("%s contains an insecure path: %s"), $diff, $_) if m{/\.\./};
14 error(_g("diff `%s' patches file with name ending .dpkg-orig"), $diff);
15 @@ -336,8 +337,9 @@ sub analyze {
16 error(_g("line after --- isn't as expected in diff `%s' (line %d)"), $diff, $.);
19 - if ($_ eq '/dev/null' or s{^(\./)?[^/]+/}{$destdir/}) {
20 + if ($_ eq '/dev/null' or s{^[^/]+/}{$destdir/}) {
22 + error(_g("%s contains an insecure path: %s"), $diff, $_) if m{/\.\./};
24 unless (defined $fn) {
25 error(_g("none of the filenames in ---/+++ are relative in diff `%s' (line %d)"),
26 @@ -363,6 +365,17 @@ sub analyze {
27 if ($dirname =~ s{/[^/]+$}{} && not -d $dirname) {
28 $dirtocreate{$dirname} = 1;
31 + # Sanity check, refuse to patch through a symlink
35 + error(_g("diff %s modifies file %s through a symlink: %s"),
36 + $diff, $fn, $dirname);
38 + last unless $dirname =~ s{/[^/]+$}{};
41 if (-e $fn and not -f _) {
42 error(_g("diff `%s' patches something which is not a plain file"), $diff);