Package: apt-cacher
Version: 1.5.3
Severity: normal
Tags: patch
While importing over file system boundaries (no symlinking or
hardlinking option specified) the return value from rename()
isn't checked producing a headers/my.deb and private/my.deb.complete
without an existing packages/my.deb.
The attached patch solves this trying 'copy() or die; unlink()' if
rename() failed.
Andreas
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (900, 'testing'), (900, 'stable'), (600, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-2-k7
Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages apt-cacher depends on:
ii bzip2 1.0.2-11 high-quality block-sorting file co
ii libwww-perl 5.803-4 WWW client/server library for Perl
ii perl 5.8.7-9 Larry Wall's Practical Extraction
apt-cacher recommends no packages.
-- no debconf information
--- apt-cacher-import.pl~orig 2006-03-01 16:31:26.000000000 +0100
+++ apt-cacher-import.pl 2006-03-03 18:24:20.000000000 +0100
@@ -148,7 +148,11 @@
link($frompackagefile, "$target_dir/$packagefile") ||
copy($frompackagefile, "$target_dir/$packagefile") || die "Failed to copy
$frompackagefile";
}
else {
- rename($frompackagefile, "$target_dir/$packagefile");
+ rename($frompackagefile, "$target_dir/$packagefile") || do {
+ # renaming over file system boundaries may fail
+ copy($frompackagefile, "$target_dir/$packagefile") || die
"Failed to copy $frompackagefile";
+ unlink("$frompackagefile");
+ }
}
open(my $headfile, ">$header_dir/$packagefile");
